CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,634
    Messages:
    19,995
    Likes Received:
    24,814
    Trophy Points:
    931
    And, Intel has issued Security Updates...with INTEL-SA-00290 being of primary interest as it applies to the NetCAT DDIO & RDMA vulnerabilities.

    National Cyber Awareness System=> Current Activity Landing => Intel Releases Security Updates
    https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-security-updates

    Intel Releases Security Updates
    Original release date: September 10, 2019
    "Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel's Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates."

    INTEL-SA-00290
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html

    Summary:
    "A potential security vulnerability in some microprocessors with Intel® Data Direct I/O Technology (Intel® DDIO) and Remote Direct Memory Access (RDMA) may allow partial information disclosure via adjacent access.

    Vulnerability Details:
    CVEID: CVE-2019-11184

    Description: A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.

    CVSS Base Score: 2.6 Low

    CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

    Affected Products:
    Intel® Xeon® E5, E7 and SP families that support DDIO and RDMA.

    Recommendations:
    Partial information potentially disclosed through exploitation of this vulnerability could be utilized to enhance unrelated attack methods. For published exploits that Intel is aware of, Intel recommends users follow existing best practices including:

    Where DDIO & RDMA are enabled, limit direct access from untrusted networks.

    The use of software modules resistant to timing attacks, using constant-time style code.

    Security Best Practices For Side Channel Resistance:

    https://software.intel.com/security...curity-best-practices-side-channel-resistance

    Guidelines For Mitigating Timing Side Channels Against Cryptographic Implementations:

    https://software.intel.com/security...hannels-against-cryptographic-implementations

    Acknowledgements:
    Intel would like to thank Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi from VU Amsterdam for reporting this issue.

    Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available."
     
    Last edited: Sep 13, 2019
    Vasudev likes this.
  2. Felix_Argyle

    Felix_Argyle Notebook Consultant

    Reputations:
    86
    Messages:
    278
    Likes Received:
    188
    Trophy Points:
    56
    None, if you like to play games at maximum visual quality. Which is something AMD should really fix, having more CPU choices is always a good thing for consumers and for laptop manufacturers.
     
    Vasudev and Spartan like this.
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    7,370
    Messages:
    10,403
    Likes Received:
    7,669
    Trophy Points:
    931
    Almost NIL on gaming laptops but one or two models of thinkpad has Ryzen U series which is more than enough for programming and daily tasks. But, sadly I'm waiting for Tseries model with Ryzen 7.
     
  4. bladerider

    bladerider Newbie

    Reputations:
    17
    Messages:
    1
    Likes Received:
    6
    Trophy Points:
    5
    Hope you like this wallpaper. Register to this forum just to reply you :p

    p.s I am the one who photoshop this wallpaper :p

    New wallpaper in 4K resolution. Enjoy~

    http://fav.me/ddk3t87
     
    Last edited: Nov 10, 2019
    Starlight5, Vasudev, Papusan and 3 others like this.
  5. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,461
    Messages:
    23,935
    Likes Received:
    41,618
    Trophy Points:
    931
    Maybe you should create a new wallpaper for the newest Intel chips:vbbiggrin:
    [​IMG]

    Intel has steadily added new hardware-based mitigations for many of the new vulnerabilities, like MSBDS, Fallout, and Meltdown, with new steppings of its die.
     
  6. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    7,370
    Messages:
    10,403
    Likes Received:
    7,669
    Trophy Points:
    931
    I'd have liked Cracked Intel Inside logo with all vulnerability popping up like a gift hamper!
     
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,634
    Messages:
    19,995
    Likes Received:
    24,814
    Trophy Points:
    931
    Not everyone is happy with Intel's "progress" at fixing security problem(s) reported more than 2 years ago to Intel...with serious flaws reported to Intel over a year ago are still actively ignored by Intel - maybe because it's unfixable?

    Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings
    Speculative execution attacks still haunt Intel, long after researchers told the company what to fix.
    11.12.2019
    https://www.wired.com/story/intel-mds-attack-taa/

    "Over the past two years, attacks like Spectre, Meltdown, and variants on those techniques—all capable of tricking a broad range of processors into coughing up sensitive data—have shown how hard it can be to secure a chip. But it's one thing for a company like Intel to scramble to fix a vulnerability, and a very different one when it fails to act on one of those flaws for more than a year.

    Today researchers at Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria revealed new versions of a hacking technique that takes advantage of a deep-seated vulnerability in Intel chips.

    They're spins on something known as ZombieLoad or RIDL, an acronym for Rogue In-Flight Data Load; Intel refers to it instead as as microarchitectural data sampling, or MDS. Like the Spectre and Meltdown vulnerabilities—which some of the same Graz researchers were involved in uncovering in early 2018—the new MDS variants represent flaws that could allow any hacker who manages to run code on a target computer to force its processor to leak sensitive data.

    The scenarios for that attack could include anything from a website's Javascript running in a victim's browser to a virtual machine running on a cloud server, which could then target a virtual machine on the same physical computer.

    But in this case, the researchers are pointing to a more serious failing on Intel's part than just another bug.

    While they warned Intel of these newly revealed MDS variants as early as September 2018, the chip giant has nonetheless neglected to fix the flaws in the nearly 14 months since.

    And while Intel announced today that it has newly patched dozens of flaws, the researchers say and the company itself admits that those fixes still don't fully protect against the MDS attacks."
    ...
    "In fact, the VUSec researchers say that in the time since they first disclosed the vulnerability to Intel, they've managed to hone it into a technique capable of stealing sensitive data in seconds rather than the hours or days they previously believed necessary."

    "They missed completely a variant of our attack—the most dangerous one."
    - KAVEH RAZAVI, VUSEC

    ...more in the article on Wired...
     
    Last edited: Nov 14, 2019
    Starlight5, Vasudev and inm8#2 like this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,634
    Messages:
    19,995
    Likes Received:
    24,814
    Trophy Points:
    931
    It turns out that the new Intel CPU's with hardware mitigations are themselves vulnerable to exploits related to the previous "fixed" vulnerabilities - modded architectural fixes are not fixes. This was obvious to all security experts from the beginning - that the flawed architecture needs to be replaced, vulnerable hardware needs to be replaced, and until Intel releases truly new designs to replace the vulnerable arcitectures, these problems will continue.

    A new ‘Zombieload’ flaw hits Intel’s newest Cascade Lake chips
    Zack Whittaker@zackwhittaker / 10:00 am PST • November 12, 2019
    https://techcrunch.com/2019/11/12/intel-cascade-lake-zombieload/

    "Time to reset your “days since last major chip vulnerability” counter back to zero.

    Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discoveredearlier this year, but targeting Intel’s latest family of chips, Cascade Lake.

    Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

    The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.

    Zombieload was discovered by the same researchers who found Meltdown and Spectre, a set of flaws that could be used to pick out secrets — like passwords — from the processor. It was believed later chip architectures, like Cascade Lake, were toughened against speculative execution attacks, while Intel rolled out software patches to reduce the attack surface.

    Neither of the other vulnerabilities in the same family as Zombieload — notably Fallout and RIDL — work on Cascade Lake, they added.

    But the researchers said that Intel’s efforts to change the chip design in Cascade Lake are “not sufficient” to protect against these kinds of side-channel attacks.

    The same researchers warned Intel about the vulnerability in April — as it did with the other flaws they discovered that were patched a month later. Intel took until this month to investigate, the researchers said.

    Intel released patches again for its vulnerable chips on Tuesday, acknowledging that its newest chips are vulnerable to the newest Zombieload variant. But the chip making giant recognizes that the mitigations “may not completely prevent the inference of data through a side channel using these techniques.”

    The chip maker said there have been “no reports” of real-world exploits of the vulnerabilities."

    Intel's busy patching the leaks (as referenced by the Security Researchers in the previous article and post), but new one's keep getting found, here's news about Intel's latest patchathon:

    Intel has revealed 77 new chip vulnerabilities, one of which has a notable [consumer] performance impact
    Intel's JCC erratum bug is said to have a performance impact of 0-4% excluding outliers
    Published: 12th November 2019 | Source: Intel | Author: Mark Campbell
    https://www.overclock3d.net/news/cp...e_of_which_has_a_notable_performance_impact/1

    "Every month, Intel released a security advisory, allowing the security research community to disclose their findings and for Intel to update their partners on the security of its products.

    This month, Intel has disclosed a whooping 77 vulnerabilities that range from processors to graphics and even ethernet controllers. 67 of these bugs have been discovered by Intel internally, while outside sources uncovered ten. Many of these vulnerabilities are minor, though some others will have a notable impact on Intel's products.

    More information about these vulnerabilities is available here, with the focus of this article being a specific vulnerability called "JCC Erratum". This vulnerability impact most of Intel's recently released processors, including Coffee Lake, Amber Lake, Cascade Lake, Skylake, Whiskey lake, Comet Lake and Kaby Lake.

    This bug relates to Intel's ICache/ Decodes Streaming buffer, though the issue can be addressed with firmware. However, Intel's mitigations document for Jump Conditional Code Erratum states that the mitigation/workaround will impact performance by 0-4% excluding outliers, which means that even higher performance downsides in specific workloads.

    Phoronix is the first website to benchmark Intel's processors both with an without their JCC Erratum mitigations, finding notable performance hits in some software. Unlike some of Intel's other mitigations, the fixes for JCC Erratum can impact pure consumer workloads, which means that this update will impact more general PC users than Intel's previous software mitigations."

    IPAS: NOVEMBER 2019 INTEL PLATFORM UPDATE (IPU)
    Written by Jerry Bryant | November 12, 2019
    https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.fmys9g
     
    Last edited: Nov 15, 2019
    Vasudev, jclausius and inm8#2 like this.
  9. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,993
    Messages:
    6,576
    Likes Received:
    5,651
    Trophy Points:
    681
    I suppose for high security systems you might think twice about using Intel. I mean like really high security stuff, because these Spectre attacks would be very sophisticated and would take a lot of dedication from the attacker I think, so I believe such attacks would be precisely targeted rather than spammed across systems - therefore unless you have reason to be a high value target I'm thinking these vulnerabilities are not as important. However, for high security needs I think I would think twice about Intel. That's my intuition on it based on the bits & pieces I know.
     
    Vasudev and jclausius like this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,634
    Messages:
    19,995
    Likes Received:
    24,814
    Trophy Points:
    931
    Another feature Intel suggests disabling to avoid exploits of their failed CPU architecture security: TSX. I don't recall TSX broken out as a toggle in BIOS's... maybe I've just missed it.

    The dangerous Intel: MDS processor problem called Zombieload has a different version and newer processor models are vulnerable to it.
    https://howtofix.guide/some-intel-p...to-the-new-version-of-the-zombieload-problem/
    In May of year, researchers revealed information about a new class of vulnerabilities in processors Intel: Microarchitectural Data Sampling (MDS). As well as the Specter and Meltdown vulnerabilities, the new bugs turned out to be associated with a proactive (or speculative) mechanism for executing commands. Then the experts identified four vulnerabilities and three groups of problems: RIDL, Fallout and ZombieLoad.

    All these bugs allow an attacker to steal passwords, cryptographic keys and other personal data downloaded or stored in the memory of processor buffers.

    As Graz University of Technology experts have now found out, ZombieLoad, the most dangerous of the problems found earlier, has a second option (CVE-2019-11135), which poses a threat to newer Intel processors, including Cascade Lake. Previously experts believed that these processors are not susceptible to such attacks, as they are protected at the hardware level.

    We present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible. Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient”, — write researchers from Graz University of Technology.

    As part of the November update Tuesday, Intel engineers released microcode updates that fix the Zombieload 2 problem.

    In the spring of this year, experts were silent about the existence of CVE-2019-11135, since Intel developers were not yet ready to issue patches. Now, researchers said that the work of the second ZombieLoad variation involves the use of Intel Transactional Synchronization Extensions (TSX) technology and asynchronous interruption.

    In fact, an attacker could use malicious code to create a conflict between reading operations inside the CPU. As a result, data processed by the processor may leak. Researchers write that the attack even works against machines with hardware fixes for the Meltdown vulnerability (in particular, the i9-9900K and Xeon Gold 5218 were tested).

    The only prerequisite for the attack is the need for Intel TSX support, which is available by default in all Intel processors manufactured after 2013 (Haswell processors got the first TSX support).

    Intel representatives not only published updated microcodes, but also hastened to assure that Zombieload 2 is not as dangerous as it might seem.

    The fact is that all MDS attacks allow malicious code to be executed on Intel processors, but attackers cannot control what data they extract”, – Intel engineers report.

    In fact, Intel experts claim that criminals have other, much simpler ways and means to steal data from targets.
    Recommendations:
    Since patches for speculative attacks usually lead to a potential drop in system performance, many users may not want to install the next update. In this case, Intel recommends disabling TSX support if it is not absolutely necessary."
     
    Vasudev likes this.

Share This Page