'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. guest

    guest Guest

    Unless modern CPU design changes significantly, side-channel attack vectors aren't going anywhere
    New research suggests CPU design has to change
    February 17, 2019
    https://www.techspot.com/news/78788-unless-modern-cpu-design-changes-significantly-side-channel.html
    White paper: "Spectre is here to stay - An analysis of side-channels and speculative execution" (PDF - 387 KB): https://arxiv.org/pdf/1902.05178.pdf
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    Is this about enhancing collaboration between companies in industry when many products needs patches or about silencing/limiting what researchers can say? I don't think it is positive in later case.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I hope it's the first one also.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware
    https://www.theregister.co.uk/2019/02/27/spectre_malware_invisible/
     
  5. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,933
    Location:
    UK
  6. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    509
    Location:
    Bulgaria
  7. guest

    guest Guest

    AMD addresses Spoiler vulnerability: Ryzen users are safe from this one
    March 18, 2019
    https://www.techspot.com/news/79234-amd-addresses-spoiler-vulnerability-ryzen-users-safe-one.html
     
  8. guest

    guest Guest

    Intel finally issues Spoiler attack alert: Now non-Spectre exploit gets CVE but no patch
    No patch for Spoiler attack affecting all Intel chips, but a security advisory gives it an official CVE identifier
    April 10, 2019

    https://www.zdnet.com/article/intel...ow-non-spectre-exploit-gets-cve-but-no-patch/
     
  9. guest

    guest Guest

    A year with Spectre: a V8 perspective
    April 23, 2019
    https://v8.dev/blog/spectre
     
  10. guest

    guest Guest

    New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011
    May 14, 2019
    https://www.macrumors.com/2019/05/14/zombieload-intel-chip-vulnerability/
    White paper: "ZombieLoad: Cross-Privilege-Boundary Data Sampling" (PDF - 687 KB): https://zombieloadattack.com/zombieload.pdf
     
    Last edited by a moderator: May 14, 2019
  11. guest

    guest Guest

    Intel CPUs Impacted By New Class of Spectre-Like Attacks
    May 14, 2019
    https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Last edited: May 15, 2019
  13. ZMsiXone

    ZMsiXone Registered Member

    Joined:
    Mar 30, 2017
    Posts:
    326
    Location:
    EUROPE/poland/germany
    List of MDS Speculative Execution Vulnerability Advisories & Updates (Redhat, Microsoft, Intel, Apple, ..., ..., ...)

    https://www.bleepingcomputer.com/ne...ecution-vulnerability-advisories-and-updates/
     
  14. guest

    guest Guest

    How to check if your Windows or Linux system is vulnerable to Microarchitectural Data Sampling (MDS) attacks
    May 15, 2019
    https://betanews.com/2019/05/15/check-if-vulnerable-to-microarchitectural-data-sampling-mds-attacks/
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Note that if you want full protection, updating OS and microcode is not enough, you need to disable SMT/HT.

    Note that you don't need these tools. You can also use the same tools as with older side channel vulnerabilities. On Windows, MS has updated SpeculationControl Powershell Script/module(https://www.powershellgallery.com/packages/SpeculationControl/1.0.13), and on Linux, you can use spectre-meltdown-checker(https://github.com/speed47/spectre-meltdown-checker/releases).
     
  16. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
  19. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    509
    Location:
    Bulgaria
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    These guys are good :thumb:

    How they discovered the leaks https://mdsattacks.com/images/patents.jpg Hiding in plain sight :D

    *

    I just ran the MDS test tool on a Vista PC & on my new W10 PC. Vista shows an error & couldn't run ! I don't know if that's good or not ? W10 is mixed, but shows some immunity :p

    MDS Vista.png

    *

    MDS W10.png
     
  21. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Can anyone please advise me as to how I can plug the holes identified by these tools (my green highlights in the first screen capture)? Other than keeping Windows up to date with the latest cumulative updates, I applied the registry tweaks found in this article under the section called:

    "To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) with Hyper-Threading disabled"


    Powershell.png MDSTool1.png MDSTool2.png
     
  22. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    For those with a Mac, Apple released macOS Mojave 10.14.5 on Tuesday 5/14 which includes additional mitigations to protect against speculative execution vulnerabilities in Intel CPUs.

    However, Apple does not disable hyper-threading by default in response to the Microarchitectural Data Sampling (MDS) vulnerabilities. For those that do wish to fully disable hyper-threading and implement the full mitigation for MDS attacks, then you can follow the steps outlined in their linked support article and listed below...

    How to enable full mitigation for MDS in macOS
    To enable full mitigation of MDS after installing security updates, start your Mac in macOS Recovery and then enter commands in the Terminal app.
    1. Turn on or restart your Mac and immediately press and hold Command (⌘)-R or one of the other macOS Recovery key combinations on your keyboard.
    2. From the Utilities menu in the menu bar, choose Terminal.
    3. Type the following two commands, one at a time, at the Terminal prompt. Press Return after each one.
      • nvram boot-args="cwae=2"
      • nvram SMTDisable=%01
    4. From the Apple menu , choose Restart.
    How to revert the mitigation and reenable hyper-threading
    To revert the mitigation and reenable hyper-threading processor technology, reset NVRAM and restart your Mac.
    If you previously set custom boot-args, you will need to add those boot-args to the nvram command.
    Note: The full mitigation is not enabled while using Boot Camp to run Windows on a Mac.

    How to check the status of hyper-threading in macOS
    You can check if hyper-threading is enabled or disabled in the System Information app.
    Choose Apple menu  > About This Mac, then click the System Report button. Then select Hardware in the sidebar. If the processor in your Mac supports hyper-threading, Hyper-Threading Technology is shown as either Enabled or Disabled.
     
  23. ZMsiXone

    ZMsiXone Registered Member

    Joined:
    Mar 30, 2017
    Posts:
    326
    Location:
    EUROPE/poland/germany
    How to protect your devices against the ZombieLoad attack

    https://www.techradar.com/how-to/how-to-protect-against-the-zombieload-attack

     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I'm not sure if the second tool works correctly. For me on Windows 7, under L1 Terminal Fault, it shows SMT as Vulnerable. But under Microarchitectural Data Sampling it shows SMT as Unaffected. Apart from the fact that afaik it should be either Vulnerable or Affected for both, the Intel CPU on this machine doesn't even support Hyperthreading.

    Regarding the first tool, it looks like the options that are shown as False are due to your PC missing microcode updates.
    Only KVAShadowPcidEnabled is different. It is also not related to security, it is a performance optimization for one of the migitations, but this optimization is only possibles on newer CPU's with hardware support.
     
  25. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Thanks for the feedback. I know that I am waiting for Microsoft to incorporate an Intel MDS microcode update into an upcoming Windows 10 (1809) update. However, afaik, SSBD should be mitigated and yet it is not. My CPU is a Core i7-2630QM (Sandy Bridge). I wonder if that has something to do with it?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.