Info Meltdown and Spectre Vulnerabilities Information

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.


But security researchers already demonstrated AMD CPUs are vulnerable. Further info in the spectreattack and meltdownattack sites. Also available on Google security blog entry of yesterday:

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Click to expand...

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html?m=1
 
Linus being brutal is a sight for sore eyes.

I wonder if the hardcore developers that actually have the ears of the management line will actually listen to him this time, so Companies put some pressure onto Intel.

Also, I wonder when the first lawsuit against Intel will appear. Big Cloud-oriented data centers I'm sure are pissed off at this, since it's a publicity catastrophe for them. Also, a wake up call for companies that put all their eggs in cloud-based solutions.

Sometimes, brown stuff needs to hit the fan for people to realize the simplest of things.

Cheers!
 


Yes, I did read it, and that is why I included the whole paragraph. I highlight the reasons Ryzen use in their statements that they are secure. This is a cyber security lab using non public information trying to employ these exploits. Their toy experiment showed a vulnerability, but the lab was unsuccessful in exploiting the vulnerability on AMD and ARM processors. They were successful on Intel processors, which led to the windows and linux patch.
3 A Toy Example
In this section, we start with a toy example, a simple
code snippet, to illustrate that out-of-order execution can
change the microarchitectural state in a way that leaks
information. However, despite its simplicity, it is used as
a basis for Section 4 and Section 5, where we show how
this change in state can be exploited for an attack.
Click to expand...

Edit: AMD's statement addressing this
"Our CPUs don't speculate using memory references pointing to locations restricted to higher privilege levels than the running code"
Click to expand...
 


The Project Zero researchers discovered three methods (variants) of attack, which are effective under different conditions. All three attack variants can allow a process with normal user privileges to perform unauthorized reads of memory data, which may contain sensitive information such as passwords, cryptographic key material, etc.
Click to expand...

https://www.amd.com/en/corporate/speculative-execution
AMD response:
It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:

The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
The described threat has not been seen in the public domain.
When AMD learned that researchers had discovered a new CPU attack targeting the speculative execution functionality used by multiple chip companies’ products, we immediately engaged across the ecosystem to address the teams’ findings.

The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details.
Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.
Click to expand...

Edit: Note that all the information pertaining to the blog is located here https://spectreattack.com/
 
Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks

Code: 
AMD	Affected	-	03 Jan 2018
Apple	Affected	-	03 Jan 2018
Arm	Affected	-	03 Jan 2018
Google	Affected	-	03 Jan 2018
Intel	Affected	-	03 Jan 2018
Linux Kernel	Affected	-	03 Jan 2018
Microsoft	Affected	-	03 Jan 2018
Mozilla	Affected	-	03 Jan 2018

https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.
Click to expand...
 
First Spectre patches for AMD are also being developed:

An update that fixes one vulnerability is now available.

Description:

This update for kernel-firmware fixes the following issues:

- Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)

This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).
Click to expand...

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
 
Google, ARM, Microsoft Issue Statements Regarding Discovered Security Flaws

ARM
This method requires malware running locally and could result in data being accessed from privileged memory. Our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted.

Google
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system's memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running them.

As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google's systems and our users' data. We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web. These efforts have included collaborative analysis and the development of novel mitigations.

We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation. The full Project Zero report is forthcoming.

Microsoft
We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.
Click to expand...
 
https://spectreattack.com/spectre.pdf
8 Conclusions and Future Work
The feasibility of exploitation depends on a number
of factors, including aspects of the victim CPU and software
and the adversary’s ability to interact with the victim.
While network-based attacks are conceivable, situations
where an attacker can run code on the same CPU as
the victim pose the primary risk. In these cases, exploitation
may be straightforward, while other attacks may depend
on minutiae such as choices made by the victim’s
compiler in allocating registers and memory. Fuzzing
tools can likely be adapted by adversaries to find vulnerabilities
in current software.
As the attack involves currently-undocumented hardware
effects, exploitability of a given software program
may vary among processors. For example, some indirect
branch redirection tests worked on Skylake but not on
Haswell. AMD states that its Ryzen processors have “an
artificial intelligence neural network that learns to predict
what future pathway an application will take based
on past runs” [3, 5], implying even more complex speculative
behavior. As a result, while the stop-gap countermeasures described in the previous section may help
limit practical exploits in the short term, there is currently
no way to know whether a particular code construction
is, or is not, safe across today’s processors – much less
future designs.
A great deal of work lies ahead. Software security
fundamentally depends on having a clear common understanding
between hardware and software developers
as to what information CPU implementations are (and
are not) permitted to expose from computations. As a result,
long-term solutions will require that instruction set
architectures be updated to include clear guidance about
the security properties of the processor, and CPU implementations
will need to be updated to conform.
More broadly, there are trade-offs between security
and performance. The vulnerabilities in this paper, as
well as many others, arise from a longstanding focus in
the technology industry on maximizing performance. As
a result, processors, compilers, device drivers, operating
systems, and numerous other critical components have
evolved compounding layers of complex optimizations
that introduce security risks. As the costs of insecurity
rise, these design choices need to be revisited, and in
many cases alternate implementations optimized for security
will be required.
Click to expand...
I believe this is why AMD claims a near zero chance of exploit.
As the attack involves currently-undocumented hardware
effects, exploitability of a given software program
may vary among processors.
Click to expand...
AMD states that its Ryzen processors have “an
artificial intelligence neural network that learns to predict
what future pathway an application will take based
on past runs” [3, 5], implying even more complex speculative
behavior. As a result, while the stop-gap countermeasures described in the previous section may help
limit practical exploits in the short term, there is currently
no way to know whether a particular code construction
is, or is not, safe across today’s processors – much less
future designs.
Click to expand...
 


Malicious Spectre code has already been run on AMD CPUs.

Experiments were performed on multiple x86 processor architectures, including Intel Ivy Bridge (i7-3630QM), Intel Haswell (i7-4650U), Intel Skylake (unspecified Xeon on Google Cloud), and AMD Ryzen. The Spectre vulnerability was observed on all of these CPUs.
Click to expand...

A fix for linux kernel has discussed in a former post from mine. The fix consist on disabling branch prediction on Zen CPUs.
 


That is a fix for:
Spectre Attack named side channel attack
Click to expand...
https://www.suse.com/security/cve/CVE-2017-5715/
 
Intel Hit With Three Class Action Lawsuits Related to Security Vulnerability
Alex Cranz
4 minutes ago
Plaintiffs in three different states disagree. As Law.com first noted, a class action complaint was filed January 3rd in United States District Court for the Northern District of California. Since then Gizmodo has found two additional class action complaints filed today (just eleven minutes apart)—one in the District of Oregon and another in the Southern District of Indiana.

All three complaints cite the security vulnerability as well as Intel’s failure to disclose it in a timely fashion. They also cite the supposed slowdown of purchased processors. However that is still up for debate. In a press release today, Intel claimed it has “issued updates for the majority of processor products introduced within the past five years.” Moreover, it says the performance penalty is not as significant as The Register initially claimed.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.

This claim—of things not being as dire as they seemed—was seconded by Google today. In a post on its Security Blog, Google claimed “we have found that microbenchmarks can show an exaggerated impact,” which seems to suggest that localized attempts to benchmark affected processors before and after the fix has been applied may not yield reliable results.
Click to expand...

You can read the class action lawsuits in their entirety on the website.
 
UHNhnKS.png

https://www.amd.com/en/corporate/speculative-execution

AMD adds a new graphic to the security update page.
Information Security is a Priority at AMD
Click to expand...
I think they are trying to say something here!
 


I don't know, it's too early to tell I think. Once there are enough independent assessments of the impact I think we can make a bigger judgement call on possible market share repercussions. I think they definitely have a feather in their cap and they will be waving it as hard as they can!
 


Well it most certinaly won't hurt Amd any either they will jump to Arm or Amd no way would they continue to buy newer Intel CPU's until this is fixed at a hardware level.

These "kernel patches" can and will be targeted and hackers know they are their and they know where to look. I see Arm benefiting from this more then Amd even.
 
I'm surprised nobody has commented on this:

This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).
Click to expand...

Is there some reason we don't believe that disabling branch prediction is going to plant a tremendous foot on the back of performance? I mean, the whole POINT of branch prediction IS increased performance, right? I think there are probably a LOT of little tidbits like this that are likely important, but are not getting the kind of publicity that some of these other stunts and statements are getting due to simply being overlooked.

I mean, great, you removed the problem. Maybe. But you completely removed branch prediction from ALL ZEN processors, so how's that not going to seriously affect performance? Or am I reading this wrong?
 
https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html
An update that fixes one vulnerability is now available.

Description:

This update for ucode-intel fixes the following issues:


The CPU microcode for Haswell-X, Skylake-X and Broadwell-X chipsets was
updated to report both branch prediction control via CPUID flag and
ability to control branch prediction via an MSR register.

This update is part of a mitigation for a branch predictor based
information disclosure attack, and needs additional code in the Linux
Kernel to be active (bsc#1068032 CVE-2017-5715)

Note from the SUSE Security Team
SUSE is aware of the Spectre Attack named side channel attack and will be publishing updates.
https://www.suse.com/security/cve/CVE-2017-5715/
 


You would think this would have an impact on performance, but hard to say to what extent. Branch prediction is a guess at what information might be needed. I'm sure we will have more benchmarks in the coming days.

Edit:
Benchmarks are coming!
https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/998991-google-makes-disclosure-about-the-cpu-vulnerability-affecting-intel-amd-arm/page5
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom