Home Security Fixes rushed out for Intel CPU bugs as embargo collapses
Fixes rushed out for Intel CPU bugs as embargo collapses Featured

Serious security flaws caused by "speculative execution" have been found in Intel CPUs from the Pentium Pro onwards, with multiple research teams being credited with the discoveries.

Software patches have been released by both the Linux kernel team and Microsoft; the Linux patch was released last month, and it was expected that there would be an embargo on releasing details of the bug until 9 January, which is when Microsoft releases its monthly updates. Microsoft released a fix overnight. The company also posted information on how it would be securing its Azure customers.

The bugs have been named Meltdown and Spectre and even have their own logos! A comprehensive account of the vulnerabilities and a Q and A is available here. Some AMD and ARM processors are also vulnerable to Spectre.

The Linux patch did not even include comments in the code, in order to keep details of the bug quiet.

But security by obscurity rarely works and it did not work in this case either. Google justified breaking the embargo, saying: "We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."

Three exploits were described: bounds check bypass, branch target injection and rogue data cache load.

While both Google's Project Zero team and Intel claimed that the bugs affected CPUs from other manufacturers too, AMD was categorical in saying that its processors were not affected. The Project Zero detailed write-up is here.

Intel said in a media statement: "Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits."

But AMD's Tom Lendacky wrote in a post to the Linux kernel mailing list: "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.

"The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

meltdown code

ARM said the majority of its processors were not affected. "The majority of Arm processors are not impacted by any variation of this side-channel speculation mechanism," the company said. It provided a list of the processors that it said were affected.

Linux expert Russell Coker told iTWire in response to queries: "Speculative execution is where when a program branches (eg. an 'if' condition) the CPU starts executing the code on the most likely branch and then discards it if the other branch is taken. The bug MIGHT be something like performing speculative execution without adequate access checks such that a hostile application could have an instruction in what the CPU considers the most likely code path after a branch that accesses some memory and then sees what happens when it runs. AMD CPUs apparently don't have the bug in question."

He said there was a reasonable use case for systems that did not need such kernel security. "A significant portion of Linux systems are single-user workstations. For such a system you have one UID that deals with all the data from the Internet (and is therefore at risk of compromise) which also has access to all secrets (Internet banking passwords, GPG keys, ssh keys, etc).

"On such a single-user workstation the UID in question is generally used to access root via sudo or similar, and therefore an attacker who gets that UID can get root with a little patience and not much skill. For such a single user workstation (like the systems most Linux users have on their desktops) the new kernel won't provide any real benefit."

spectre

Russell said there were some things that could be done to improve security of single-user workstations. "For starters, encourage users to use a different session for tasks that need root access, even CTRL-ALT-F1 to get a text console will do. Programs that need stored passwords or cryptographic keys (such as mail clients, GPG, ssh clients, etc) could use a proxy running under a different UID to store the secret data so a compromise of the main account wouldn't immediately give everything away.

"Such techniques could make regular user compromise on a single-user workstation inadequate to get all access and therefore make kernel security important for single user systems."

But, he added that the way current Linux workstations were used for single users (i.e. one non-root UID that does everything) meant that root access wasn't important for a hostile party. "By getting access to the regular UID of the user they can read all mail, get ssh and GPG keys, read key presses (Internet banking passwords etc), and do everything else they would want to do. For someone running such a system there probably isn't much benefit in installing a patched kernel."

Russell was quick to point out that he was not advocating the avoidance of security patches. "Note that I'm not saying 'don't install security fixes'. I'm just noting that a typical home user Linux system has bigger security problems than the potential of a hostile program finding out address space randomisation information to permit other attacks on the kernel."

He said that from what was currently known about this security flaw there was no solid information on it being directly exploitable and it seemed to be merely a way of permitting other exploits.

"But we should consider the possibility that the researchers who discovered this flaw didn't discover all the possible ways of exploiting it," he added.

"It could be that in a matter of days or weeks someone will come out with a more effective exploit which will make this more serious, i.e. direct root access rather than merely extracting data to help other exploits."

Intel shares took a beating after news of the flaws broke, with a fall of as much as 5.5%, the most since October 2016. AMD surged 8.8% on the news while Nvidia went up by 6.3%.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect