CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,572
    Messages:
    19,897
    Likes Received:
    24,721
    Trophy Points:
    931
    Note that the newest vulnerability Intel microcode patches (listed first below) do not include the latest build of Windows 10 1809 or 1803, the latest Windows version Intel microcode patch for Zombieload is for Windows 10 1709. Previous vulnerabilities do have Intel microcode patches for 1809/1803 and 1803 only and are listed below in 2 groupings.

    Summary of Intel microcode updates
    https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

    [Zombieload]
    "Microsoft is making available Intel-validated microcode updates that are related to Microarchitectural Data Sampling (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).

    The following table lists specific Microsoft Knowledge Base articles by Windows version. The article contains links to the available Intel microcode updates by CPU.

    KB number and description Windows version Source
    KB4494452 Intel microcode updates Windows 10, version 1709, and Windows Server 2016, version 1709 Microsoft Update Catalog
    KB4494453 Intel microcode updates Windows 10, version 1703 Microsoft Update Catalog
    KB4494175 Intel microcode updates Windows 10, version 1607, and Windows Server 2016 Microsoft Update Catalog
    KB4494454 Intel microcode updates Windows 10 (RTM) Microsoft Update Catalog

    We will offer additional Intel-validated microcode updates for Windows as they become available to Microsoft, and update these articles accordingly.

    Customers should refer to information from Intel and their device manufacturer about the availability of applicable firmware security updates for the specific device, including the Intel Microcode Revision Guidance (April 2, 2018), Intel Microcode Revision Guidance (August 8, 2018), and Intel Microcode Revision Guidance (May 14, 2019)."

    "Microsoft is making available Intel-validated microcode updates that are related to Spectre Variant 3a (CVE-2018-3640: "Rogue System Register Read (RSRE)"), Spectre Variant 4 (CVE-2018-3639: "Speculative Store Bypass (SSB)"), and L1TF (CVE-2018-3620, CVE-2018-3646: "L1 Terminal Fault").

    The following table lists specific Microsoft Knowledge Base articles by Windows version. The article contains links to the available Intel microcode updates by CPU.

    KB number and description Windows version Source
    KB4465065 Intel microcode updates Windows 10, version 1809, Windows Server 2019 Microsoft Update Catalog
    KB4346084 Intel microcode updates Windows 10, version 1803, and Windows Server, version 1803 Microsoft Update Catalog
    KB4346085 Intel microcode updates Windows 10, version 1709, and Windows Server 2016, version 1709 Microsoft Update Catalog
    KB4346086 Intel microcode updates Windows 10, version 1703 Microsoft Update Catalog
    KB4346087 Intel microcode updates Windows 10, version 1607, and Windows Server 2016 Microsoft Update Catalog
    KB4346088 Intel microcode updates Windows 10 (RTM) Microsoft Update Catalog"

    "Microsoft is making available Intel-validated microcode updates that are related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”]).

    The following table lists specific Microsoft Knowledge Base articles by Windows version. The article contains links to the available Intel microcode updates by CPU:

    KB Number and Description Windows Version Source
    KB4100347 Intel Microcode Updates
    Windows 10, version 1803, and Windows Server, version 1803
    Windows Update, Windows Server Update Service, and Microsoft Update Catalog

    KB4090007 Intel Microcode Updates
    Windows 10, version 1709, and Windows Server 2016, version 1709
    Windows Update, Windows Server Update Service, and Microsoft Update Catalog

    KB4091663 Intel Microcode Updates
    Windows 10, version 1703
    Windows Update, Windows Server Update Service, and Microsoft Update Catalog

    KB4091664 Intel Microcode Updates
    Windows 10, version 1607, and Windows Server 2016
    Windows Update, Windows Server Update Service, and Microsoft Update Catalog

    KB4091666 Intel Microcode Updates
    Windows 10 (RTM)
    Windows Update, Windows Server Update Service, and Microsoft Update Catalog"

    Thanks to @Papusan for this notification for users of the Microsoft Insider program that may receive Intel Microcode for Zombieload for their supported CPU through the Insiders Program Windows Update, see below:
    Windows 10 Insider Preview for KB4497165: Intel microcode updates
    Applies to: Windows Server, version 1903 Windows 10, version 1903
    https://support.microsoft.com/en-us/help/4497165/kb4497165-intel-microcode-updates

    Summary
    Intel recently announced that it has completed software validations and has started to release new microcode for current CPU platforms in reaction to the following threats:
    • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
    • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)?
    • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
    • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
    This new release is provided to Window Insider program Slow, Fast, and Release Preview rings, and [see supported CPU list for your CPU] includes a microcode update from Intel for the following CPUs. [There is no direct download for your Windows 10 OS Insider release, if available it will be provided by Windows Update - Insider ring]

    Important - Install this update for the listed processors only.

    [The list of supported CPU's is extremely long, please go to the above URL to find out if your CPU is supported.]

    This update is a standalone update that is targeted at Windows 10, version 1903 and Windows Server 2019, version 1903. This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM).

    We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft. Use the registry settings as described in the Windows client and Windows Server KB articles. (By default, these registry settings are enabled for Windows client OS editions and Windows Server OS editions.)

    Consult with your device manufacturer and Intel through their websites regarding their microcode recommendation for your device before you apply this update to your device.

    How to obtain and install the update
    Microsoft Update Catalog
    To get the standalone package for this update, go to the Microsoft Update Catalog website. [Again, if your CPU is supported - see list - and a microcode patch exists from Intel it will be applied via Microsoft Insider Updates through Windows Update]
     
    Last edited: May 15, 2019
  2. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,740
    Messages:
    926
    Likes Received:
    434
    Trophy Points:
    76
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,572
    Messages:
    19,897
    Likes Received:
    24,721
    Trophy Points:
    931
    Lots of interesting details in that article, it's not in English, I used Google Translate (right click in Chrome Browser).

    VU discovers megaleak in Intel chips

    Leaky hardware thanks to a mistake, the VU uncovered a mega-leak in Intel chips. Intel pays the price for a fast but risky design.
    Marc Hijink, May 14, 2019
    https://www.nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208

    "The news in brief :
    • Researchers from the VU University Amsterdam have found an extensive data breach that is present in all Intel processors. These chips are in more than 80 percent of all computers and servers.
    • On Tuesday evening, Intel and VU announced the details of RIDL (Rogue In-Flight Data Load), a vulnerability that allows malicious parties to steal "almost all data" from computers. Unauthorized persons can view the data that the processor is currently processing.
    • The vulnerability is in all Intel processors of the last ten years - including the very latest. Hackers can exploit the vulnerability by hiding code in a web advertisement."
    ...
    RIDL, as the new vulnerability was baptized, came to light by chance. On Tuesday 11 September, Stephan van Schaik, Computer Science student at VU University Amsterdam, worked on his study assignment: investigating a leak in the Intel processor.
    ...
    Premium with aftertaste
    Although parts of the leak were found by several researchers from different universities and companies, the VU has discovered the majority. Amsterdam University is also the only party to receive a reward: $ 100,000 (89,000 euros), Intel's maximum reward for discoverers of critical leaks.

    There is a small taste to the premium. According to the VU, Intel tried to downplay the severity of the leak by officially paying $ 40,000 in rewards and in addition, "$ 80,000" off. That offer was politely refused.

    Anyone who accepts a reward must also adhere to the rules. In this case, that meant: no consultation between researchers and uncertainty about which software manufacturers were warned in advance.According to the researchers, tech companies do not reason in the interests of the user, but of the shareholder.

    Intel initially failed to notify Google and Mozilla, two major browser manufacturers.

    The VU tried to force the manufacturer to come out faster. Eventually the VU forced Intel to come out in May - otherwise the university would publish the details itself. "If it were up to Intel, they would have wanted to wait another six months," says Bos.

    Intel had promised that the next generation of chips would not be vulnerable to RIDL, but that is not the case."
     
  4. inm8#2

    inm8#2 Notebook Deity

    Reputations:
    295
    Messages:
    762
    Likes Received:
    324
    Trophy Points:
    76
    Intel may also want to update their marketing campaign to better reflect the times.

    [​IMG]
     
  5. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,740
    Messages:
    926
    Likes Received:
    434
    Trophy Points:
    76
    Isn't ZombieLoad the same as MDS?

    Someone should replace it with RIDL :D
     
    Riley Martin and joluke like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,572
    Messages:
    19,897
    Likes Received:
    24,721
    Trophy Points:
    931
    0:32 - New Intel firmware boot verification bypass enables low-level backdoors

    New Intel firmware boot verification bypass enables low-level backdoors

    By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access
    By Lucian Constantin, Romania Correspondent, CSO | MAY 10, 2019 11:04 AM PT
    https://www.csoonline.com/article/3...ation-bypass-enables-low-level-backdoors.html

    "Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.
    Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel's reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week.

    Boot Guard is a technology that was added in Intel Core 4th generation microarchitecture -- also known as Haswell -- and is meant to provide assurance that the low-level firmware (UEFI) has not been maliciously modified. It does this by checking that the loaded firmware modules are digitally signed with trusted keys that belong to Intel or the PC manufacturer every time the computer starts.

    Bosch, an independent researcher and computer science student at Leiden University in the Netherlands, discovered an anomaly in the Boot Guard verification process while he was trying to find a way to use the open-source Coreboot firmware on his own laptop. In particular, he noticed that after the system verified the firmware and created a validated copy in cache, it later re-read modules from the original copy located in the Serial Peripheral Interface (SPI) memory chip -- the chip that stores the UEFI code.

    This isn't correct behavior, because the system should only rely on the verified copy after the cryptographic checks are passed. This made Bosch think there might be an opportunity for an attacker to modify the firmware code after it's been verified and before it's incorrectly re-read from SPI memory. He took his findings and an early proof-of-concept implementation to Trammell Hudson, a well-known hardware and firmware researcher whose previous work includes the Thunderstrike attacks against Apple's Thunderbolt technology.

    Hudson confirmed Bosch's findings and together worked on an attack that involves attaching a programming device to the flash memory chip to respond with malicious code when the CPU attempts to reread firmware modules from SPI memory instead of the validated copy. The result is that malicious and unsigned code is executed successfully, something that Boot Guard was designed to prevent.

    While the attack requires opening the laptop case to attach clip-on connectors to the chip, there are ways to make it permanent, such as replacing the SPI chip with a rogue one that emulates the UEFI and also serves malicious code.

    In fact, Hudson has already designed such an emulator chip that has the same dimensions as a real SPI flash chip and could easily pass as one upon visual inspection if some plastic coating is added to it.

    What are the implications of such TOCTOU attacks?

    The Intel Boot Guard and Secure Boot features were created to prevent attackers from injecting malware into the UEFI or other components loaded during the booting process such as the OS bootloader or the kernel. Such malware programs have existed for a long time and are called boot rootkits, or bootkits, and attackers have used them because they are very persistent and hard to remove. That's because they re-infect the operating system after every reboot before any antivirus program has a chance to start and detect them.

    In its chip-swapping variant, Hudson's and Bosch's attack acts like a persistent hardware-based bootkit. It can be used to steal disk encryption passwords and other sensitive information from the system and it's very hard to detect without opening the device and closely inspecting its motherboard.

    Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information.

    Such a physical compromise could occur in different ways, for example in an Evil-Maid-type scenario where a high value target, like a company's CEO, travels to a foreign country and leaves their laptop unattended in their hotel room. Bosch tells CSO that replacing the SPI memory chip with a rogue one designed to execute this attack would take 15 to 20 minutes for an experienced attacker with the right equipment.

    Another possibility are supply chain attacks or the so-called "interdiction" techniques where computer shipments are intercepted in transit, for example by an intelligence agency, are backdoored and then resealed to hide any tampering. The documents leaked by Edward Snowden showed that the NSA uses such techniques, and it is likely not the only intelligence agency to do so.

    Some devices do have tamper-evident seals or mechanisms, but someone with the right resources and knowledge can easily bypass those defenses, Bosch tells CSO.

    Malicious employees could also use this technique on their work-issued laptops to either bypass access controls and gain administrator privileges or to maintain access to the company's data and network after they leave the company. Such a compromise would survive the computer being wiped and being put back into use.

    There have been several cases over the years of economic espionage where employees working for various companies were caught stealing trade secrets and passing them to foreign governments or to competitors.

    What is the mitigation?
    The two researchers notified Intel of their findings in January and tell CSO that the chipmaker treated the issue seriously and assigned a high severity to it. The company already has patches available for its reference UEFI implementation -- known as Tianocore -- that it shares with BIOS vendors and PC manufacturers. The researchers haven't yet tested the fixes, but at least based on the description they seem comprehensive and should prevent similar attacks in the future.

    The problem is that distributing UEFI patches has never been an easy process. Intel shares its UEFI kit with UEFI/BIOS vendors who have contracts with various PC manufacturers. Those OEMs then make their own firmware customizations before they ship it inside their products. This means that any subsequent fixes require collaboration and coordination from all involved parties, not to mention end users who need to actually care enough to install those UEFI updates.
    The patches for the critical Meltdown and Spectre vulnerabilities that affected Intel CPUs also required UEFI updates and it took months for some PC vendors to release them for their affected products. Many models never received the patches in the form of UEFI updates because their manufacturers no longer supported them.

    The two researchers plan to release their proof-of-concept code in the following months as part of a tool called SPISpy that they hope will help other researchers and interested parties to check if their own machines are vulnerable and to investigate similar issues on other platforms.

    "I would really like to see the industry move towards opening the source to their firmware, to make it more easy to verify its correctness and security," says Bosch.
     
    Last edited: May 17, 2019
  7. bennyg

    bennyg Notebook Virtuoso

    Reputations:
    1,533
    Messages:
    2,337
    Likes Received:
    2,315
    Trophy Points:
    181
    Tbh it'd be pretty surprising if you couldn't compromise a system by desoldering and replacing physical firmware rom chips but I guess the secure boot stuff is designed to stop exactly that... So oops.

    I'd just like to see some of these vulnerabilities used for some useful backdoor things for us pleb consumers such as bypassing firmware blocks and whitelist mechanisms (gstink), microcode hacks like the old unlocked multiplier one, unlock arbitrarily disabled features, enable unofficial upgrades etc :)
     
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,572
    Messages:
    19,897
    Likes Received:
    24,721
    Trophy Points:
    931
    There are a huge number of graphs in the article, please go to the site to see them. Perhaps tomorrow he will have the runs without HT enabled up for comparison.

    MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

    Written by Michael Larabel in Linux Security on 16 May 2019 at 03:37 PM EDT. 50 Comments
    https://phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

    "The default Linux mitigations for the new Microarchitectural Data Sampling (MDS) vulnerabilities (also known as "Zombieload") do incur measurable performance cost out-of-the-box in various workloads.

    That's even with the default behavior where SMT / Hyper Threading remains on while it becomes increasingly apparent if wanting to fully protect your system HT must be off.

    MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading.

    Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.

    Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing."
    50 Comments

    aphysically
    Junior Member Join Date: May 2019 Posts: 5 #6 05-16-2019, 04:07 PM
    "One of the Intel writeups said that their 8th and 9th gen processors have hardware mitigations, but my 8th gen processor defaulted to the same "Clear CPU buffers; SMT vulnerable". Is it safe to disable the MDS mitigations on 8th and 9th gen processors? Will less aggressive mitigations be possible on those in the future?"

    MELTDOWN REDUX: INTEL FLAW LETS HACKERS SIPHON SECRETS FROM MILLIONS OF PCS
    AUTHOR: ANDY GREENBERGANDY GREENBERG, 05.14.19 01:00 PM
    https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/

    "...There are still more components, and many of them are not documented at all, so it's not unlikely this continues for a while," says TU Graz's Moritz Lipp. His fellow researcher Daniel Gruss adds: "We always expected this would keep us busy for years." In other words, don't be surprised if more hidden holes are found in the heart of your computer's processor for years to come."
     
    Last edited: May 17, 2019
    Riley Martin likes this.
  9. Talon

    Talon Notebook Virtuoso

    Reputations:
    1,172
    Messages:
    3,205
    Likes Received:
    3,700
    Trophy Points:
    331


    02:10
     
    Riley Martin and hmscott like this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,572
    Messages:
    19,897
    Likes Received:
    24,721
    Trophy Points:
    931
    Microarchitectural Data Sampling (aka MDS, ZombieLoad, RIDL & Fallout) explained by Red Hat
    Red Hat Videos
    Published on May 14, 2019
    Microarchitectural Data Sampling—also known as MDS, ZombieLoad, RIDL & Fallout—is a set of Intel processor-based vulnerabilities that allows unauthorized users to access data used by other programs, containers, and virtual machines.

    MDS lets attackers read--or sample--data from previous operations and potentially steal sensitive information by using other methods to stitch several pieces together.

    This flaw is particularly dangerous for Intel-based public clouds running untrusted workloads in shared-tenancy environments.

    There are a few different ways attackers can use MDS, each targeting different processor structures:

    Store buffer attack (aka: Fallout)
    Fill buffer attack (aka: RIDL)
    Load port attack

    Microcode patches are available for the store buffer attack, but to fully protect against the fill buffer and load port variants, IT administrators must disable Intel Hyper-Threading.

    This short video provides a high-level primer on what MDS is and how it works. For more technical information about the vulnerability and what your company should do about it, visit red.ht/mds or watch this technical explainer video from Red Hat's Jon Masters: https://youtu.be/Xn-wY6Ir1hw


    Understanding Microarchitectural Data Sampling (aka MDS, ZombieLoad, RIDL & Fallout) from Red Hat

    Red Hat Videos
    Published on May 14, 2019
    Microarchitectural Data Sampling—also known as MDS, ZombieLoad, RIDL & Fallout—is a set of Intel processor-based vulnerabilities that allows unauthorized users to access data used by other programs, containers, and virtual machines. In this video,Red Hat computer architect Jon Masters provides a technical overview on how the flaw works and what companies can do about it.


    RIDL leaking root password hash
    VUSec
    Published on May 14, 2019
    We leaks the /etc/shadow file by repeatedly trying to authenticate a user with the passwd utility. The animation is sped up for the latter part of the video, the total process takes about 24 hours at the moment. A similar attack can leak the /etc/shadow of a cloud co-tenant by repeatedly opening an SSH connection.


    RIDL leaking Linux kernel data
    VUSec
    Published on May 14, 2019
    We showcase how to leak recent kernel data using RIDL. This demo first reads 0 bytes from /proc/version, whereafter we are able to leak the full contents of /proc/version without the data ever being present in userspace.


    RIDL from JavaScript
    VUSec
    Published on May 14, 2019
    We leak a string from another process using Javascript and WebAssembly in the SpiderMonkey engine.


    Keyword Detection
    In this scenario, we constantly sample data using ZombieLoad and match leaked values against a list of predefined keywords:

    ZombieLoad Attack example video from zombieloadattack.com
    Tech Assimilate
    Published on May 15, 2019
    "ZombieLoad in Action"
    In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine.


    ZombieLoad in Action: Spying on your visited websites
    https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html

    ZombieLoad attack demonstration - Yet another Intel processor vulnerability
    codedamn
    Published on May 15, 2019
    This video shows you how to demonstrate a zombieload attack using a macOS + VM running Ubuntu 18.04 where a VM steals information from host OS using Zombieload attack. Zombieload attack is the 3rd major processor attack after meltdown and spectre last year.
     
    Last edited: May 17, 2019
    Riley Martin and Kyle like this.

Share This Page