‘Kernel memory leaking’ Intel processor design flaw

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.

It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!

Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.

This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower! 

Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.

458 Comments

  1. Tomi Engdahl says:

    Zombieload v2 is the codename of a vulnerability that allows malware or a malicious threat actor to extract information processed inside a CPU, information to which they normally shouldn’t be able to access due to the security walls present inside modern-day CPUs

    Windows & Linux get options to disable Intel TSX to prevent Zombieload v2 attacks
    https://www.zdnet.com/article/windows-linux-get-options-to-disable-intel-tsx-to-prevent-zombieload-v2-attacks/

    Disclosure of new Zombieload v2 vulnerability prompts OS makers to react with ways to disable Intel’s TSX technology.

    Both Microsoft and the Linux kernel teams have added ways to disable support for Intel Transactional Synchronization Extensions (TSX).

    TSX is the Intel technology that opens the company’s CPUs to attacks via the Zombieload v2 vulnerability.

    https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/

    Reply
  2. Tomi Engdahl says:

    Intel Patches Plundervolt, High Severity Issues in Platform Update
    https://www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-

    platform-update/
    Intel addressed 14 security vulnerabilities during the December 2019
    Patch Tuesday, with seven of them being high and medium severity
    security flaws impacting multiple platforms including Windows and
    Linux. The security issues patched today were detailed in the 9
    security advisories published by Intel on its Product Security Center,
    with the company having delivered them to customers through the Intel
    Platform Update (IPU) process. The vulnerabilities disclosed today
    could allow authenticated or privileged users to potentially enable
    information disclosure, trigger denial of service states, escalate
    privileges, or execute malicious code at an elevated level of
    privilege via local access. Each advisory comes with a detailed list
    of all affected products as well as recommendations for vulnerable
    products, and also include contact details for users and researchers
    who would want to report other vulnerabilities found in Intel branded
    tech or products.
    Hackers Can Mess With Voltages to Steal Intel Chips’ Secrets
    https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/
    A new attack called Plundervolt gives attackers access to the
    sensitive data stored in a processor’s secure enclave. When thieves
    want to steal treasures surrounded by sensors and alarms, they
    sometimes resort to cutting the power, disrupting the flow of
    electricity to those expensive security systems. It turns out that
    hackers can pull off a similar trick: breaking the security mechanisms
    of Intel chips by messing with their power supply, and exposing their
    most sensitive secrets.
    But by momentarily undervolting a
    processor by 25 or 30 percent, and precisely timing that voltage
    change, an attacker can cause the chip to make errors in the midst of
    computations that use secret data. And those errors can reveal
    information as sensitive as a cryptographic key or biometric data
    stored in the SGX enclave. “Writing to memory takes power, ” says
    Flavio Garcia, a computer scientist at the University of Birmingham
    who, along with his colleagues, will present the Plundervolt research
    at IEEE Security and Privacy next year. “So for an instant, you reduce
    the CPU voltage to induce a computation fault.”. Read also:
    https://www.theregister.co.uk/2019/12/10/intel_sgx_youve_been_plunderstruck/

    Reply
  3. Tomi Engdahl says:

    Intel Is Patching Its ‘Zombieload’ CPU Security Flaw For the Third Time
    https://it.slashdot.org/story/20/01/27/2126231/intel-is-patching-its-zombieload-cpu-security-flaw-for-

    the-third-time?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+

    %28%28Title%29Slashdot+%28rdf%29%29
    For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the

    speculative functionality of its processors. On Monday, the company said it will issue a software update

    “in the coming weeks” that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws.

    This latest update comes after the company released two separate patches in May and November of last year.
    IPAS: INTEL-SA-00329
    https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upo7m1
    Intel is patching its Zombieload CPU security flaw for the third time
    Security researchers say the company needs to change its approach.
    https://www.engadget.com/2020/01/27/intel-third-mds-patch/
    For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the

    speculative functionality of its processors. On Monday, the company said it will issue a software update

    “in the coming weeks” that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws.

    This latest update comes after the company released two separate patches in May and November of last year.

    Reply
  4. Tomi Engdahl says:

    CacheOut
    Leaking Data on Intel CPUs via Cache Evictions
    https://cacheoutattack.com/
    Leaking Data on Intel CPU’s via Cache Evictions
    CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. Despite Intel’s attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.
    Moreover, unlike previous MDS issues, an attacker can exploit the CPU’s caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.
    Intel acknowledgedthe issue and has assignedCVE-2020-0549, referring to theissue as L1 Data Eviction Sampling (L1DES) with a CVSSscore of 6.5 (medium).

    Reply
  5. Tomi Engdahl says:

    More dangerous vulnerabilities in Intel CPUs
    https://www.pandasecurity.com/mediacenter/news/more-dangerous-vulnerabilities-intel-cpus/
    Intel has released information about two potentially dangerous flaws
    in the processor architecture of its CPUs. The chip manufacturer had
    already provided security updates for similar gaps in May and November
    2019. Although the new vulnerabilities seem to be less critical than
    the previous ones, side-channel attacks are still possible.
    https://www.pandasecurity.com/mediacenter/news/more-dangerous-vulnerabilities-intel-cpus/
    The chip manufacturer had already provided security updates for similar gaps in May and November 2019.
    The current vulnerability allows the exploit to selectively choose which data it wants to access. The

    attack—referred to by Intel as L1D Eviction Sampling (L1DES)—causes an exception: data loaded during a

    running process of a speculative execution is discarded due to a triggered error. The attackers have now

    modified their approach and can load the data to be read out into unused filling buffers.
    Until now, reducing the vulnerability has been associated with a severe performance degradation because,

    according to VUSec (Systems and Network Security Group at the Vrije University of Amsterdam), the

    processor’s L1D cache has to be completely emptied again at each context switch. This is mainly relevant

    for cloud operators, because attackers can read data beyond a virtual machine. With the help of the new

    microcode update, the flaws in the architecture can be corrected in the coming weeks.
    Affected CPUs
    it is mainly CPUs manufactured after 2015 that are affected: the weakness has existed in Intel processors

    since the Skylake generation (Core i-6000), as well as in the current desktop generation Coffee Lake

    Refresh (Core i-9000) and all Xeon SP CPUs (Skylake SP, Cascade Lake SP). Only Ice Lake is not affected.
    Sources: https://www.heise.de/security/meldung/Sicherheitsluecken-in-Intel-CPUs-Modifizierte-Angriffe-erfordern-BIOS-Updates-4647081.html

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*