Central Processor Unit (CPU) Architectural Design Flaws 4.0

Reference: CERT.be Advisory #2018-001
Version: 4.0
Affected systems: CPUs (Intel, AMD, Qualcomm, IBM), architectures: x86, x86_64, ARM, System Z
Type: CPU hardware vulnerable to side-channel attacks

Description

Full description: see previous advisory.
https://cert.be/docs/central-processor-unit-cpu-architectural-design-fla...

Update 22/05/2018

New variants have been discovered :
• CVE-2018-3639: Speculative Store Bypass (variant 4), which is a similar Spectre variant that takes advantage of speculative execution that modern CPUs use to potentially expose sensitive data through a side channel.
• CVE-2018-3640 : Rogue System Register Read (variant 3a): It is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
“..Speculative execution design errors can be exploited by malicious software running on a vulnerable computer, or a malicious actor logged into the system, to trick the CPU into revealing sensitive information, like passwords and encryption keys, stored in system memory and the kernel..”
Intel has classified Variant 4 as "medium risk" because many of the exploits that Speculative Store Bypass attack would use were fixed by browsers like Safari, Edge, and Chrome during the initial set of patches.

Recommended actions

CERT.be recommends you to install the patches once available :
• AMD: https://www.amd.com/en/corporate/security-updates
• ARM: https://developer.arm.com/support/arm-security-updates/speculative-proce...
• Intel: https://newsroom.intel.com/editorials/addressing-new-research-for-side-c...
• Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV18...
• Red hat: https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-i...

References

https://www.us-cert.gov/ncas/alerts/TA18-141A
https://thehackernews.com/2018/05/fourth-critical-spectre-cpu-flaw.html