Intel Responds to Spectre-Like Flaw In CPUs
Intel acknowledged that its processors are vulnerable to another dangerous speculative execution side channel flaw that could give attackers unauthorized read access to memory.
The new vulnerability, disclosed by Google Project Zero and Microsoft’s Security Response Center, is called Variant 4, and potentially enables attackers to read privileged data across trust boundaries. That’s similar to two side channel analysis vulnerabilities, Meltdown and Spectre, Intel faced earlier this year in its server and desktop processors.
Variant 4 (CVE-2018-3639) is also a side channel analysis security flaw, but it uses a different process to extract information, and the most common use is in web browsers.
“Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, said in a post on Monday. “In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.”
Almost 50 Intel processor brands are impacted by the newest vulnerability, including Intel’s Atom, Core and Xeon lineups. However, the chip company said it hasn’t seen any real-world exploits of the new variant. Intel also disclosed a Rogue System Register Read vulnerability (CVE-2018-3640) called Variant 3a.
Variant 4, similar to other Spectre vulnerabilities, stems from a glitch in Intel-based products. Essentially microprocessors use speculative execution and speculative execution of memory to read before the addresses of all prior memory writes are known. This enables an attacker with local user access using a side-channel analysis (aka Variant 4) to gain unauthorized disclosure of information.
Google Project Zero’s Jann Horn and Microsoft’s Ken Johnson first reported Variant 4.
Horn said in a post that he first set on track to discovering Variant 4 after noticing Intel’s Optimization Manual (in section 2.4.4.5, regarding “memory disambiguation”) said that:
“A load instruction micro-op may depend on a preceding store. Many microarchitectures block loads until all preceding store address are known.
The memory disambiguator predicts which loads will not depend on any previous stores. When the disambiguator predicts that a load does not have such a dependency, the load takes its data from the L1 data cache. Eventually, the prediction is verified. If an actual conflict is detected, the load and all succeeding instructions are re-executed.”
After further experiments, Horn said this effect can be used to cause speculative execution to “continue far enough to execute a Spectre-style gadget on a pointer read from a memory slot to which a store has been speculatively ignored.”
Essentially, Horn found that Variant 4 could be exploited by program scripts in order to access data stored elsewhere in a program – enabling attackers running a script in a browser to read data from another browser tab.
In a security advisory, Microsoft said that the new variant could allow an attacker to read privileged data across trust boundaries, and can be exploited through vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.
“In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of CVE-2018-3639,” said Microsoft. “However, Microsoft Edge, Internet Explorer, and other major browsers have taken steps to increase the difficulty of successfully creating a side channel.”
Intel rated the new vulnerability as a “moderate” risk because starting in January most leading browser providers – like Safari, Edge and Chrome – all patched for Meltdown in their managed runtimes, and “these mitigations are also applicable to variant 4 and available for consumers to use today,” Intel said.
However, the company said it will still release a full mitigation option in the coming weeks to “prevent this method from being used in other ways.”
Vendor Mitigations
An array of vendors have responded to Variant 4. Red Hat said in a post that “Red Hat Product Security is aware of this issue. Updates will be released as they become available.”
AMD recommended customers check for mitigations being provided by operating system updates back to its Bulldozer lineup: “Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process,” it said in an advisory. “Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.”
ARM stressed that the majority of its processors are not impacted by any side-channel flaw variant; however, several specific models, including Cortex-A17 and Cortex-A75, may be.
IBM, meanwhile said that mitigation for Variant 4 will impact Power Systems clients. Customers need to install patches to both system firmware and operating systems, according to IBM: “Both the firmware and OS patches are required for the mitigation to be effective against these vulnerabilities and the latest firmware and OS patches incorporate mitigations for the fourth variant,” it said in a post. Firmware patches for POWER7, POWER7+, POWER8 and POWER9 platforms are now available.
Patching and Performance
Intel said the vulnerability mitigations (coined as Speculative Store Bypass Disable, or SSBD) for Variant 4 will be released by OEM system manufacturers and system software vendors in the coming weeks. Similar to earlier in the year, the fixes for the flaw could also impact performance by between 2 and 8 percent for certain systems.
“In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test systems,” Culbertson said in her post.
The same update also includes microcode that addresses Variant 3a (Rogue System Register Read), Intel said. “We have not observed any meaningful performance impact on client or server benchmarks with the Variant 3a mitigation,” Culbertson said.
Spectre and Meltdown also infamously faced messy patching efforts across the industry in the wake of the vulnerability disclosure. Intel initially released patches addressing the Spectre and Meltdown vulnerabilities in January, but later yanked its patches for the Variant 2 flaw – both for client compute and data center chips – after acknowledging that they caused “higher than expected reboots and other unpredictable system behavior.”
Industry Reaction
The new vulnerability comes as no surprise to the industry, especially with rumors swirling that new Spectre-like flaws would be disclosed by German magazine c’t earlier in May.
However, beyond that, industry experts such as Renaud Deraison, co-founder and CTO of Tenable, think that the tech world is moving headfirst into making chips quicker and more efficient – so quick, in fact, that they are prioritizing speed over security.
“We as an industry have trained people to expect speed,” Deraison said. “The speed of the chips inside our personal computers, our tablets and our phones is critical to their performance — everybody knows that. In this case, the vulnerabilities take advantage of the very features that make them fast. Intel optimized for performance and later learned they were facing a trade off between security and performance. The vast majority of people would choose speed over security, too.”
