Info Meltdown and Spectre Vulnerabilities Information

Page 18 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965


What I stated it completely accurate, and not "Again, wrong." The history of the architecture is proof of the facts not counting the wiki reference. While there might be minor architectural changes/improvements, which involve different IP at smaller nodes, the whole of the architecture was not redesigned!

And you're grossly wrong about Intel maintaining its performance lead mainly thanks to the process.
Your words not mine!
Intel has leveraged a process lead over AMD for ~20 years to help create and maintain a performance gap.
My exact words!
This has become off topic, and this will be my last response on the subject.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
It's not about Meltdown or Spectre, but it is a serious security vulnerability recently patched by Microsoft. Make sure you update!
by Brandon Hill — Wednesday, May 09, 2018
This Major Windows Security Flaw Is Being Exploited Right Now As Microsoft Pushes A Patch

For those that remember, this is the Double Kill exploit that Qihoo 360 Core Security described late last month, but it now has an official designation: CVE-2018-8174. According to Microsoft, there is a flaw in the way that the VBScript engine that allows for remote code execution. Microsoft goes on to confirm the that is exploit is pretty nasty, writing:

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The bad news, however, is that this security flaw can force Internet Explorer to load -- even if it is not the default browser -- and that it is already being actively exploited.
https://hothardware.com/news/this-major-windows-security-flaw-is-being-exploited-right-now#gTYaCmQbQlUARPbZ.99
 
New Rowhammer vulnerabilities: Now requires just Ethernet packets:

https://arstechnica.com/information-technology/2018/05/attackers-trigger-rowhammer-bit-flips-by-sending-network-packets-over-a-lan/

Funny we've gone full circle now: OS's are secure enough where it's far easier to hit the hardware directly.
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965


It's a never ending cycle!
 


Yep! Case in point, am I the only person who's figured out "the cloud" is really just us going back to the mainframe concept? You run in circles just to wind up back where you started.

That being said, hardware based vulnerabilities are going to be huge problem going forward now that people are looking in that direction.
 
There's one added element to the old "Mainframe" concept that is usually drawn as parallel to the "Cloud": expansible.

Most "cloud oriented" technologies are now made to scale indefinitely until you run out of hardware and resource utilization is, supposedly, better administrated. I think the "phantom" benefit (I personally don't like this one) is you can move it wherever you want/need with relative simplicity if built as PaaS. This has pro's and con's in the real implementations, but it's up to the Organization Enterprise Architects to give a clear steer for this.

Cheers!
 

Eximo

Titan
Ambassador
Mainframe vs cloud, even back then many companies had their own mainframe. But that concept never really went away with Citrix or VDI. BYOD also saw a resurgence of mainframe style systems.

Cloud is more like concentrating expertise. Why have 10,000 mediocre system admins when you can have 100 really good ones. Not really how it works in practice, but to general concept is there. It does simplify disaster recovery policies, physical security, etc for small businesses.

The only real problem I've run into is getting two cloud providers to talk to each other. Most make your site the bridge which adds a lot of latency.
 

YoAndy

Reputable
Jan 27, 2017
1,277
2
5,665
With regard to the Spectre-Meltdown situation, Krzanich(Intel's CEO)said he was proud of the way the company and the industry had handled the situation "with transparency." New processors with a hardware fix for the security issues will be out later this year, he promised. And Finally, chip design guru Jim Keller has joined Intel as a senior veep for silicon engineering
 

goldstone77

Distinguished
Aug 22, 2012
2,245
14
19,965
Alert (TA18-141A)
Side-Channel Vulnerability Variants 3a and 4
Original release date: May 21, 2018

Overview
On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.

Description
CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to

Read arbitrary privileged data; and
Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

Variant 1: Bounds Check Bypass – CVE-2017-5753
Variant 2: Branch Target Injection – CVE-2017-5715
Variant 3: Rogue Data Cache Load – CVE-2017-5754
Variant 3a: Rogue System Register Read – CVE-2018-3640
Variant 4: Speculative Store Bypass – CVE-2018-3639
Impact
Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.
https://www.us-cert.gov/ncas/alerts/TA18-141A

Also,
“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms
5/21/18

Today, Microsoft and Google Project Zero researchers have identified a new category of speculative execution side channel vulnerability (Speculative Store Bypass or SSB) that is closely related to the previously disclosed GPZ/Spectre variant 1 vulnerabilities. Microsoft has released an advisory on the vulnerability and mitigation plans.

AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). For technical details, please see the AMD whitepaper. Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.

Based on the difficulty to exploit the vulnerability, AMD and our ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation.

We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.

As a reminder, security best practices of keeping your operating system and BIOS up-to-date, utilizing safe computer practices and running antivirus software are always the first line of defense in maintaining device security.
https://www.amd.com/en/corporate/security-updates

AMD's White Paper
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

ARM
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Redhat
https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works
 

aldaia

Distinguished
Oct 22, 2010
533
18
18,995


It requires replacing the hypervisor by a "evil hypervisor".
https://en.wikipedia.org/wiki/Hypervisor
 


As I understand it, the issue here is the vulnerability will allow information to leak from OUTSIDE the affected hypervisor.
 


"So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a second guest on the same machine."

Well, I didn't RTFA originally, but now I have. You do need access to the hypervisor, so this is similar-ish to the other vulnerabilities found by that Company I already forgot about... Like... Literally forgot about xD

EDIT: This is not to say it's not a problem for AMD. The way they've marketed SEV is to protect scenarios where the machines and hosts OS'es might be exposed to 3rd parties (think "rogue" technicians or very angry/frustrated tech-ops with a red eye for revenge, haha) in a way that should make the data inside those VMs safe to snoops. So far, they've found several holes, so AMD better fix them.

Cheers!
 


Been waiting for this one.

AMD may or may not be hit by this; depends how they're managing the L1/TLB under the hood. In any case, this problem is fixable: Simply don't share the L1/TLB on HTT cores; this is likely a legacy design choice from the Core M [pre-HTT] days that Intel never needed to address before now.

I've been saying it for a while: It's time to retire Core. There's a ton of legacy problems that are starting to show, and Intel is NEVER going to address them all by fixing them one by one. They have to design a new CPU with security in mind.
 


My cynical self is saying "but that costs a lot of money!".

Cheers!
 
Status
Not open for further replies.