The infotech security world is abuzz this week with news of two serious hardware flaws, codenamed Meltdown and Spectre, which afflict the central processors powering most of our modern computers. Although full details are still being released, the vulnerabilities appear to be related to Kernel memory leaking via a feature of modern processors intended to speed up applications by pre-fetching memory content, a technique called “speculative execution”. The trouble occurs when Kernel memory is pre-read by a lower privelege user process before it’s been verified to have access to the particular memory space being accessed. In other words it allows normal user programs to see into the contents of protected kernel memory areas, which can often contain the keys to the castle and other sensitive data.
On shared system environments such as public cloud servers, where multiple customers use the same physical hardware, it could be possible in certain cases for software in one virtual machine to look into it’s host machine’s physical memory, and read data from another customer’s virtual machines on that same shared host.
The Register is reporting the scope of affected hardware and manufacturers, which affects Intel chips, AMD, ARM and possibly others. Many versions of Linux and Microsoft have software workarounds to patch up the flaw at the cost of substantial performance hits, pegged by some industry experts at between 5-30%. Many manufacturers with affected chips have already released patches for Meltdown, though fixing Spectre may be substantially more involved and could require hardware changes in the chips themselves. According to Canonical’s website Ubuntu patch is expected to be released January 9, 2018 at the latest.
“One way rival processors differentiate themselves, and perform faster than their competitors, is to rely on speculative execution. In order to keep their internal pipelines primed with computer code to obey, they do their best to guess which instructions will be executed next, fetch those from memory, and carry them out. If the CPU guesses wrong, it has to undo the speculatively executed code, and run the actual stuff required.
Unfortunately, the chips in our desktop PCs, laptops, phones, fondleslabs, and backend servers do not completely walk back every step taken when they realize they’ve gone down the wrong path of code. That means remnants of data they shouldn’t have been allowed to fetch remain in their temporary caches, and can be accessed later.” – Chris Williams via The Register
“At its heart, this vulnerability is a CPU hardware architecture design issue. But there are billions of affected hardware devices, and replacing CPUs is simply unreasonable. As a result, operating system kernels — Windows, MacOS, Linux, and many others — are being patched to mitigate the critical security vulnerability. Canonical engineers have been working on this since we were made aware under the embargoed disclosure (November 2017) and have worked through the Christmas and New Years holidays, testing and integrating an incredibly complex patch set into a broad set of Ubuntu kernels and CPU architectures.” – Dustin Kirkland via Ubuntu.com
“Mitigations for two critical architectural flaws in CPUs can cause performance degradation, but real-world impact is lower than synthetic benchmarks. While these architectural flaws are possible to partially mitigate using software patches, the core issue—an oversight in design that requires revised hardware—still remains.” – James Sanders via Techrepublic
Papers from exploit-db.com