'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

I'm not quite sure. This site explains site isolation in Firefox.

 

Thanks.
Just tested with 4 Google tabs and there are 4 separate processes:
Screenshot.

 

Thanks will do some reading.

 

New batch of CPU vulnerabilities:
1) Researchers at VU Amsterdam have discovered Spectre-BHB, pertaining
to the use of Branch History between privilege levels.

ARM have assigned CVE-2022-23960. Intel have assigned CVE-2022-0001
(Branch History Injection) and CVE-2022-0002 (Intra-mode BTI). AMD
have no statement at the time of writing.

For more details, see:
https://vusec.net/projects/bhi-spectre-bhb
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html

2) Researchers at Open Source Security, Inc. have discovered that AMD
CPUs may speculate beyond direct branches.

AMD have assigned CVE-2021-26341.

For more details, see:
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

3) Researchers at Intel have discovered that previous Spectre-v2
recommendations of using lfence/jmp is incomplete.

AMD have assigned CVE-2021-26401.

For more details, see:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
Source:
https://xenbits.xen.org/xsa/advisory-398.html

 

Note that Intel 4th and 5th generation CPU's(Haswell and Broadwell) no longer get Microcode updates. Intel's overview of CPU vulnerabilities(https://www.intel.com/content/www/u...-affected-consolidated-product-cpu-model.html) also listed EOL CPU's earlier, with also the end of support date specified. However, everything below 6th generation is no longer shown in the overview, and the overview mentions it only shows currently supported products.

It's a shame they don't list unsupported CPU's anymore, as now you can't see if they're vulnerable to a new attack.

 

I totally agree!

 

New Intel vulnerabilities:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html

There is also a new 'Hertzbleed' attack affecting both AMD and Intel:
https://www.phoronix.com/scan.php?page=news_item&px=Hertzbleed

 

Retbleed: Arbitrary Speculative Code Execution with Return Instructions

https://comsec.ethz.ch/research/microarch/retbleed/

AMD and Intel documentation:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
https://www.intel.com/content/www/u...y-guidance/return-stack-buffer-underflow.html

 

Note that to get complete protection when using Windows on AMD, you need to set registry keys:
https://support.microsoft.com/en-us...bilities-35820a8a-ae13-1299-88cc-357f104f5b11

 

There are so many speculative execution bugs and mitigations for them, some not enabled by default, that somebody can write a book about it...

 

There's more..
Apparently Microsoft only released a patch for the Intel MMIO vulnerabilities for server versions last year. Last month they released a patch for consumer versions, but you have to download it manually:
https://www.bleepingcomputer.com/ne...windows-security-updates-for-intel-cpu-flaws/

 

At the end of article they also state this:

That's probably why updates were no applied automatically.

 

https://techxplore.com/news/2023-04-side-channel-vulnerability-intel-cpu.html

 

AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Processors, Patches Coming

https://www.tomshardware.com/news/z...t-from-amds-zen-2-processors-patches-released

Fixes on Linux:
https://www.phoronix.com/news/Linux-Mitigate-Zenbleed
Fixes on Xen:
https://xenbits.xen.org/xsa/advisory-433.html

 

Zenbleed is fixed in August update for Windows, but you need to enable registry key to be fully protected:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-20569
https://support.microsoft.com/en-us...bilities-35820a8a-ae13-1299-88cc-357f104f5b11
It doesn't look like Microsoft supplies the microcode update.

 

Also another Intel vulnerability:
https://downfall.page/

 

And AMD as well:
AMD 'Inception' Vulnerability Affects Zen 3 and 4

https://www.tomshardware.com/news/amd-inception-vulnerability-affects-zen-3-and-4

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html

2 notes:
-AMD only announced AGESA updates for consumer CPU's. So you have to wait for a BIOS update. Separate microcode updates have been announced and released only for Epyc server CPU's so far.
-Accoirding to AMD, Zen 1 and 2 are not vulnerable, but they are according to the researchers.

 

Microsoft Offers Instructions to Disable Downfall Mitigations on Windows

https://www.tomshardware.com/news/m...ns-to-disable-downfall-mitigations-on-windows

 

- AMD had a vulnerability Zen 1 CPU's in September Divide speculative information leak, no microcode updates necessary: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
- Intel had the Reptar vulnerability in November 2023, microcode updates have been released: https://www.securityweek.com/new-in...r-can-allow-dos-attacks-privilege-escalation/
- Another Intel vulnerability last week Register File Data Sampling (RFDS) in Intel Atom cores. Note that this does not only affect Atom CPU's, but also other CPU's which use Atom cores as E cores. Microcode updates have been released: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
As usual, an overview of affected Intel processors and updates can be found here:
https://www.intel.com/content/www/u...-affected-consolidated-product-cpu-model.html
(As mentioned earlier (https://www.wilderssecurity.com/thr...-windows-redesign.399338/page-54#post-3082614), CPU's that are no longer supported with microcode updates are not shown in this overview. Intel mentions somewhere these CPU's are also not even tested to see if they're affected.
Some Haswell/Skylake CPU's are still supported (Mostly Xeon). For mobile consumer products even 8th gen is now unsupported: https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html

 

It's also unclear to me if Microsoft still distributes microcode updates for Windows like they did in the past. For example in the Downfall article, they only refer to obtaining the update from your OEM: https://support.microsoft.com/en-us...22-40982-d461157c-0411-4a91-9fc5-9b29e0fe2782

 

Since Windows is also vulnerable to the new Spectre v2 attack, I'll link this thread here:
https://www.wilderssecurity.com/thr...ble-to-spectre-v2-attacks-09-apr-2024.453909/