‘Kernel memory leaking’ Intel processor design flaw

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.

It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!

Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.

This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower! 

Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.

329 Comments

  1. Tomi Engdahl says:

    Lucian Armasu / Tom’s Hardware:
    Intel revises roadmap for Spectre patches, now does not plan to patch some older chips including Yorkfield (2007), Bloomfield (2008), Intel Atom “SoFIA” (2015) — Updated, 4/4/2018, 7:00am PT: Added Intel’s statement. — Intel hinted in a previous microcode update guidance …

    Intel Will No Longer Issue Spectre Patch For Some Older Chips (Updated)
    http://www.tomshardware.com/news/intel-spectre-patch-older-chips,36815.html

    Old Chips Forgotten

    Intel announced that Penryn (launched in 2007), Yorkfield (2007), Wolfdale (2007), Bloomfield (2008), Clarksfield (2009), Nehalem-based Jasper Forest (2010), and Intel Atom “SoFIA” (2015) will no longer receive the Spectre patches, as originally promised.

    But What’s The Real Reason?

    It’s no secret that patching Spectre variant 2 wasn’t easy, as we’ve seen both Intel and Microsoft first bungle and then disable patches for this flaw. However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago. That’s likely what Intel means by “limited commercially available system software support.”

    Even though Intel develops the microcode update for its own processors, the update can be delivered only through a BIOS or OS update. If neither motherboard manufacturers nor Microsoft are willing to deliver the patches, then there’s not much point for Intel to develop them.

    Reply
  2. Tomi Engdahl says:

    AMD, Microsoft Release Spectre Patches
    https://www.securityweek.com/amd-microsoft-release-spectre-patches

    AMD and Microsoft on Tuesday released microcode and operating system updates that should protect users against Spectre attacks.

    When the existence of the Spectre and Meltdown vulnerabilities was brought to light, AMD downplayed their impact on its processors, but the company did promise to release microcode updates and add protections against these types of attacks to its future CPUs.

    Meltdown attacks rely on a vulnerability identified as CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). In the case of AMD, the company’s processors are not affected by Meltdown thanks to their design, and Spectre Variant 1 can be addressed with software patches – just like in the case of Intel processors.

    Mitigating Spectre Variant 2 attacks requires a combination of microcode and operating system updates, which AMD and Microsoft released on Tuesday.

    “While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk,” said Mark Papermaster, senior vice president and chief technology officer at AMD.

    Windows 10 updates released by Microsoft on Tuesday include Spectre Variant 2 mitigations for AMD devices. The patches are also expected to become available for Windows Server 2016 after they are validated and tested.

    Microsoft started releasing Spectre patches for devices with AMD processors shortly after the CPU vulnerabilities were disclosed in early January. However, the company was forced to temporarily suspend the updates due to instability issues.

    Reply
  3. Tomi Engdahl says:

    Detecting Spectre vulnerability exploits with static analysis
    https://www.synopsys.com/blogs/software-security/detecting-spectre-vulnerability-exploits-with-static-analysis/?cmp=em-sig-eloqua&utm_medium=email&utm_source=eloqua&elq_mid=550&elq_cid=166673

    In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are vulnerable to the Spectre attack. We examined what kinds of code Spectre can exploit and how static analysis can help detect them. In this article, we’ll discuss some real-world examples we found and share techniques for mitigating the effects of Spectre.

    First, let’s take a brief look at a couple of concepts necessary to understand the Spectre vulnerability. Readers familiar with the details of the Spectre vulnerability (branch prediction, speculative execution, and cache timing attacks) can skip to the “Using static analysis” section

    Reply
  4. Tomi Engdahl says:

    Microsoft Releases More Microcode Patches for Spectre Flaw
    https://www.securityweek.com/microsoft-releases-more-microcode-patches-spectre-flaw

    Microsoft this week released another round of software and microcode updates designed to address the CPU vulnerability known as Spectre Variant 2.

    Microsoft has been releasing software mitigations for the Spectre and Meltdown vulnerabilities since January, shortly after researchers disclosed the flaws.

    A new standalone security update (4078407) enables by default the mitigations against Spectre Variant 2 in all supported versions of Windows 10 and Windows Server 2016. Alternatively, advanced users can manually enable these mitigations through registry settings.

    Last month, Microsoft released out-of-band updates for Windows 7 and Windows Server 2008 R2 to address a serious privilege escalation vulnerability introduced by the Meltdown mitigations.

    Reply
  5. Tomi Engdahl says:

    All Chrome OS Devices Now Protected Against Meltdown
    https://www.securityweek.com/all-chrome-os-devices-now-protected-against-meltdown

    The latest version of Chrome OS now keeps all devices protected from Meltdown, Google says.

    Available as Chrome OS 66.0.3359.137 (Platform version: 10452.74.0), the new Chrome OS release includes additional patches for the critical processor vulnerability, in addition to various new features and bug fixes.

    The Meltdown attack was disclosed in the beginning of 2018 alongside another critical CPU bug, Spectre. The two attacks are possible because design flaws in Intel, AMD, ARM and other processors allow malicious programs to bypass memory isolation and access sensitive data.

    Google started rolling out Meltdown mitigations in mid-December – before the attacks became public knowledge –, pushing a kernel page-table isolation (KPTI/KAISER) patch to roughly 70 Intel-based Chromebook models from Acer, ASUS, Dell, HP, Lenovo, Samsung and others.

    Last month, the company released Chrome OS 65 to make the KPTI mitigation against Meltdown available for additional Intel devices with version 3.14 of the kernel.

    Reply
  6. Tomi Engdahl says:

    Cache Speculation Side-Channels
    https://semiengineering.com/cache-speculation-side-channels/

    A look at the susceptibility of Arm implementations based upon new attack mechanisms.

    Reply
  7. Tomi Engdahl says:

    Tech Talk: HW Security
    https://semiengineering.com/tech-talk-hw-security/

    How to minimize the risk of hardware attacks in the shadow of Meltdown and Spectre.

    Rambus’ Ben Levine explains how to minimize the risk of attacks on chip hardware, why design for security is becoming more critical for connected devices, and strategies for making devices less vulnerable.

    Reply
  8. Tomi Engdahl says:

    Meltdown Patch in Windows 10 Can Be Bypassed
    https://www.securityweek.com/meltdown-patch-windows-10-can-be-bypassed

    A researcher has discovered that a mitigation implemented by Microsoft in Windows 10 for the Meltdown vulnerability can be bypassed. The tech giant says it’s working on an update.

    According to Windows internals expert Alex Ionescu, a Meltdown mitigation in Windows 10 has what he describes as “a fatal flaw.”

    “Calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation,”

    Reply
  9. Tomi Engdahl says:

    Intel Working on Patches for 8 New Spectre-Like Flaws: Report
    https://www.securityweek.com/intel-working-patches-8-new-spectre-flaws-report

    Researchers have discovered a total of eight new Spectre-like vulnerabilities, including flaws that may be more serious and easier to exploit, according to German magazine c’t.

    The flaws were reportedly identified by several research teams, including Google Project Zero, whose employees were among those who initially discovered the Meltdown and Spectre attack methods. C’t, which is owned by Heise, claims it has obtained the information exclusively and confirms the existence of the vulnerabilities and their severity.

    The new vulnerabilities, dubbed “Spectre Next Generation” or “Spectre-NG,” are said to affect processors from Intel and at least some ARM chips. AMD processors are currently being analyzed to determine if they are impacted as well.

    Intel has confirmed that it’s working on patching some vulnerabilities, but it has not provided any details. C’t reports that Intel will release updates in two waves – the first expected in May and the second in August.

    There are currently two main versions of the Spectre vulnerability: variant 1 and variant 2. Variant 1 attacks can be mitigated using software updates, but variant 2 requires microcode updates as well. C’t says Microsoft is also working on mitigations, which indicates that the Spectre-NG flaws require both software and firmware updates.

    “As a point of reference, Spectre v1/v2 were quite difficult to use for the purposes of VM-escape within cloud environments. The details that are available for ‘Spectre-NG’ hint that it’s incredibly easy to use, but we won’t know for sure until we can see what the actual problems are,” Dods added.

    Exclusive: Spectre-NG – Multiple new Intel CPU flaws revealed, several serious
    https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

    New flaws and even more patches – “Spectre Next Generation” is just around the corner. According to information exclusively available to c’t, researchers have already found eight new security holes in Intel processors.

    The vulnerabilities known as Spectre and Meltdown shook the IT world to its foundations: researchers proved that there is a fundamental design flaw in all modern processors with serious repercussions for system security (see c’t issue 3/2018). After several patches were released, it seemed everything would be fine after all, although some experts warned that more revelations could follow. But the hope remained that the manufacturers could solve the problem with a few security updates.

    c’t has exclusive information on Spectre-NG, which we have been able to verify in several ways – we double and triple checked all the facts. Nonetheless, we will not publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public. However, we will use our information to report about future releases of patches and provide background information.

    Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.

    More dangerous than Spectre

    Intel itself classifies four of the Spectre-NG vulnerabilities as “high risk”; the remaining four are rated as “medium”. According to our own research, risks and attack scenarios at Spectre-NG are similar to those at Spectre – with one exception.

    One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example.

    Reply
  10. Tomi Engdahl says:

    ‘Next generation’ flaws found on computer processors: magazine
    https://www.reuters.com/article/us-cyber-intel/next-generation-flaws-found-on-computer-processors-magazine-idUSKBN1I42BZ

    Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday.

    The magazine, called c’t, said it was aware of Intel Corp’s plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan’s Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable.

    Reply
  11. Tomi Engdahl says:

    Intel Working on Patches for 8 New Spectre-Like Flaws: Report
    https://www.securityweek.com/intel-working-patches-8-new-spectre-flaws-report

    Researchers have discovered a total of eight new Spectre-like vulnerabilities, including flaws that may be more serious and easier to exploit, according to German magazine c’t.

    The flaws were reportedly identified by several research teams, including Google Project Zero, whose employees were among those who initially discovered the Meltdown and Spectre attack methods. C’t, which is owned by Heise, claims it has obtained the information exclusively and confirms the existence of the vulnerabilities and their severity.

    The new vulnerabilities, dubbed “Spectre Next Generation” or “Spectre-NG,” are said to affect processors from Intel and at least some ARM chips. AMD processors are currently being analyzed to determine if they are impacted as well.

    Reply
  12. Tomi Engdahl says:

    8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs
    Friday, May 04, 2018 Mohit Kumar
    https://thehackernews.com/2018/05/intel-spectre-vulnerability.html

    Intel’s Response to Spectre-NG Flaws

    Nevermind. When asked Intel about the new findings, the chip maker giant provides the following statement, which neither confirms nor denies the existence of the Spectre-NG vulnerabilities:

    “Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chip makers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers.”

    “We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

    Meanwhile, when asked Heise about the Common Vulnerabilities and Exposures (CVE) numbers reserved for the new Spectre-NG vulnerabilities, the journalist refused to share any details and commented:

    “The CVEs are currently only naked numbers without added value. On the other hand, their publication might have meant a further risk to our sources that we wanted to avoid. That’s why we decided against it at the moment. We will submit the course, of course.”

    Reply
  13. Tomi Engdahl says:

    Google Releases Additional Meltdown Mitigations for Android
    https://www.securityweek.com/google-releases-additional-meltdown-mitigations-android

    As part of its May 2018 Android Security Bulletin, Google this week released additional mitigations for the Meltdown attack that impacts microprocessors from Intel, AMD, and other vendors.

    The attack leverages CVE-2017-5754, a security vulnerability that allows applications to bypass memory isolation and read arbitrary kernel memory locations. Meltdown was made public in January 2018 alongside Spectre, an attack residing in speculative execution (leveraging CVE-2017-5753 and CVE-2017-5715).

    In January, Google released protections for both Meltdown and Spectre attacks, and this month delivered additional mitigations as part of the 2018-05-05 security patch level. Impacting Kernel components, the issue was addressed along with CVE-2017-16643, an information disclosure in USB driver.

    “The most severe vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications,” Google notes in an advisory.

    The May 2018 Android Security Bulletin is split into two parts, the first being the 2018-05-01 security patch level, which addresses 7 High severity vulnerabilities in Android runtime, Framework, Media framework, and System.

    The bugs include Information Disclosure, Elevation of Privilege, and Denial of Service and impact Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1 releases.

    Reply
  14. Tomi Engdahl says:

    Designing Hardware For Security
    https://semiengineering.com/designing-hardware-for-security/

    Most attacks in the past focused gaining access to software, but Meltdown and Spectre have changed that forever.

    Reply
  15. Tomi Engdahl says:

    Vulnerability Note VU#631579
    Hardware debug exception documentation may result in unexpected behavior
    https://www.kb.cert.org/vuls/id/631579

    In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS.

    Reply
  16. Tomi Engdahl says:

    Microsoft, Google: We’ve found a fourth data-leaking Meltdown-Spectre CPU hole
    Design blunder exists in Intel, AMD, Arm, Power processors
    https://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

    A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers.

    These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer

    Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 (CVE-2018-3639) was disclosed by Microsoft and Google researchers.

    It affects modern out-of-order execution processor cores from Intel, AMD, and Arm, as well as IBM’s Power 8, Power 9, and System z CPUs. Bear in mind, Arm cores are used the world over in smartphones, tablets, and embedded electronics.

    The fourth variant can be potentially exploited by script files running within a program – such as JavaScript on a webpage in a browser tab

    According to Intel, mitigations already released to the public for variant 1, which is the hardest vulnerability to tackle, should make attacks leveraging variant 4 much more difficult.

    So far, no known exploit code is circulating in the wild targeting the fourth variant.

    Another bug, CVE-2018-3640, was also disclosed: this is a rogue system register read, allowing normal programs to peek at hardware status flags and the like in registers that should only really be accessible by the operating system kernel, drivers, and hypervisors.

    Variant 4 is referred to as a speculative store bypass. It is yet another “wait, why didn’t I think of that?” design oversight in modern out-of-order-execution engineering.

    The name Spectre was chosen deliberately: it is like observing a ghost in the machine. Private data can be discerned by watching the cache being updated by the processor’s speculative execution engine. This speculation is crucial to running chips as fast as possible

    Intel, Arm, et al response

    “Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” said Leslie Culbertson, Intel’s executive veep of product security.

    “Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today.”

    According to Culbertson, Intel and others will issue new microcode and software tweaks to more fully counter malware exploiting the fourth variant.

    “We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.

    “This mitigation will be set to off-by-default, providing customers the choice of whether to enable it or not. We expect most industry software partners will likewise use the default-off option.

    If enabled, we’ve observed a performance impact of approximately 2-8 per cent

    Arm will make available to system-on-chip designers updated blueprints for Cortex-A72, Cortex-A73, and Cortex-A75 cores that are resistant to Spectre variant 2, and the Cortex-A75 will be updated to resist Meltdown, aka variant 3.

    Red Hat today published a substantial guide to the fourth variant, its impact, and how it works. VMware also has an advisory and updates, here,

    We note that, so far, no malware has been seen attacking any of the Spectre and Meltdown holes in today’s chips, let alone this latest variant

    Speculative Store Buffer Bypass in 3 minutes
    https://www.youtube.com/watch?v=Uv6lDgcUAC0

    Speculative Store Buffer Bypass is a security vulnerability that allows unauthorized users to steal sensitive information through websites. Similar to the Spectre and Meltdown threats in early 2018, it exploits speculative execution–a process most computers use to speed up routine tasks

    Reply
  17. Tomi Engdahl says:

    Red Hat today published a substantial guide to the fourth variant, its impact, and how it works.
    https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works
    VMware also has an advisory and updates, here,
    https://blogs.vmware.com/security/2018/05/vmsa-2018-0012.html#

    Reply
  18. Tomi Engdahl says:

    Tech Firms Coordinate Disclosure of New Meltdown, Spectre Flaws
    https://www.securityweek.com/tech-firms-coordinate-disclosure-new-meltdown-spectre-flaws

    Intel, AMD, ARM, IBM, Microsoft and other major tech companies on Monday released updates, mitigations and advisories for two new variants of the speculative execution attack methods known as Meltdown and Spectre.

    In January, researchers from several organizations warned that processors from Intel, AMD, ARM and other companies are affected by vulnerabilities that allow malicious applications to bypass memory isolation mechanisms and gain access to sensitive data.

    Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2), while Meltdown attacks are possible due to CVE-2017-5754 (Variant 3). Researchers at Google Project Zero and Microsoft recently identified a new method which they have dubbed Variant 4.

    Variant 4 relies on a side-channel vulnerability known as Speculative Store Bypass (SSB) and it has been assigned the identifier CVE-2018-3639. Companies have also shared details on Variant 3a, a Rogue System Register Read issue tracked as CVE-2018-3640. Variant 3a was documented by ARM back in January, but it went largely unnoticed.New Meltdown and Spectre variants discovered

    A German magazine reported in early May that Intel and others had been working on patches for several new Spectre flaws dubbed “Spectre-NG.

    Microsoft is still analyzing its products, but so far it has not identified any code in its software or cloud service infrastructure that allows exploitation of Variant 4. The company says its previous Meltdown and Spectre mitigations should address this variant as well, and noted that “Microsoft Edge, Internet Explorer, and other major browsers have taken steps to increase the difficulty of successfully creating a side channel.”

    As for Variant 3a, Microsoft says “the mitigation for this vulnerability is exclusively through a microcode/firmware update, and there is no additional Microsoft Windows operating system update.”

    Intel has already developed microcode patches that should address both Variant 3a and Variant 4. Beta versions have been provided to OEMs and operating system vendors

    AMD claims it has not identified any products vulnerable to Variant 3a and any patches for Variant 4 should be expected from Microsoft and Linux distributions.

    The list of other organizations that published advisories and blog posts for Variant 3a and Variant 4 include Red Hat, VMware, Oracle, Cisco, Xen, Ubuntu, Suse, CERT CC and US-CERT.

    Reply
  19. Tomi Engdahl says:

    Germany calls on chip and hardware makers to tackle processor flaws
    https://www.reuters.com/article/us-cyber-germany/germany-calls-on-chip-and-hardware-makers-to-tackle-processor-flaws-idUSKCN1IJ2H3

    Germany’s federal cyber agency called on chip and hardware-makers to address new vulnerabilities discovered in computer central processing units, but said no complete fix was possible at the moment.

    The BSI agency said its analysis showed the new flaws, dubbed Spectre-Next Generation, resembled the Meltdown and Spectre bugs discovered in January and could allow attackers to access personal data such as passwords and encryption keys.

    While no new attacks were known outside laboratories, there was a risk that attackers could develop new methods based on detailed information that had been disclosed, it added.

    Reply
  20. Tomi Engdahl says:

    Microsoft, Google find fresh flaw in chips, but risk is low
    https://www.reuters.com/article/us-cyber-chips/microsoft-google-find-fresh-flaw-in-chips-but-risk-is-low-idUSKCN1IM2IV

    The newest chip problem, known as Speculative Store Bypass or “Variant 4” because it’s in the same family as the original group of flaws, was disclosed by security researchers at Microsoft Corp (MSFT.O) and Alphabet Inc’s (GOOGL.O) Google on Monday. Though the flaw affects many chips from Intel Corp(INTC.O), Advanced Micro Devices Inc (AMD.O) and Softbank Group’s (9984.T) ARM Holdings, researchers described the risks as low, partly because of web browser patches already issued earlier this year to address Spectre.

    Reply
  21. Tomi Engdahl says:

    Microsoft, Google: We’ve found a fourth data-leaking Meltdown-Spectre CPU hole
    Design blunder exists in Intel, AMD, Arm, Power processors
    https://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

    A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers.

    These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances.

    Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 (CVE-2018-3639) was disclosed by Microsoft and Google researchers.

    Reply
  22. Tomi Engdahl says:

    Google has been using the Strict Site Isolation feature to mitigate the effects of the Meltdown and Spectre flaws. With new Meltdown and Spectre variations revealed last week, the feature is more than welcomed, even if it wasn’t originally developed to deal with CPU bugs.

    https://www.bleepingcomputer.com/news/software/google-chrome-67-released-for-windows-mac-and-linux/

    Reply
  23. Tomi Engdahl says:

    Meltdown-Like ‘LazyFP’ Vulnerability Impacts Intel CPUs
    https://www.securityweek.com/meltdown-lazyfp-vulnerability-impacts-intel-cpus

    Intel and software vendors have started informing users about a new vulnerability involving side channel speculative execution that could be exploited by malicious actors to obtain sensitive information from the targeted system.

    Dubbed LazyFP, the security hole is related to the floating point unit (FPU), also known as the math coprocessor. The FPU is used by the operating system when switching between processes – it saves the state of the current process and restores the state of the new process.

    The vulnerability, tracked as CVE-2018-3665, is similar to Meltdown, specifically Variant 3a, but the issue has been assigned only a “medium” severity rating.

    Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology and Zdenek Sojka from SYSGO AG have been credited for finding the vulnerability. Colin Percival has also been credited, but the researcher says he only wrote an exploit for the flaw.

    Cyberus has published a blog post for the LazyFP vulnerability, but it has withheld some details at Intel’s request.

    Intel LazyFP vulnerability: Exploiting lazy FPU state switching
    https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html

    Reply
  24. Tomi Engdahl says:

    New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel
    CPUs
    https://thehackernews.com/2018/06/intel-processor-vulnerability.html
    Hell Yeah! Another security vulnerability has been discovered in Intel
    chips that affects the processor’s speculative execution
    technologylike Specter and Meltdownand could potentially be exploited
    to access sensitive information, including encryption related data.
    - All microprocessors starting with Sandy Bridge are affected by this designing blunder
    - the flaw can be fixed by pushing patches for various operating systems without requiring new CPU microcodes from Intel.
    - According to Intel, since the flaw is similar to Spectre Variant 3A (Rogue System Register Read), many operating systems and hypervisor software have already addressed it.
    - Microsoft has also published a security advisory, offering guidance for the Lazy FP State Restore vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016
    - Lazy restore is enabled by default in Windows and cannot be disabled; company is already working on security updates, but they will not be released until the next Patch Tuesday in July.

    Reply
  25. Tomi Engdahl says:

    Xen Project patches Intel’s Lazy FPU flaw
    https://www.theregister.co.uk/2018/06/15/xen_project_patches_intels_lazy_fpu_flaw/

    Guest register states are readable, but the patch cavalry has arrived

    Xen said the impact of the flow is as follows:

    An attacker can read x87/MMX/SSE/AVX/AVX-512 register state belonging to another vCPU previously scheduled on the same processor. This can be state belonging a different guest, or state belonging to a different thread inside the same guest.

    The Register’s virtualization desk has asked VMware if its hypervisors are also affected by Lazy FPU and will update this story if the company has something to say.

    VMware has, however, advised of some disruption to its VMware-on-AWS service

    Reply
  26. Tomi Engdahl says:

    Torvalds’ post on the new release lauds 4.18’s new features, among them support for AMD GPUs, fixes for Spectre V4 – aka Speculative Store Bypass – on Arm CPUs

    Source: https://www.theregister.co.uk/2018/06/18/linux_4_18_rc_1_removes_lustre_filesystem/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*