Central Processor Unit (CPU) Architectural Design Flaws_update 9/1

CERT.be Advisory

Reference: CERT.be Advisory #2018-001
Version: 2.0
Affected systems: [CPUs (Intel, AMD, Qualcomm), architectures: x86, x86_64, ARM]
Type: [CPU hardware vulnerable to side-channel attacks]

Description

Two new side-channel based attacks, dubbed Meltdown and Spectre, affect the main CPU architectures. While Spectre affects all three major chip makers (Intel, AMD and ARM), AMD claim their processors are immune to Meltdown.

To achieve high performance, modern processors implement several optimization techniques such out-of-order execution (used in Meltdown) or branch prediction (used in Spectre). These mechanisms have side-effects that can be leveraged by attackers to:
• read the content of private kernel memory (Meltdown)
• access information about other processes, including a virtual machine’s host operating system (Spectre).

The issue comes from hardware design choices, and any workaround will have to come at the operating system level.
Systems affected by Meltdown:

- Researchers successfully conducted exploitation on Intel processors. Exploitation on other systems is currently unknown; the research paper doesn’t discard this possibility.
- Desktops, laptops and handheld Intel CPU based devices are all affected.

Systems affected by Spectre:
- Most devices using Intel, AMD or ARM A75 based processors are affected.

Risks

For both vulnerabilities, exploitation can provide access to non-authorized memory pages (user and kernel level).
For both vulnerabilities, the most exposed systems are cloud providers because they present a larger attack surface. The risk for the general public is much lower.
Researchers of the Spectre vulnerability have been able to exploit it using Javascript code. This makes browser-based exploitation of Spectre possible.
Some systems can be vulnerable to both.

Summary

Currently, researchers have identified three vulnerabilities:
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
Devices that are affected:
• Servers
• Workstations
• Laptops
• Cell phones
• Tablets
• Smart TVs
• IoT devices
• Other devices with affected CPUs

Recommended actions

Patch your system(s) as soon as possible.

Vendor-specific links to advisories and patches:
Amazon: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
AMD: https://www.amd.com/en/corporate/speculative-execution
Android: https://source.android.com/security/bulletin/2018-01-01
Apple: https://support.apple.com/en-us/HT208394
ARM: https://developer.arm.com/support/security-update
CentOS: https://lists.centos.org/pipermail/centos-announce/2018-January/date.html
Debian: https://security-tracker.debian.org/tracker/CVE-2017-5754
Fedora Project: https://fedoramagazine.org/protect-fedora-system-meltdown/
Intel: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&l...
Azure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu...
Microsoft: https://portal.msrc.microsoft.com/en-US/eula
Mozilla: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-cla...
Open SUSE: https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00001.html
Qubes: https://www.qubes-os.org/news/2018/01/04/xsa-254-meltdown-spectre/
Red hat: https://access.redhat.com/security/security-updates/#/security-advisorie...
SUSE: http://lists.suse.com/pipermail/sle-security-updates/2018-January/date.html
VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Xen: http://xenbits.xen.org/xsa/advisory-254.html

References

https://www.us-cert.gov/ncas/alerts/TA18-004A
https://meltdownattack.com/
https://spectreattack.com/
https://newsroom.intel.com/news/intel-responds-to-security-research-find...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV18...
https://exchange.xforce.ibmcloud.com/collection/c422fb7c4f08a679812cf119...
https://www.helpnetsecurity.com/2018/01/03/patches-security-flaw-intel-p...
https://support.microsoft.com/en-us/help/4073119/windows-client-guidance...
https://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilitie...