Meltdown and Spectre CPU Vulnerabilities

Adapted from : https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/

https://www.welivesecurity.com/2018/01/08/madiot-nightmare-xmas-meltdown-spectre/

 

By Radame Hernandez

Two serious design vulnerabilities in CPUs were exposed that make it possible, although not always that easy, to steal sensitive, private information such as passwords, photos, perhaps even cryptography certificates in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD.  The scope of the vulnerability is wide-ranging, affecting everything from the ARM processors commonly used in tablets and smartphones to the IBM POWER processors used in supercomputers.

And that is exactly where the problems begin. CPUs made by AMD, ARM, Intel, and probably others, are affected by these vulnerabilities: specifically, ARM CPUs are used in a lot of IoT devices, and those are devices that everybody has, but they forget they have them once they are operating, and this leaves a giant gap for cybercriminals to exploit.

What kind of sensitive data can be stolen from a Wi-Fi-controlled light? Or a smart refrigerator? Or from a digital photo frame? Or from a so called Smart TV? The answer is simple: lots. Think about your Wi-Fi password (which would make it possible for anyone to get onto your local network), your photos (luckily you only put the decent photos on the digital photo frame in your living room, right? Or did you configure it to connect automatically to Instagram or DropBox to fetch your newly-taken pictures?), your credentials to Netflix? Your… Eh… There is a lot of information people nowadays store on IoT devices.

Now, there is a much larger underlying issue. Yes, software bugs happen, hardware bugs happen. The first are usually fixed by patching the software; in most cases the latter are fixed by updating the firmware. However, that is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware.

The issue is that programs running in user-mode address space (the “normal” range of memory in which application software, games and the like run) on a computer can infer or “see ” some of the information stored in kernel-mode address space (the “protected” range of memory used to contain the operating system, its device drivers, and sensitive information such as passwords and cryptography certificates).

It is not feasible, in fact not even possible, to replace all CPUs in all devices. It would be too costly. In the real world, people will keep their existing devices until those devices reach the end of their lifecycles. So for years to come, people will have households with vulnerable devices.

Luckily, with cooperation between the suppliers of modern operating systems and the hardware vendors responsible for the affected CPUs, the Operating Systems can be patched, and complemented if necessary with additional firmware updates for the hardware. Additional defensive layers preventing malicious code from exploiting the holes – or at least making it much harder – are an “easy” way to make your desktop, laptop, tablet and smartphone devices (more) secure. Sometimes this happens at the penalty of a slowdown in device performance, but there’s more to security than obscurity and sometimes you just have to suck it up and live with the performance penalty. To be secure, the only other option is either to replace the faulty hardware (in this case, there is noreplacement yet) or to disconnect the device from the network, never to connect it again (nowadays not desirable or practical).

Fixes to prevent user-mode programs from “peering inside” kernel-mode memory are being introduced by operating system vendors, hypervisor vendors and even cloud computing companies, but it appears the initial round of patches will slow down operating systems to some extent. But, hey is better being slow than hacked.

Affected Vendors

Here is a list of affected vendors and their respective advisories and/or patch announcements:

Vendor	Advisory/Announcement
Amazon (AWS)	AWS-2018-013: Processor Speculative Execution Research Disclosure
AMD	An Update on AMD Processor Security
Android (Google)	Android Security Bulletin—January 2018
Apple	HT208331: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan HT208394: About speculative execution vulnerabilities in ARM-based and Intel CPUs
ARM	Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
ASUS	ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Azure (Microsoft)	Securing Azure customers from CPU vulnerability Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities
Chromium Project	Actions Required to Mitigate Speculative Side-Channel Attack Techniques
Cisco	cisco-sa-20180104-cpusidechannel – CPU Side-Channel Information Disclosure Vulnerabilities
Citrix	CTX231399: Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Debian	Debian Security Advisory DSA-4078-1 linux — security update
Dell	SLN308587 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products SLN308588 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)
Dragonfly BSD	Intel Meltdown bug mitigation in master
F5 Networks	K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
FreeBSD	FreeBSD News Flash
Google’s Project Zero	Reading Privileged Memory with a Side-Channel
HPE	Side Channel Analysis Method allows information disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) HPESBHF03805 – Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
Huawei	Security Notice – Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design
IBM	Potential CPU Security Issue Potential Impact on Processors in the POWER Family
Intel	INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Juniper	JSA10842: 2018-01 Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Lenovo	Lenovo Security Advisory LEN-18282: Reading Privileged Memory with a Side Channel
Microsoft	Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities Windows Client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities Windows Server guidance to protect against speculative execution side-channel vulnerabilities SQL Server Guidance to protect against speculative execution side-channel vulnerabilities Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Mozilla	Mozilla Foundation Security Advisory 2018-01: Speculative execution side-channel attack (“Spectre”)
NetApp	NTAP-20180104-0001: Processor Speculated Execution Vulnerabilities in NetApp Products
nVidia	Security Notice ID 4609: Speculative Side Channels Security Bulletin 4611: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels Security Bulletin 4613: NVIDIA Shield TV Security Updates for Speculative Side Channels
Qubes OS	Announcement regarding XSA-254 (Meltdown and Spectre attacks)
Raspberry Pi Foundation	Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
Red Hat	Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
SUSE	SUSE Linux security updates CVE-2017-5715 SUSE Linux security updates CVE-2017-5753 SUSE Linux security updates CVE-2017-5754
Synology	Synology-SA-18:01 Meltdown and Spectre Attacks
Ubuntu	Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
VMware	NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution
Xen	Advisory XSA-254: Information leak via side effects of speculative execution

 

For many years, processor manufacturers – such as Intel – have been able to fix flaws in processor architecture through microcode updates, which write an update to the processor itself to fix a bug.  For a – so far unannounced – reason or reasons, this vulnerability may not be fixable this way in Intel processors, so instead, operating system manufacturers have collaborated with Intel to release patches for the vulnerabilities.

Intel’s security advisory, INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method, lists forty-four (44) affected families of processors, each of which can contain dozens of models.  ARM Limited has released an advisory titled Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism that currently lists ten (10) affected models of processor.

CERT has issued the following Vulnerability Note: CERT Vulnerability Note VU#584653, CPU hardware vulnerable to side-channel attacks
US-CERT has issued a Technical Advisory as well: US-CERT Alert (TA18-000FA): https://www.us-cert.gov/ncas/alerts/TA18-004A

FiRa IT Services recommendation

The solution for these vulnerabilities is to keep your internet ready devices updated to the latest released patches. Apply the updates as soon as possible or call your IT expert to work on this topic ASAP.

If you are one of FiRa IT Services Managed Services Customer, you can have peace of mind since all equipment under our agreement will be update and or patched accordingly.

If you do not have a Managed Services Contract with us, we recommend you to call to schedule an appointment immediately. This is a serious topic that hacker will be exploiting as much as possible before it get completely fixed.