CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    4,141
    Messages:
    7,260
    Likes Received:
    4,860
    Trophy Points:
    431
    I haven't taken a screenshot. But in CB r15 using real time priority I got 668 score after the update. BA and C2 gave 699(Spectre protection disabled in BIOS). Afterwards I disabled the OS spectre protection to get the score back to 698.
     
    c69k, hmscott and Robbo99999 like this.
  2. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,413
    Messages:
    5,823
    Likes Received:
    4,589
    Trophy Points:
    431
    Wow, this seems like more of a fundamental hit to basic CPU performance! Nearly 5% performance loss. CB15 hasn't really been the worst case in terms of degredation of CPU performance when it comes to Spectre, so I dread to think what performance metrics would be in sensitive areas. You used VMWare driver method of installing C6 microcode? (not available through Microsoft yet)
     
    Vasudev and hmscott like this.
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    4,141
    Messages:
    7,260
    Likes Received:
    4,860
    Trophy Points:
    431
    Try googling platomav github to get updated bin files for every CPU. https://github.com/platomav/CPUMicrocodes
    Daz from MDL patched the BIOS for me and gave me instructions how to do it using MMtool 5. He spent just 5 mins and the BIOS is flashed w/o issues.
     
    Vistar Shook, hmscott and Robbo99999 like this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,956
    Messages:
    17,502
    Likes Received:
    21,502
    Trophy Points:
    931
    Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless
    By Catalin Cimpanu, June 24, 2018
    https://www.bleepingcomputer.com/ne...meltdown-and-spectre-browser-patches-useless/

    "Upcoming additions to the WebAssembly standard may render useless some of the mitigations put up at the browser level against Meltdown and Spectre attacks, according to John Bergbom, a security researcher at Forcepoint.

    WebAssembly (WA or Wasm) is a new technology that shipped last year and is currently supported within all major browsers, such as Chrome, Edge, Firefox, and Safari.

    The technology is a compact binary language that a browser will convert into machine code and run it directly on the CPU.

    Browser makers created WebAssembly to improve the speed of delivery and performance of JavaScript code, but as a side effect, they also created a way for developers to port code from other high-level languages (such as C, C++, and others) into Wasm, and then run it inside a browser.

    All in all, the WebAssembly standard is viewed as a success in the web dev community, and there've been praises for it all around.

    WebAssembly is not immune to abuse
    But like all technologies, it also came with some unforeseen side effects and cases of abuse. For starters, the rise of in-browser cryptocurrency miners (cryptojacking scripts) can be traced precisely to the addition of WebAssembly inside major browsers, as all in-browser miners run on top of WebAssembly, and not pure JavaScript.

    Now, a Forcepoint researcher argues there could be another unintended side effect of WebAssembly for web users.

    "Once Wasm gets support for threads with shared memory (which is already on the Wasm roadmap), very accurate [JavaScript] timers can be created," Bergbom says, "that may render browser mitigations of certain CPU side channel attacks non-working."

    WebAssembly may bypass some browser mitigations
    In this statement, Bergbom is more accurately referring to "timing attacks," which are a class of side-channel attacks.

    Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms.

    The recently disclosed Meltdown and Spectre CPU vulnerabilities, along with their many variations [1,2, 3] are all timing attacks at their core.

    They rely on the attacker's ability to measure precise time intervals, a parameter needed to perform the side-channel attack and recover enough information from the encrypted blob of data to determine the rest.

    Browsers previously addressed this issue in January
    Back when Meltdown and Spectre came to light in January, researchers published proof of concept code that an attacker could have used to exploit these CPU vulnerabilities remotely, via the Internet, using JavaScript code that runs in the browser.

    This attack code utilized browsers' internal native functions for measuring time intervals, such as "SharedArrayBuffer" and "performance.now()."

    Browsers like Firefox and Chrome reacted by releasing updates that watered down the precision of these timer functions, rendering Meltdown and Spectre attacks, and other timing side-channel attacks, inefficient.

    But now, Bergbom says that once support for "threads" is added in WebAssembly, and this feature reaches modern browsers, those mitigations will be rendered useless, as an attacker has a new avenue for measuring precise time, via WebAssembly.

    "Like with many new technologies there are potential security issues which need to be considered," Bergbom said. "Collectively, these present new opportunities for malicious actors. Much as with JavaScript, the possibilities with Wasm are – if not quite endless – very broad."

    Preventing this from happening requires that browser vendors take the same approach once more by limiting WebAssembly's upcoming "threads" support to prevent attackers from crafting enough precise timers.

    A member of the WebAssembly team has told Bleeping Computer that they are aware of this issue and have put this feature on hold, for the time being, albeit no consensus has been reached on what to do next."
     
    Robbo99999 and Vasudev like this.
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,956
    Messages:
    17,502
    Likes Received:
    21,502
    Trophy Points:
    931
    Senate panel announces hearing on computer chip flaws
    BY MORGAN CHALFANT - 07/06/18 04:53 PM EDT
    http://thehill.com/policy/cybersecurity/395878-senate-panel-announces-hearing-on-computer-chip-flaws

    "The Senate Commerce, Science and Transportation Committee has scheduled a hearing later this month to examine two critical vulnerabilities affecting computer processing chips unveiled earlier this year.

    The committee announced Friday that it would assess the “lessons learned” from the Spectre and Meltdown chip vulnerabilities next Wednesday.
    The chip flaws, which provide an avenue for hackers to steal sensitive data from most modern computing devices, were revealed in January by security researchers who had spent months investigating them. They impact a wide array of modern computer processing chips, including those manufactured by Intel, AMD, Google and Microsoft.

    The vulnerabilities were revealed before companies could issue patches for the impacted systems, sending companies scrambling to offer fixes to prevent hackers from leveraging the vulnerabilities in attacks.

    Following the revelations, Commerce Committee leaders Sens. John Thune (R-S.D.) and Bill Nelson (D-Fla.) wrote to executives at Amazon, Apple, Intel and other tech companies inquiring about their efforts to patch the vulnerabilities and mitigate the threat.

    The hearing next week will examine “cybersecurity issues raised in response to the Spectre and Meltdown vulnerabilities, such as challenges with conducting complex coordinated vulnerability disclosure and supply chain cybersecurity, and how best to coordinate cybersecurity efforts going forward,” the committee said.

    Lawmakers have called on an official at the National Institute of Standards and Technology — a nonregulatory laboratory at the Commerce Department — to testify, as well as academic security experts. They will also hear from the chief marketing officer at ARM, a microprocessor supplier."

    The House Energy and Commerce gave CPU makers 6 months to prepare and respond:

    House Energy and Commerce demands answers on Spectre and Meltdown cyber flaws
    BY ALI BRELAND - 01/24/18 02:32 PM EST
    http://thehill.com/policy/technolog...demands-answers-on-spectre-and-meltdown-cyber
    House Energy and Commerce Committee leaders are demanding answers from major technology companies affected by the Spectre and Meltdown cybersecurity flaws that leave computer chips vulnerable to hackers.

    In a letter, lawmakers pressed the CEOs of Intel, Apple, Microsoft, Amazon, Google, AMD and ARM to explain the need for an "information embargo" agreement between the companies to keep information on the cybersecurity vulnerabilities from the public.

    “While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures,” the letter reads.

    The letter — signed by House Energy and Commerce Committee Chairman Greg Walden (R-Ore.), Subcommittee on Oversight and Investigations Chairman Gregg Harper (R-Miss.), Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-Ohio), and Subcommittee on Communications and Technology Chairman Marsha Blackman (R-Tenn.) -- is just the latest example of lawmakers' concern over the Spectre and Meltdown vulnerabilities.

    Rep. Jerry McNerney (D-Calif.) wrote his own letter to Intel, AMD and ARM earlier in January, probing the matter as well.

    Intel said that it's already begun to engage lawmakers on the chip vulnerabilities.

    "We appreciate the questions from the Energy and Commerce Committee and welcome the opportunity to continue our dialogue with Congress on these important issues," an Intel spokesperson said. "In addition to our recent meetings with legislative staff members, we have been discussing with the Committee an in-person briefing, and we look forward to that meeting."

    Researchers have called the flaws, which were revealed early this year, some of the worst computer processor vulnerabilities to date. The Department of Homeland Security and Intel have both said they’re not aware of anyone having successfully exploited the vulnerability yet.

    The companies kept Spectre and Meltdown under wraps after first discovering them over the summer in an attempt to create and issue software updates before hackers discovered and could exploit the vulnerabilities.

    The companies planned to make knowledge of the cybersecurity flaw public on Jan 9, but news of the vulnerabilities was leaked to the media.

    Chipmakers like AMD, Intel and ARM have since issued patches to mitigate the issue, however, some of the updates have led to hindered device performance.

    Experts believe that despite patches, the issue will only fully be resolved after the affected computer and phone hardware has been replaced.

    This story was updated at 4:11 p.m.

    US Senate Committee on Commerce, Science, & Transportation
    Press Release

    https://www.commerce.senate.gov/pub...eases?ID=37FE9996-35F2-4E36-A75D-ED3DC59F3B66
    July 6, 2018
    Committee to Hold Hearing to Examine Spectre and Meltdown Cybersecurity Lessons
    WASHINGTON – U.S. Sen. John Thune (R-S.D.), chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing entitled, “Complex Cybersecurity Vulnerabilities: Lessons Learned from Spectre and Meltdown,” at 10:00 a.m. on Wednesday, July 11, 2018. The hearing will review cybersecurity issues raised in response to the Spectre and Meltdown vulnerabilities, such as challenges with conducting complex coordinated vulnerability disclosure and supply chain cybersecurity, and how best to coordinate cybersecurity efforts going forward. This hearing follows a letter sent by Sens. John Thune (R-S.D.) and Bill Nelson (D-Fla.) to 12 organizations about the Spectre and Meltdown vulnerabilities and the steps taken to mitigate these vulnerabilities.

    Witnesses:
    • Ms. Donna Dodson, Chief Cybersecurity Advisor and Director of the National Cybersecurity Center of Excellence, National Institute of Standards and Technology, U.S. Department of Commerce
    • Dr. José-Marie Griffiths, President, Dakota State University
    • Ms. Joyce Kim, Chief Marketing Officer, ARM
    • Mr. Art Manion, Senior Vulnerability Analyst, Computer Emergency Readiness Team Coordination Center, Software Engineering Institute, Carnegie Mellon University
    • Mr. Sri Sridharan, Managing Director, Florida Center for Cybersecurity, University of South Florida
    Hearing Details:
    Wednesday, July 11, 2018
    10:00 a.m.
    Full Committee

    This hearing will take place in Russell Senate Office Building, Room 253. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.

    Permalink: https://www.commerce.senate.gov/pub...-examine-spectre-and-meltdown-vulnerabilities "

    JULY 11, 2018 10:00 AM
    COMPLEX CYBERSECURITY VULNERABILITIES: LESSONS LEARNED FROM SPECTRE AND MELTDOWN
     
    Last edited: Jul 9, 2018
    alexhawker, KY_BULLET and Vasudev like this.
  6. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    4,141
    Messages:
    7,260
    Likes Received:
    4,860
    Trophy Points:
    431
    They should give a verdict saying Intel to replace the CPUs just to mitigate the performance what was advertised.
    I don't think AMD are affected by it like Intel. Even ARM chips in phones are slow as hell once more exploits are found.
     
    Starlight5, KY_BULLET and hmscott like this.
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,956
    Messages:
    17,502
    Likes Received:
    21,502
    Trophy Points:
    931
    Time to get patching Ubuntu
    By Iain Thomson in San Francisco 7 Jul 2018 at 13:06
    https://www.theregister.co.uk/2018/07/07/security_roundup/

    "Canonical has issued a rash of new security patches for its Ubuntu GNU/Linux distribution – updates that should be installed as soon as possible.

    Not all of these fixes are alike. If you're running a system with an AMD processor, one patch removes an earlier update that was supposed to address the Spectre CPU vulnerability. That microcode-level mitigation left some AMD-powered systems unable to boot, and now has been given the boot from Ubuntu Linux computers.

    There's also a security update for Firefox packages, following critical fixes from Mozilla. Ubuntu's handling of PHP, Devscripts, and Archive Zip have also been given some secure code lovin'.

    Regarding the Firefox updates, the security fixes were publicly issued by the browser's maker Mozilla on June 25 and 26, however, are only now making their way to Ubuntu users. Other Linux flavors, such as Debian, pushed out the Firefox security update days earlier to users.

    We asked Canonical why the week-long hold up, and a spokesperson told us the Ubuntu team was "waiting for the point release from Mozilla before pushing out updates." The Firefox snap is kept "up to date so users can install that if they want to run the latest version."

    Still, the delay irritated some, it meant people were left running vulnerable software while miscreants potentially developed exploits for the disclosed bugs.

    Infosec consultant, Stephan Verbücheln, based in Switzerland, told us earlier this week before Ubuntu updated its Firefox packages: "Despite this version fixing several security issues with critical risk, Ubuntu has still not updated the version in their repositories. There is no reason to assume that Ubuntu staff was overwhelmed by a sudden Mozilla release."

    In any case, if you use Firefox, get the latest updates."

    Ubuntu security notices
    https://usn.ubuntu.com/
     
  8. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    4,141
    Messages:
    7,260
    Likes Received:
    4,860
    Trophy Points:
    431
    Updated one PC just today. I saw only FF,OpenCL ICD and GCC updates today. That microcode update was supplied like a month ago with new fixes. I used the same thing for Ucode vmware patch for AMD CPUs.
     
    Starlight5 and hmscott like this.
  9. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,956
    Messages:
    17,502
    Likes Received:
    21,502
    Trophy Points:
    931
    Intel Discloses New Spectre Flaws, Pays Researchers $100K
    A new set of Spectre speculative execution vulnerability variants have been publicly reported by researchers.
    By: Sean Michael Kerner | July 11, 2018

    "Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

    Intel publicly reported the initial round of Meltdown and Spectre CPU flaws on Jan. 3.

    Multiple additional variants have been reported in the months since, including two flaws on May 21 and a Lazy Restore Speculative execution risk disclosed on June 13.

    The Spectre flaws abuse the speculative execution feature in modern CPUs, which aims to accelerate performance by speculating what the next instruction will be.

    The new Spectre 1.1 and Spectre 1.2 variants have been given the CVE-2018-3693 identifier and are rated as being high impact, with a Common Vulnerability Scoring System (CVSS) score of 7.1.

    "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis," Intel warns in an advisory.

    The new CVE-2018-3693 issues were reported to Intel via the company's bug bounty program, which is hosted by managed bug bounty provider HackerOne. While full details are not currently publicly available on HackerOne's platform, the Intel bug bounty page indicates that Kiriansky (vik) was paid $100,000 for a bug report.

    Mitigations
    Intel has already released mitigations for most of the Spectre and Meltdown variants and has publicly stated that it is working on hardware improvements to help prevent future issues as well.

    "Along with other companies whose platforms are potentially impacted by these new methods, including AMD and ARM, Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software updates or developer guidance that can help protect systems from these methods," Intel stated in its advisory. "End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical."

    The importance of hardware-based innovation to help reduce the risk for Spectre attacks is something that Kiriansky and Waldspurger's report also highlights.

    "If we must rely on software mitigations that require developers to manually reason about the necessity of mitigations, we may face decades of speculative-execution attacks," the paper states.

    Although side-channel speculative attack vulnerabilities related to Meltdown and Spectre have been known since January, wide-scale attacks are not currently being reported. A recent report from SonicWall found that in the first half of 2018, there were no attacks that directly made use of Meltdown and Spectre vulnerabilities.

    Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist."

    Thanks for the heads up from this post by @Dr. AMK:
    http://forum.notebookreview.com/thr...nts-and-incidents.816109/page-3#post-10761784
     
    Last edited: Jul 12, 2018
    ajc9988 and Vasudev like this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,956
    Messages:
    17,502
    Likes Received:
    21,502
    Trophy Points:
    931
    Intel's Spectre V4 Performance Explored, Speculative Store Bypass
    Hardware Unboxed
    Published on Jul 14, 2018
     
    Robbo99999 and Vasudev like this.
Loading...

Share This Page