'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

HempOil · May 20, 2018

Microsoft has released its version of the Intel microcode updates going back to Sandy Bridge now, assuming you have upgraded your Windows 10 to version 1803:
KB4100347: Intel microcode updates

guest · May 21, 2018

Microsoft, Google: We've found a fourth variant of Meltdown-Spectre CPU holes
Affects Intel and other processor makers
May 21, 2018
https://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

Breaking Today, Microsoft and Google Project Zero will reveal a fourth variant of the speculative-execution-based security vulnerabilities in modern processors – the design flaws known as Spectre and Meltdown.

Variant 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 will be disclosed by Microsoft and Google researchers. It can be potentially exploited by script files running within a program – such as JavaScript in a browser tab – to lift information out of other parts of the application – such as an other tab.

Variant 4 affects modern out-of-order processors, such as those from Intel. Chipzilla's executive veep of product security Leslie Culbertson explained in an official blog post seen by The Register prior to publication today: [...]

A spokesperson for Intel told us: “Variant 4 and Variant 3a are derivatives of the side channel methods previously disclosed by Google Project Zero (GPZ) in January.
Click to expand...

Related:
Google and Microsoft disclose new CPU flaw, and the fix can slow machines down
New firmware updates are on the way
May 21, 2018
https://www.theverge.com/2018/5/21/...nerability-speculative-store-bypass-variant-4

Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says “these mitigations are also applicable to variant 4 and available for consumers to use today.”

“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.

As a result, end users (and particularly system administrators) will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.
Click to expand...

WildByDesign · May 21, 2018

Analysis and mitigation of speculative store bypass (CVE-2018-3639)
Link: https://blogs.technet.microsoft.com...on-of-speculative-store-bypass-cve-2018-3639/

In January, 2018, Microsoft published an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (SSB) which has been assigned CVE-2018-3639. SSB was independently discovered by Ken Johnson of the Microsoft Security Response Center (MSRC) and Jann Horn (@tehjh) of Google Project Zero (GPZ).
Click to expand...

emmjay · May 21, 2018

Chicken Little was right.

Those newly designed chips coming out at the end of 2019 - I wonder if they are still OK.

itman · May 21, 2018

emmjay said: ↑

Chicken Little was right.
Click to expand...

Foxy Loxy would certainly agree with that ………….

JRViejo · May 23, 2018

FYI. A note about the “new” Spectre NG revelations - AskWoody Lounge

itman · May 23, 2018

It has also become fairly apparent that AMD is stopping any patches at the "Bulldozer" line i.e. FX processor. So looks like I will half to cough up $100 to buy a 8150 at Newegg and install it in this new Gigabyte 990 AM3+ motherboard I have had sitting around for years. Was going to install my Phenom II in that MB.

Minimalist · May 24, 2018

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said.

Intel introduced hardware-based safeguards to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. However, those protections are specific to V2 and V3, and will not impact the newly-discovered Variant 4 as well as other potential speculative execution side channel-related flaws in the future, sources familiar with the situation told Threatpost.
Click to expand...

https://threatpost.com/intels-virtual-fences-spectre-fix-wont-protect-against-variant-4

WildByDesign · May 29, 2018

Chromium/Chrome: Post-Spectre Threat Model Re-Think
Link: https://chromium.googlesource.com/chromium/src/ /master/docs/security/side-channel-threat-model.md

A lot of highly respected security devs chimed in on this one. Interesting stuff although I am not done reading yet.

HempOil · May 30, 2018

WildByDesign said: ↑

Chromium/Chrome: Post-Spectre Threat Model Re-Think
Link: https://chromium.googlesource.com/chromium/src/ /master/docs/security/side-channel-threat-model.md

A lot of highly respected security devs chimed in on this one. Interesting stuff although I am not done reading yet.
Click to expand...

Thanks for posting WBD. It is an interesting article. Although many aspects are above my head, it is clear that Chrome and, hence, all other browsers have a long way to go before they mitigate most of the vulnerabilities we are exposed to with this new(ish) class of threats.

WildByDesign · May 30, 2018

HempOil said: ↑

Thanks for posting WBD. It is an interesting article. Although many aspects are above my head, it is clear that Chrome and, hence, all other browsers have a long way to go before they mitigate most of the vulnerabilities we are exposed to with this new(ish) class of threats.
Click to expand...

You're welcome. Yes, this new world of modern threats seem to get more creative as time goes on. These days the threats are a whole new level of "cat and mouse" games and it seems to be more difficult to determine which one is ahead at any given time.

reasonablePrivacy · May 30, 2018

Thanks for posting. I said something similar to some things in this document:
-compiler/toolchain/OS mitigations may be useful, but they are expensive
-it's not possible to eliminate or coarse enough clocks to mitigate Spectre-like vulnerabilities
-any active code can read any data in the same address space. It means Site Isolation is needed. For FF Quantum it means it's process,thread model needs to be redesigned to mitigate against Spectre exploits. Advanced users of course can use Javascript blocking (uBlock, NoScript,...) and common sense, but regular users are vulnerable to Spectre.

But there is also a ton of stuff I didn't know about.

guest · Jun 12, 2018

Spectre variant 4 fix included in Microsoft Patch Tuesday rollout
June 12, 2018
https://www.scmagazine.com/spectre-...crosoft-patch-tuesday-rollout/article/772966/

Microsoft's June 2018 Patch Tuesday cumulative rollout for Windows 10 contains a mitigation for the fourth Spectre variant known as known as Speculative Store Bypass (CVE-2018-3639).

Microsoft Windows support said the fixes in the update for CVE-2018-3639/Spectre are not enabled by default but must be enacted. “Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698,” Microsoft support said.
Click to expand...

itman · Jun 12, 2018

mood said: ↑

Spectre variant 4 fix included in Microsoft Patch Tuesday rollout
Click to expand...

I applied the reg IBPB mitigation since it is the only one AMD recommends. So far, so good. No performance impact.

WildByDesign · Jun 13, 2018

According to this (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html) updated Intel guidance page, Speculative Store Bypass Disable (SSBD) and Rogue System Register Read (RSRR) both will require microcode updates for the latest OS mitigation to fully take affect (noted in the updated PowerShell SpeculationControl app). I tried today (without microcode, of course) and the PS app suggested that the mitigation SSBD was not enabled system-wide despite making the appropriate registry modifications.

Apparently, OS vendors, OEM's and such are all in possession of beta versions of these microcode updates and therefore once stabilized, those new microcode updates will be pushed out (once again).

Intel has released Beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.
Click to expand...

The microcode updates will also address Rogue System Register Read (RSRR) – CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return data under certain conditions. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. No operating system or hypervisor changes are required to support the RDMSR change.

It is expected beta microcode updates will be fully production qualified in the coming weeks. Intel recommends end users and systems administrators check with their OEM and system software vendors and apply any available updates as soon as practical.
Click to expand...

And the era of microcode updates continue...

guest · Jun 13, 2018

Here's the Status of Meltdown and Spectre Mitigations in Windows
June 13, 2018
https://www.bleepingcomputer.com/ne...-meltdown-and-spectre-mitigations-in-windows/

Yesterday's Patch Tuesday release included fixes for the latest Spectre vulnerability, known as Spectre variant 4, or SpectreNG.

These patches are currently not available for all Windows versions, though, and all mitigations are disabled by default.
Only Windows 10, Windows Server 2016, Windows 7, and Windows Server 2008 R2 have received SpectreNG patches.
Meltdown and Spectre patching is a mess
Furthermore, because of a constant stream of Meltdown and Spectre patching that has been going on for the last six months, it's been getting harder and harder for users to keep track of what patches they've received, what patch needs manual intervention, and which ones cause issues.

To help system administrators with these confusing issues, Microsoft has published a table yesterday that contains the status of each of the Meltdown and Spectre patches it released since January 3, this year. [...]
Click to expand...

ronjor · Jun 14, 2018

Another day, another Intel CPU security hole: Lazy State

By Steven J. Vaughan-Nichols for Linux and Open Source June 13, 2018
Intel has announced that there's yet another CPU security bug in its Core-based microprocessors
Click to expand...

.

BoerenkoolMetWorst · Jun 14, 2018

I'm curious if this is another one of the 8 Spectre-NG vulnerabilities or something else.

ronjor · Jun 14, 2018

Meltdown-Like 'LazyFP' Vulnerability Impacts Intel CPUs

By Eduard Kovacs on June 14, 2018
Intel and software vendors have started informing users about a new vulnerability involving side channel speculative execution that could be exploited by malicious actors to obtain sensitive information from the targeted system.
Click to expand...

Minimalist · Jun 16, 2018

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

A group of computer science researchers has proposed a way to overcome the security risk posed by speculative execution, the data processing technique behind the Spectre and Meltdown vulnerabilities.

In a paper distributed this week through the ArXiv preprint server, "SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation," computer scientists from University of California, Riverside, College of William and Mary and Binghamton University describe a way to isolate the artifacts produced by speculative execution so that they can't be used to glean privileged data.
Click to expand...

https://www.theregister.co.uk/2018/06/16/speculative_execution_spectre_meltdown/

reasonablePrivacy · Jun 20, 2018

This may be of interest to @itman
https://bsd.slashdot.org/story/18/0...-cpu-hyper-threading-due-to-security-concerns

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs."
Click to expand...

Mailing list message:
https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html

itman · Jun 20, 2018

reasonablePrivacy said: ↑

This may be of interest to @itman
https://bsd.slashdot.org/story/18/0...-cpu-hyper-threading-due-to-security-concerns
Click to expand...

Thanks but I have always used AMD processors.

reasonablePrivacy · Jun 20, 2018

itman said: ↑

Thanks but I have always used AMD processors.
Click to expand...

Yes, but I remember you was suspicious about hyper-threading technology as source of bugs.

BoerenkoolMetWorst · Jun 21, 2018

reasonablePrivacy said: ↑

This may be of interest to @itman
https://bsd.slashdot.org/story/18/0...-cpu-hyper-threading-due-to-security-concerns

Mailing list message:
https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html
Click to expand...

Some details on the vulnerability:
https://www.blackhat.com/us-18/brie...rotecting-your-cpu-caches-is-not-enough-10149

Minimalist · Jun 23, 2018

Some more info:
Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications.
Click to expand...

https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

HempOil Registered Member

guest Guest

WildByDesign Registered Member

emmjay Registered Member

itman Registered Member

JRViejo Super Moderator

itman Registered Member

Minimalist Registered Member

WildByDesign Registered Member

HempOil Registered Member

WildByDesign Registered Member

reasonablePrivacy Registered Member

guest Guest

itman Registered Member

WildByDesign Registered Member

guest Guest

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

Minimalist Registered Member

reasonablePrivacy Registered Member

itman Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

HempOil Registered Member

guest Guest

WildByDesign Registered Member

emmjay Registered Member

itman Registered Member

JRViejo Super Moderator

itman Registered Member

Minimalist Registered Member

WildByDesign Registered Member

HempOil Registered Member

WildByDesign Registered Member

reasonablePrivacy Registered Member

guest Guest

itman Registered Member

WildByDesign Registered Member

guest Guest

ronjor Global Moderator

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

Minimalist Registered Member

reasonablePrivacy Registered Member

itman Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

Useful Searches