‘Kernel memory leaking’ Intel processor design flaw

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.

It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!

Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.

This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower! 

Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.

510 Comments

  1. Tomi Engdahl says:

    Computer science researchers at the University of Virginia School of Engineering and University of California, San Diego, jointly published a paper outlining new Spectre variants that they say affect “billions” of AMD and Intel PCs.

    Researchers find new CPU vulnerabilities and say fixes would kill performance
    By Paul Lilly 1 day ago
    https://www.pcgamer.com/researchers-find-new-cpu-vulnerabilities-and-say-fixes-would-kill-performance/?utm_source=facebook.com&utm_medium=social&utm_campaign=socialflow

    The new Spectre variants leave billions of PCs defenseless, researchers say.

    Update: In a statement provided to us, Intel refutes that the vulnerabilities outlined in the research paper are not addressed with existing patches and firmware updates.

    “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed,” Intel said.

    Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations
    https://software.intel.com/security-software-guidance/secure-coding/guidelines-mitigating-timing-side-channels-against-cryptographic-implementations

    The primary concern with side channels is the protection of secrets. Secrets are broadly defined as any data that should not be seen or known by other users, applications, or even other code modules. When using side channel methods, malicious actors most commonly seek API keys, user passwords, or cryptographic keys because these may allow malicious actors to decrypt or access other protected secrets.

    Reply
  2. Tomi Engdahl says:

    Researchers are claiming to have found a new type of Spectre attack that bypasses all existing protections, but that framing isn’t well supported.

    Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist
    https://www.extremetech.com/computing/322498-intel-researchers-debate-whether-new-spectre-type-vulnerabilities-exist?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    Over the past three days, reports of new Spectre-class attacks emerged that supposedly break all previous speculative execution patches and require performance-crippling mitigation techniques. There’s just one problem: Intel and the researchers fundamentally disagree as to whether a flaw exists at all.

    The research team from the University of Virginia has written a paper arguing that there are catastrophic flaws in the way AMD and Intel currently implement micro-op caches that allow them to leak data under certain circumstances. Both Zen 2 and Skylake-class architectures are said to be vulnerable; the paper does not reference any testing done on Ice Lake, Tiger Lake, Rocket Lake, or Zen 3 processors.

    Sounds pretty bad. The only problem is, Intel completely disagrees. The company’s official statement reads as follows:

    Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels, including the uop cache incidental channel. No new mitigations or guidance are needed.

    Intel has released a number of patches for various flaws related to the initial Spectre/Meltdown disclosure back in 2018. It has also released its own writeups, reports, and documentation. However one feels about the existence of these issues, Intel appears to have engaged with the process of fixing them in good faith.

    Over the past year, I’ve criticized several PR-driven security disclosures. In some cases, the histrionic tones of the press release and/or blog post have not matched the more measured claims in the paper itself. This is different. The research paper doesn’t catastrophize, but it presents the team’s findings as proof of an ongoing problem. According to Intel, that problem is addressed in existing guidance.

    Reply
  3. Tomi Engdahl says:

    Researchers find new CPU vulnerabilities and say fixes would kill performance
    By Paul Lilly 14 days ago
    The new Spectre variants leave billions of PCs defenseless, researchers say.
    https://www.pcgamer.com/researchers-find-new-cpu-vulnerabilities-and-say-fixes-would-kill-performance/?utm_source=facebook.com&utm_medium=social&utm_campaign=socialflow

    Reply
  4. Tomi Engdahl says:

    The Impact of Spectre and Meltdown on the Cloud
    https://thenewstack.io/impact-spectre-meltdown-cloud/

    This article will provide some basic framing for the issues. The focus here isn’t on the threats themselves, so much as what this new class of security vulnerability means, and how to start thinking about it as it pertains to your business, and your hosting environment in particular.

    Meltdown is pretty bad, but we understand it and there are mitigations in place. By changing the operating system, we can create more determinism in how things run, and make sure that the vulnerability doesn’t exit. However, no one is happy with the fact that the mitigations can have significant performance implications.

    ‘Spectre’ & ‘Meltdown’ – What Cloud Users Need to Know
    https://www.lightreading.com/enterprise-cloud/security-and-compliance/spectre-and-meltdown–andndash-what-cloud-users-need-to-know/a/d-id/739483

    For enterprise cloud users worried about Spectre and Meltdown, there’s good news and bad news. The good news is that cloud users don’t have any special vulnerabilities compared with their legacy and consumer counterparts.

    The bad news is that the cloud doesn’t provide any special protections either.

    And cloud applications face special challenges due to the nature of how they operate and are consumed.

    Spectre and Meltdown’s Critical Impact on Cloud Providers and Customers
    https://www.serverwatch.com/server-news/spectre-and-meltdowns-critical-impact-on-cloud-providers-and-customers/

    To put it bluntly, they are a huge deal for two key reasons. One is that the vulnerabilities could be exploited to steal sensitive data, and the other is because fixing the vulnerabilities will result in a reduction in the computing performance of the virtualized infrastructure that customers are paying for. Virtually Speaking

    To address the first of these, the cloud computing giants have been working on the infrastructure that powers Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure to make it secure.

    For Amazon’s part, it says that all instances across the Amazon EC2 fleet have now been fixed, although new microcode supplied by Intel for its processors is causing instance and application crashes on occasion. To prevent this, Amazon is disabling some of the microcode and waiting for more Intel updates.

    Google has also given an update on its Google Cloud Platform, stating that it has already been updated to prevent all known vulnerabilities. By using its VM Live Migration technology, Google was able to perform the updates with no forced maintenance windows or restarts.

    What about Microsoft? Earlier in January, the company announced that “the majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect.”

    What is Meltdown/Spectre?
    https://www.cloudflare.com/learning/security/threats/meltdown-spectre/

    Meltdown and Spectre are new processor vulnerabilities that affect most PCs and smartphones. There are patches available, but they affect processor performance.

    Spectre, Meltdown and the Cloud
    https://www.cloudwards.net/spectre-meltdown-and-the-cloud/

    A Feature, Not a Bug

    As it turns out, chips with this flaw have been turned out for close to 20 years now. Though the specifics are kept a bit vague and highly technical, most likely in an attempt to foil would-be hackers, what it boils down to is that the vulnerabilities lie in the design of the chips.

    How the Cloud Is Affected by Spectre and Meltdown

    With Meltdown affecting everything Intel going back decades as well as some ARM processors, and Spectre affecting, well, everything, the industry has gone in full overdrive putting together patches. At time of writing most computer systems have some kind of protections up (though not everyone is happy with the progress made).

    So far, personal systems as well as some business ones are protected, or at least enough while bigger fixes are thought up. The same goes for cloud systems, but there are some more serious worries there. This has to do with the fact that more users make systems more susceptible to attack anyway, especially if they’re in the cloud where, theoretically, anyone can access them.

    Another problem is that security risks in the cloud are a bigger deal than on a personal computer simply because servers have a lot more data run through them. Since most websites run on servers that host many other sites, a vulnerability in one is a vulnerability for all.

    A third problem is that, because cloud systems are out there and need to be accessed by many people simultaneously (like with VPS hosting), the slowdowns that the current patches bring are a big problem. One example was a recent report in which game company Epic Games blamed some very bad lag issues its players experienced on the Meltdown patch.

    The takeaway from all this is that cloud companies have an interesting few months or even years ahead of them as successive patches are rolled out.

    Meltdown and Spectre: Case Analysis and Remediation for AWS Cloud
    https://nutanix.medium.com/meltdown-and-spectre-case-analysis-and-remediation-for-aws-cloud-fc2c8510389b

    Why do you need to be worried?

    The vulnerability pretty much affects everyone and every computing device including laptops, desktops, tablets, smartphones and even cloud computing systems. The problem is magnified for cloud services such as Amazon’s Web Services, Microsoft Azure and Google’s Cloud Platform, due to the scale of their computing resources and the potential impact on performance of the fixes.

    Below are the links where customers can read more about updates on patches from the leading public cloud providers and operating systems:

    Security Advisory from AWS
    Security Advisory from Microsoft Azure
    Security Advisory from Google Cloud Platform (GCP)
    Security Advisory from Heroku
    Security Advisory from Ubuntu: To be announced
    Security Advisory from Redhat

    What should I do as an AWS Cloud user?

    Immediate action is to update all your servers with suggested patches and reboot them to avoid this vulnerability.

    5 steps to fix Meltdown and Spectre vulnerability in AWS environment

    Plan your update
    Backup your server data
    Install patch as advised
    Activate a Tech-QA team to verify if the servers are up and running gracefully as usual
    Look for any other updates on same

    The CPU catastrophe will hit hardest in the cloud
    Cloud platforms have patched fast — but the hardest work is yet to come
    https://www.theverge.com/2018/1/4/16850120/meltdown-spectre-vulnerability-cloud-aws-google-cpu

    The Spectre attack is much more powerful in the cloud

    Both Meltdown and Spectre deal with data leaking from one part of the computer to another, which makes them particularly dangerous when a single device is shared between users. With lots of commands running in parallel, the attacks found a way to extract data from the processor cache through a complex timing attack, sidestepping the usual privileges. Executed right, that could let a low-level process like a web plugin get access to passwords or other sensitive data held in a more secure part of your computer.

    On a personal computer, that attack would be most useful for privilege escalation: a hacker running low-level malware could use a Spectre bug to own your whole computer. But there are already lots of ways to take over a computer once you’ve got a foothold, and it’s not clear how much a new processor attack would change things.

    But privilege escalation is much scarier in the cloud, where the same server could be working for dozens of people at once. Platforms like Amazon Web Services and Google Cloud let online companies spread a single program across thousands of servers in data centers across the world, sharing hardware the same way you’d share an airplane or a subway car. Collective hardware isn’t a security problem because even when different users are on the same server, they’re in different software instances, with no way to jump from one instance to another. Spectre could change that, letting attackers steal data from anyone sharing the same chip. If a hacker wanted to perform that kind of attack, all they’d have to do is start their own instance and run the program.

    Cloud services are also a lucrative target for anyone hoping to cash in on Spectre. Lots of midsize businesses run their entire infrastructure on AWS or Google Cloud, often trusting the platform with sensitive and potentially lucrative information.

    So far, cloud platforms are taking the threat seriously, and doing everything they can to contain it. Amazon Web Services, Google Cloud, and Microsoft Azure all immediately deployed patches against the Meltdown attack, and there’s no indication that the available exploits could work against any of those platforms. Where there have been lingering vulnerabilities, it’s because companies are waiting on patches from third parties, like the Windows-based instances of Amazon EC2. The major platforms have handled the immediate response well, and there’s no reason to think we’re headed toward a cloud catastrophe in the days immediately to come.

    What to do about Meltdown and Spectre in the Cloud: AWS, Azure and GCP
    https://www.capside.com/labs/meltdown-and-spectre-in-the-cloud/

    A design flaw present in most modern processors (including Intel, AMD and ARM) enables potential attackers to read areas of system memory that should have been inaccessible. Surely you have already heard and read plenty about Meltdown and Spectre, maybe even updated your computer just in case. But what about your Cloud infrastructure? Do you have to worry about Meltdown and Spectre in the Cloud?

    If you have your critical platform in one of the leading Cloud providers (Amazon Web Services, Google Cloud Platform, Microsoft Azure), you might care about how to fix these vulnerabilities and how to ensure the performance of your platform. So do we. So here’s a brief clarification on how are we helping our clients ensuring their infrastructure.

    Meltdown and Spectre in the Cloud

    In environments where resources are shared among many clients, like public Clouds, this meant that guests could drill down into the underlying host’s physical memory, obtaining data from other clients.

    This was initially managed following an industry best practice of responsible disclosure in which a vulnerability is publicly disclosed only after a period of time that allows for the vulnerability to be patched. Major operating systems, hardware and Cloud vendors signed an NDA and agreed upon a public disclosure date, January 9th.

    Cloud vendors including Amazon Web Services, Google Cloud Platform and Microsoft Azure scheduled maintenances across their infrastructures and urged their clients to reboot certain resources. Unfortunately, the early and unexpected full disclosure of this issue moved them to speed up this process. In order to safeguard their clients’ security some pending actions had to be forced, causing some disruption.

    There are two attack vectors:

    infrastructure-based attacks originated in other guests of the same host
    intra-guest attacks originated in software running in the guest instance

    The first attack vector (infrastructure-based) was eliminated once the major public Cloud vendors patched their platform.

    The solutions

    Removing the second attack vector (intra-guest) will require Cloud clients to apply operating system and firmware updates, whenever they are released, which will require restarting a significant number of instances.

    The fixes will involve outstanding changes to the kernel memory management and may take a toll on CPU performance, probably between 5 % and 30 %, as the latest figures show. This slowdown varies depending on factors like the rate of system calls.

    Information for Google Cloud Customers on CPU Vulnerabilities
    https://cloud.google.com/security/cpu-vulnerabilities

    In 2017, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance. Independent researchers separately discovered and named these vulnerabilities “Spectre” and “Meltdown.”

    Reply
  5. Tomi Engdahl says:

    Spectre exploits in the “wild”
    https://dustri.org/b/spectre-exploits-in-the-wild.html

    Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn’t look at.) on VirusTotal last month, so here is my quick Sunday afternoon lazy analysis.

    The binary has its -h option stripped, likely behind a #define to avoid detection, but some of its parameters are obvious, like specifying what file to leak, or the kernel base address. The authors didn’t check (or care) that the logging function hasn’t been entirely optimized out, leaving a bunch of strings helping in the reversing process.

    The exploit works in four stages:

    Find the superblock,
    Find the inode of the file to dump
    Find the corresponding page address
    Dumps the content of the file.

    https://www.virustotal.com/gui/file/6461d0988c835e91eb534757a9fa3ab35afe010bec7d5406d4dfb30ea767a62c/detection

    Reply
  6. Tomi Engdahl says:

    Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique https://thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html
    A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.

    Reply
  7. Tomi Engdahl says:

    AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel
    By Aaron Klotz 3 days ago
    AMD SME was causing boot failures on some devices
    https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux

    Reply
  8. Tomi Engdahl says:

    AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel
    AMD SME was causing boot failures on some devices
    https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux

    According to a report from Phoronix, the Linux 5.15 kernel is receiving a new fix that involves disabling AMD’s Secure Memory Encryption, or SME. This feature is normally enabled by default, but due to unexpected boot failures on some AMD machines, SME will now be disabled by default. Devs will update the Linux 5.15 kernel first, but the change will also move to prior kernels.

    AMD Secure Memory Encryption is a feature exposed to AMD’s EPYC and Ryzen Pro processors that allows the CPUs to encrypt the memory at a hardware level. AMD says the feature offers no significant impact on system performance and works with any OS and application because it’s hardware-accelerated and doesn’t rely upon software.

    Despite the benefits, the feature has caused bugs to appear in the Linux drivers with the interaction with the IOMMU and graphics drivers, causing Linux machines to fail at startup. Impacted systems also aren’t recognizing the encrypted RAM, particularly because some devices don’t have the correct Direct Memory Acces API or firmware to support the SMU.

    Linux To No Longer Enable AMD SME Usage By Default Due To Problems With Some Hardware
    https://www.phoronix.com/scan.php?page=news_item&px=Linux-SME-No-Default-Use

    AMD –
    Being sent in as a fix for the Linux 5.15 kernel this morning and to be back-ported to existing stable series is a behavior change that the Linux kernel will no longer use AMD Secure Memory Encryption (SME) by default on supported hardware but rather making it now opt-in due to shortcomings of some platforms.

    Since the introduction of AMD SME support to the Linux kernel, Secure Memory Encryption has been activated by default when the SME support (AMD_MEM_ENCRYPT) is built into the kernel. That defaulting of “AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT” allowed for Secure Memory Encryption to be used out-of-the-box without needing to specify any extra kernel parameters or the like. Unfortunately, that’s led to boot failures on some platforms particularly around IOMMU along with other headaches to work out as well, like some graphics driver issues with not expecting the memory to be encrypted.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*