CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,646
    Likes Received:
    20,487
    Trophy Points:
    931
    Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets
    A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.

    By Liam Tung | May 18, 2018 -- 12:55 GMT (05:55 PDT)
    https://www.zdnet.com/article/ex-in...ctre-attack-can-even-reveal-firmware-secrets/

    "Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM).

    Spectre and Meltdown vulnerabilities enable software attacks using CPU design flaws common to Intel, AMD, and Arm chips to access secrets stored in memory.

    Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware.

    SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software.

    SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers.

    As a former Intel researcher explained in a 2013 paper, when an SMI event occurs, say, due to thermal throttling or system health checks, all the CPU's cores enter SMM or system management mode.

    "Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulyginexplains.

    To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory.

    "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

    "This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM. Additionally, since we demonstrate that the speculative memory access occurs from the context of SMM, this could be used to reveal other secrets in memory as well."

    Bulygin said he's been working with Intel since March and that Intel believes its guidance to mitigate Spectre variant 1 and Spectre variant 2 should also be applied to SMM.

    Intel said as much in a statement to ZDNet:

    "We have reviewed Eclypsium's research and, as noted in their blog, we believe that the existing guidance for mitigating variant 1 and variant 2 will be similarly effective at mitigating these scenarios," an Intel spokesperson said.


    "We value our partnership with the research community and are appreciative of Eclypsium's work in this area.""

    New Spectre Attack Recovers Data From a CPU's Protected SMM Mode
    By Catalin Cimpanu, May 18, 2018 05:15 PM
    https://www.bleepingcomputer.com/ne...recovers-data-from-a-cpus-protected-smm-mode/

    "Security researchers from Eclypsium have detailed yesterday a new variation of the Spectre attack that can recover data stored inside a secure CPU area named the System Management Mode (SMM).

    For those unfamiliar with CPU design, the SMM is a special x86 processor mode that not even highly-privileged software such as kernels or hypervisors cannot access or interrupt.

    What is the SMM and what's it good for
    Every time code is sent to the SMM, the operating system is suspended and the CPU uses parts of the UEFI/BIOS firmware to execute various commands with elevated privileges and with access to all the data and hardware.

    During these "interrupts," as they are known, the SMM suspends the operating system and runs firmware-specific code that handles power management, system hardware control, or proprietary OEM code —in other words keeping the hardware running smoothly while the software runs on top.

    Because of its critical role in keeping the hardware alive and its deep connections to all areas of the computer, software applications of any kind are not allowed to interact with the SMM, for both maintenance and security reasons.

    But the SMM mode was designed and released into production in the early 90s, and not that many protections were included from the get-go.

    On Intel CPUs, access to the SMM is protected by a special type of range registers known as System Management Range Register (SMRR).

    Researchers alter Spectre attack to access SMM memory
    In research published on Thursday, the Eclypsium team has modified one of the public proof-of-concept codes released for the Spectre variant 1 (CVE-2017-5753) vulnerability to bypass the SMRR protection mechanism and access data stored inside the System Management RAM (SMRAM) —the area of the physical memory where SMM stores and runs its working data.

    "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," the Eclypsium team says.

    "This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM," researchers said.

    Furthermore, since the attack was successful at revealing SMRAM and SMM data, the Eclypsium team also believes it could be used to reveal other type of info stored inside the physical memory, not just the one related to SMM.

    Original Spectre patches will protect users

    While their experimental attack was crafted to work around the Spectre variant 1 vulnerability, researchers said that using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.

    Researchers said they've notified Intel of their new Spectre attack variation in March. Intel says that the original patches for the Spectre variant 1 and variant 2 should be enough to block the attack chain discovered by the Eclypsium team.

    The Eclypsium report provides a deeper technical dive into the research team's attack. Eclypsium is headed by Yuriy Bulygin, the former head of Intel's Advanced Threat Research team at Intel Security and microprocessor security analysis team at Intel Corporation. He is also the creator of the CHIPSEC open-source security framework.

    This is also not the first variation of the original Spectre vulnerability. Other Spectre-related attacks include SgxSpectre, BranchScope, and SpectrePrime."
     
    Last edited: May 19, 2018
    KY_BULLET likes this.
  2. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,264
    Messages:
    5,625
    Likes Received:
    4,241
    Trophy Points:
    431
    Thing is hmscott, this isn't really a thing as Intel says that their patches already protect against these new types of Spectre attacks, it was just a small section here that I copied & pasted from your post above:
     
    hmscott likes this.
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,646
    Likes Received:
    20,487
    Trophy Points:
    931
    Yes, you quoted my post, and it's also mentioned in the 2nd article, should I have highlighted them to make them stand out? (DONE)
     
    Robbo99999 likes this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,646
    Likes Received:
    20,487
    Trophy Points:
    931
    Alert (TA18-141A)
    Side-Channel Vulnerability Variants 3a and 4

    Original release date: May 21, 2018
    https://www.us-cert.gov/ncas/alerts/TA18-141A

    Systems Affected
    CPU hardware implementations

    Overview
    On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.

    Description
    CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

    Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

    Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to:
    • Read arbitrary privileged data; and
    • Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
    Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:
    • Variant 1: Bounds Check Bypass – CVE-2017-5753
    • Variant 2: Branch Target Injection – CVE-2017-5715
    • Variant 3: Rogue Data Cache Load – CVE-2017-5754
    • Variant 3a: Rogue System Register Read – CVE-2018-3640
    • Variant 4: Speculative Store Bypass – CVE-2018-3639
    Impact
    Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.

    Solution
    Mitigation

    NCCIC recommends users and administrators
    • Refer to their hardware and software vendors for patches or microcode,
    • Use a test environment to verify each patch before implementing, and
    • Ensure that performance is monitored for critical applications and services.
      • Consult with vendors and service providers to mitigate any degradation effects, if possible.
      • Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system patching and mandatory rebooting, if applicable.
    The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

    AMD May 21, 2018
    ARM May 21, 2018
    Microsoft May 21, 2018
    Redhat May 21, 2018

    References
    Google Project Zero Blog
    Revisions
    • May 21, 2018: Initial version"

    Google and Microsoft disclose new CPU flaw, and the fix can slow machines down
    New firmware updates are on the way

    By Tom Warren, May 21, 2018 5:28 pm
    https://www.theverge.com/platform/a...nerability-speculative-store-bypass-variant-4

    "Microsoft and Google are jointly disclosing a new CPU security vulnerability that’s similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says “these mitigations are also applicable to variant 4 and available for consumers to use today.”

    However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.

    “If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.

    As a result, end users (and particularly system administrators) will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.

    Microsoft started offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws in March, and the company says it discovered this new bug back in November. “Microsoft previously discovered this variant and disclosed it to industry partners in November of 2017 as part of Coordinated Vulnerability Disclosure (CVD),” says a Microsoft spokesperson. Microsoft is now working with Intel and AMD to determine performance impacts on systems.

    “We are continuing to work with affected chip manufacturers and have already released defense-in-depth mitigations to address speculative execution vulnerabilities across our products and services,” says a Microsoft spokesperson. “We’re not aware of any instance of this vulnerability class affecting Windows or our cloud service infrastructure. We are committed to providing further mitigations to our customers as soon as they are available, and our standard policy for issues of low risk is to provide remediation via our Update Tuesday schedule.”

    Intel is already preparing its own CPU changes for the future. Intel is redesigning its processors to protect against attacks like Spectre or this new variant 4, and the company’s next-generation Xeon processors (Cascade Lake) will include new built-in hardware protections, alongside 8th generation Intel Core processors that ship in the second half of 2018."

    Speculative Store Buffer Bypass in 3 minutes
    Red Hat Videos
    Published on May 21, 2018
    Speculative Store Buffer Bypass is a security vulnerability that allows unauthorized users to steal sensitive information through websites. Similar to the Spectre and Meltdown threats in early 2018, it exploits speculative execution--a process most computers use to speed up routine tasks (to learn more about speculative execution, watch our previous video Spectre and Meltdown in 3 Minutes).
    This 3 minute video shows you how Speculative Store Buffer Bypass is different and what’s being done about it.
    Technical information about Speculative Store Buffer Bypass and how to protect your systems can be found at Red Hat's Customer Portal - https://red.ht/ssbd


    Addressing New Research for Side-Channel Analysis
    Details and Mitigation Information for Variant 4
    https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/

    INTEL-SA-00115
    Q2 2018 Speculative Execution Side Channel Update
    https://www.intel.com/content/www/u...m_medium=inline&_utm_content=lnk1140515439680
     
    Last edited: May 22, 2018
    Riley Martin, THEBOSS619 and inm8#2 like this.
  5. THEBOSS619

    THEBOSS619 Notebook Consultant

    Reputations:
    156
    Messages:
    125
    Likes Received:
    219
    Trophy Points:
    56
    Another reason to wait for the new microcode release and give it a few weeks more to fix the new microcode bugs that they will create...

    With Intel there's always a problem...
     
    Riley Martin and hmscott like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,646
    Likes Received:
    20,487
    Trophy Points:
    931
    Hmmm, no news is good news? :)

    Nothing of note has been put out by the usual sources... maybe Intel / Microsoft are busy with more fixes before their next releases?
     
  7. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,264
    Messages:
    5,625
    Likes Received:
    4,241
    Trophy Points:
    431
    I have some news on this, Microsoft yesterday released a Cumulative Update that addresses numerous things as well as Spectre Variant 3 (CVE-2018-3639) (or is it 4, anyway it's the latest Speculative Store Bypass (SSB) related flaw that they found in May). Here is the detail:
    https://support.microsoft.com/en-gb/help/4284835/windows-10-update-kb4284835

    The most important thing to realise is that protection to SSB is not enabled by default after installing this update, instead it has to be enabled manually via registry editing! Microsoft believe the risk from this attack to be low, and that's I think at least one of the reasons why they've made it so difficult to apply the protection (registry editing). God knows what kind of performance impact this fix would have. Here's how to do the registry editing:
    https://support.microsoft.com/en-gb...-to-protect-against-the-speculative-execution

    Here's the bit on how to do the registry editing that I've copy & pasted from the above link - this kinda slipped in under the radar, perhaps it's because it might cause large performance issues (my speculation) combined with the perceived low risk of this attack: (Note: CVE-2018-3639 is the part to take note of below as that's the latest variant of Spectre attack found and the one that is not protected automatically by the update - the one that requires the registry editing).


    Applies to: Windows Server 2016 Version 1803 (Server Core), Windows Server 2016 Version 1709 (Server Core), Windows Server 2016, Windows Server 2008 R2 SP1

    • Enable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) through the following registry settings (because they are not enabled by default).

      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f


      Note These registry changes require administrative rights and a restart.
    • Disable mitigations around Speculative Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) through the following registry settings.

      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f


      Note These registry changes require administrative rights and a restart.
     
    Last edited: Jun 13, 2018
    KY_BULLET and hmscott like this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,800
    Messages:
    16,646
    Likes Received:
    20,487
    Trophy Points:
    931
    Another day, another Intel CPU security hole: Lazy State
    Intel has announced that there's yet another CPU security bug in its Core-based microprocessors.
    By Steven J. Vaughan-Nichols for Linux and Open Source | June 13, 2018 -- 23:10 GMT (16:10 PDT)
    https://www.zdnet.com/article/another-day-another-intel-cpu-security-hole-lazy-state/

    "Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

    This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides.

    This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations. Thus, systems using Intel Core-based microprocessors, from Sandy Bridge on to today's newest processors, may allow a local process to infer data using lazy floating point state restore from another process through a speculative-execution side channel. So, in this latest vulnerability, one process can read the floating point registers of other processes being lazily restored.

    For some operating systems, the fix is already in. Red Hat Enterprise Linux (RHEL) 7 automatically defaults to (safe) "eager" floating point restore on all recent x86-64 microprocessors (approximately 2012 and later) implementing the "XSAVEOPT" extension. Therefore, most RHEL 7 users won't need to take any corrective action.

    Other operating systems believed to be safe are any Linux version using the 2016's Linux 4.9 or newer kernel. The Linux kernel developers are patching older kernels. Most versions of Windows, including Server 2016 and Windows 10. are believed to be safe.

    If you're still using Windows Server 2008, however, you will need a patch. The latest editions of OpenBSD and DragonflyBSD are immune, and there's a fix available for FreeBSD.

    The good news, according to Masters: "Impact is moderate because while it's important to address, it's hard to exploit and easy to fix."

    Better still, Masters said, "the fix will improve performance!"

    Unlike the previous CPU security bugs, mitigating it will not require microcode updates. In most cases, RHEL 7 customers will not need to take action. RHEL 5 and 6 users will need to patch their servers.

    This security problem was found by Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology, and Zdenek Sojka from SYSGO AG.

    So, while not a serious problem, it is a real one. If your system isn't immune, patch it as soon as possible."

    "Lazy FP state restore" by Intel Corporation, originally published on 13 June 2018:
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

    "Intel LazyFP vulnerability: Exploiting lazy FPU state switching" by Thomas Prescher, Julian Stecklina, and Jacek Galowicz, published on 6 June 2018:
    https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html

    Description speculative register leakage from lazy FPU context switching
    ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665
    https://security-tracker.debian.org/tracker/CVE-2018-3665

    https://www.reddit.com/r/intel/comments/8r1daj/another_day_another_intel_cpu_security_hole_lazy/
     
    Last edited: Jun 20, 2018
    Robbo99999 likes this.
  9. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,264
    Messages:
    5,625
    Likes Received:
    4,241
    Trophy Points:
    431
    Ok, that's not so bad then as they say:

    "Most versions of Windows, including Server 2016 and Windows 10. are believed to be safe."
    "Better still, Masters said, "the fix will improve performance!""

    Kinda crazy now with all the CPU hardware exploitable security bugs coming out!
     
    hmscott likes this.
  10. senso

    senso Notebook Evangelist

    Reputations:
    169
    Messages:
    509
    Likes Received:
    72
    Trophy Points:
    76
    The low hanging fruit as already been reaped(exploited), so, people will start to dig deeper to find flaws/exploits.

    Given that this is exploitable since Sandy Bridge, it might be already been exploited in the past(wouldn't doubt that).
     
    hmscott likes this.
Loading...

Share This Page