Author Topic: Spectre CPU Key 0 flaw found all over... - Meltdown key 0 flaw for Intel  (Read 1043 times)

0 Members and 1 Guest are viewing this topic.

Online TahoeBlue

  • Global Moderator
  • Member
  • *****
  • Posts: 19,295
... this shouldn't be needed, but
clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.

 ... the bug could be abused to defeat KASLR: kernel address space layout randomization. This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory.
...
Intel's CPUs speculatively execute code potentially without performing security checks.
...
allow ring-3-level user code to read ring-0-level kernel data. And that is not good.

Microsoft's Azure cloud – which runs a lot of Linux as well as Windows – will undergo maintenance and reboots on January 10, presumably to roll out the above fixes.



https://www.zerohedge.com/news/2018-01-03/everyone-affected-why-implications-intel-bug-are-staggering
"Everyone Is Affected": Why The Implications Of The Intel "Bug" Are Staggering
by Tyler Durden
Thu, 01/04/2018 - 05:23

Earlier today, we reported that according to a press reports, Intel's computer chips were affected by a bug that makes them vulnerable to hacking. Specifically, The Register said the bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords, and making matters worse, all computers with Intel chips from the past 10 years appear to be affected. The news, which sent Intel's stock tumbling, was later confirmed by the company.

In a statement issued on Monday afternoon, Intel said it was working with chipmakers including Advanced Micro Devices Inc. and ARM Holdings, and operating system makers to develop an industrywide approach to resolving the issue that may affect a wide variety of products, adding that it has begun providing software to help mitigate the potential exploits. Computer slowdowns depend on the task being performed and for the average user “should not be significant and will be mitigated over time" the company promised despite much skepticism to the contrary.

As Bloomberg helpfully puts it, Intel's microprocessors "are the fundamental building block of the internet, corporate networks and PCs" and while Intel has added to its designs over the years trying to make computers less vulnerable to attack, arguing that hardware security is typically tougher to crack than software, there now appears to be a fundamental flaw in the design.

In a vain attempt to mitigate the damage, Intel claimed that the “flaw” was not unique to its products.

“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the Santa Clara, California-based company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

The extent of the vulnerability is huge

As Bloomberg writes, "the vulnerability may have consequences beyond just computers, and is not the result of a design or testing error." Here's how the bug "works":
...


4. We're dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.

5. The second issue is a fundamental flaw in processor design approach, dubbed Spectre, which is more difficult to exploit, but affects virtually ALL PROCESSORS ON THE MARKET (Note here: Intel stock went down today but Spectre affects AMD and ARM too), and has NO FIX.
6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.
...

| - --

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
Speed hits loom, other OSes need fixes
By John Leyden and Chris Williams 2 Jan 2018 at 19:29

Final update A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
...
Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.
,...

The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka f**kWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
...
These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all.
Behold, happy is the man whom God correcteth: therefore despise not thou the chastening of the Almighty: For he maketh sore, and bindeth up: he woundeth, and his hands make whole ; He shall deliver thee in six troubles: yea, in seven there shall no evil touch thee. - Job 5

Online TahoeBlue

  • Global Moderator
  • Member
  • *****
  • Posts: 19,295
wayback machine ...

https://www.theregister.co.uk/2015/08/11/memory_hole_roots_intel_processors/

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it
Howler opens door for SMM rootkits
By Iain Thomson in San Francisco 11 Aug 2015 at 07:31

Black Hat In-Depth A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove.

"It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, who revealed the hardware bug at the Black Hat conference in Vegas last week.

The blunder was introduced in 1995, in the Pentium Pro. It is hardwired into the silicon, and has been staring kernel-level programmers in the face for years.

It allows smart hackers to run rootkit code at the very lowest level on the computer, out of reach of the operating system, its applications, and even the hypervisor. This means the rootkit can, among other things, silently monitor and record the user's every keypress, mouse click, and download.
...

...
Your operating system runs in ring 0. Apps in ring 3 cannot directly meddle with the OS and compromise it because the OS is protected in ring 0.

Then there's ring -1, which is where the hypervisor lives, if you're using one. The hypervisor looks after one or more operating systems that live in ring 0. The hypervisor, being in ring -1, is protected from the operating systems running in ring 0. This stops a guest operating system from taking over the host machine.
...
Behold, happy is the man whom God correcteth: therefore despise not thou the chastening of the Almighty: For he maketh sore, and bindeth up: he woundeth, and his hands make whole ; He shall deliver thee in six troubles: yea, in seven there shall no evil touch thee. - Job 5

Offline Dude447

  • Member
  • *****
  • Posts: 1,185
It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/

Just out of interest I did install the microsoft patch version for windows 7 64bit on an older AMD Athlon laptop to see what would happen . Result update installed ok, Blue screen of Death on reboot but I was able to remove it . This issue may not be limited to just the AMD Athlon processor .

Online TahoeBlue

  • Global Moderator
  • Member
  • *****
  • Posts: 19,295
I'm holding off applying any fixes ... 

https://www.theverge.com/2018/1/10/16871856/intel-cpu-meltdown-spectre-response-computer-slow-down-issues
Intel needs to come clean about Meltdown and Spectre
A lot more transparency is needed from Apple and AMD, too
By Tom [email protected] Jan 10, 2018, 7:30am EST

Intel hasn’t had the best of times recently. Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs will have performance impacts. Even as I write this, it’s still not clear to anyone exactly how bad these performance impacts will be for older desktop systems, or how significant they’ll be to server-based cloud platforms. It’s all a bit of a mess, and Intel hasn’t helped with its lack of transparency. It’s time for Intel to stop hiding behind cleverly worded statements.
...
Intel’s first response to the initial Meltdown and Spectre rumors was an angry blog post that provided few details,
...
A day later, Intel issued a second response. This time, the company admitted “performance impact from the software updates may initially be higher” on some workloads, but the wording was still vague and confusing. Intel promised updates for 90 percent of processor products introduced in the past five years by the end of this week to fix the security problems. These updates are BIOS firmware updates, which are not distributed centrally by Intel or Microsoft, and require PC makers to properly manage and alert customers that they even exist. The buzz over performance issues continued.
...
Microsoft revealed some of the extent of the performance issues facing Windows PCs and server-based systems. Windows 7 and Windows 8 machines running Haswell or older processors are going to be impacted the most according to Microsoft, and “most [of those] users will notice a decrease in system performance.”
...
Microsoft is actually warning customers to consider not updating their server firmware if they don’t run untrusted code, to ensure performance isn’t impacted. Microsoft has performed a number of vague benchmarks across a variety of processors, but at least the company is trying to be transparent to its customers.

Intel issued its third statement today, reiterating that performance impacts shouldn’t be significant for “average computer users.” I
...

Part of all this poor transparency might have been related to the timing of the flaw disclosure. Intel, AMD, Google, Microsoft, and others had agreed to hold an embargo on the details for Meltdown and Spectre to today, until the news broke early last week. Intel and others were caught off guard, despite being informed about the flaw back in June. Note that the original plan wasn’t all that transparent, as it would have put the news in the middle of one of the biggest technology shows in the world (CES).
...
AMD’s cleverly worded statement didn’t address potential performance issues or the Spectre variant 2 that requires firmware updates.
...
Another company that isn’t talking about potential firmware updates is Apple. The Verge has reached out multiple times to confirm whether iPhones or Mac computers will require firmware updates to protect against the Spectre variant 2, and Apple has not yet revealed whether these updates have been issued, or if and when they will be. Apple has, at the minimum, so far issued operating system updates to mitigate against Spectre variant 1 and Meltdown.
...
. Microsoft and Red Hat have started to provide a clearer picture for the industry, but Intel’s processors are the ones mainly affected by these issues due to their prevalence and the types of computing they’re used for. Intel also dominates the server market, and the company has not been clear about the impact there. Intel is creating the firmware patches for Spectre variant 2, and it should know the performance impacts across Windows and Linux even more closely than Microsoft and Red Hat. Intel should be leading the way in helping customers understand the issues, not hiding behind cleverly worded statements that gradually eke out the truth what feels like each and every day.
Behold, happy is the man whom God correcteth: therefore despise not thou the chastening of the Almighty: For he maketh sore, and bindeth up: he woundeth, and his hands make whole ; He shall deliver thee in six troubles: yea, in seven there shall no evil touch thee. - Job 5

Online TahoeBlue

  • Global Moderator
  • Member
  • *****
  • Posts: 19,295
updates:

Nice script ... works on linux based machines :
https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/
How to check Linux for Spectre and Meltdown vulnerability
in Categories CentOS, Debian / Ubuntu, Linux, RedHat and Friends, Security, Suse last updated April 20, 2018
/...

i386 is not vulnerable to Meltdown/Spectre..?

    Jean-Michel says:
    January 12, 2018 at 8:15 pm

    Yes Charles, processors up to Pentium MMX are not vulnerable.


| - - -

https://www.zdnet.com/article/spectre-and-meltdown-linux-creator-linus-torvalds-criticises-intels-garbage-patches/
Spectre and Meltdown: Linux creator Linus Torvalds criticises Intel's 'garbage' patches

Updated: 'We are actively engaging with the Linux community, including Linus,' says Intel.
Steve Ranger
By Steve Ranger | January 23, 2018

Linus Torvalds is not happy about the patches that Intel has developed to protect the Linux kernel from the Spectre and Linux flaws.

In a posting on the Linux kernel mailing list, the Linux creator criticised differences in the way that Intel approached patches for the Meltdown and Spectre flaws. He said of the patches: "They do literally insane things. They do things that do not make sense."

Torvalds added: "And I really don't want to see these garbage patches just mindlessly sent around."

Spectre and Meltdown are design flaws in modern CPUs which could allow hackers to get around system protections on a wide range of PCs, servers, and smartphones, allowing attackers to access data including passwords, from memory. Since the flaws were discovered, the tech industry has been scrambling to fix them before they can be exploited.

However, others on the mailing list took a different view: "Certainly it's a nasty hack, but hey -- the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad," said one.

It's not the first time the Linux chief has criticised Intel's approach to the Spectre and Meltdown flaws. Earlier this month, he said: "I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed."


Now read: Cybersecurity in 2018: A roundup of predictions

Torvalds also said that he had decided not to publish the final version of Linux 4.15 this weekend as planned as there was still work to do, and had instead decided to deliver release candidate (RC) nine instead. Torvalds had already warned that the 'Meltdown and Spectre hoopla' might result in another RC being released.

The final version should arrive after this RC, he said.

"I really expect no more delays after this. We've had rc9's before, but they have been pretty rare (the last one was 3.1-rc9 back in 2011 - that release went all the way to rc10, and I really don't think we'll do that this time _despite_ all the CPU bug mitigation craziness)," he said.

Update 23-1-2018: Intel has responded to the comments from Torvalds. "We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions," the company said in a statement.
...

| - - -

https://www.bloombergquint.com/businessweek/2018/05/17/millions-of-computers-are-at-risk-from-the-next-gen-spectre-bug#gs.L_KqY4E

Millions of Computers Are at Risk of Hacks That Crack Into Their Core
Jordan Robertson
17 May 2018, 7:37 AM

uriy Bulygin knows all about computer vulnerabilities. He spent most of his career at Intel Corp. studying security flaws in chips, including several years as the company?s chief threat researcher, until last summer. So you can believe him when he says he?s found something new: His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer?s firmware?microcode that?s stored permanently inside processors and other chips?to get to its most sensitive information. ?The firmware has access to basically all the secrets that are on that physical machine,? he says.
...
Behold, happy is the man whom God correcteth: therefore despise not thou the chastening of the Almighty: For he maketh sore, and bindeth up: he woundeth, and his hands make whole ; He shall deliver thee in six troubles: yea, in seven there shall no evil touch thee. - Job 5