Share with friends and colleagues on social media

Today, the Google Project Zero team disclosed an additional speculative execution method to obtain data that would otherwise be protected by the CPU.

Google, together with CPU, hardware and operating system vendors have worked over the past months to prepare mitigations for this vulnerability, known as Spectre v4.

The vulnerability is similar to others in the Spectre family, yet has distinct characteristics that make it a unique attack vector. x86 CPU’s from both Intel and AMD, as well as several ARM and PowerPC CPU’s are affected.

The potential attack takes advantage of a performance feature of modern CPU’s called memory disambiguation. Memory disambiguation allows dispatching memory reads and writes to independent units speculatively, avoiding waiting for completion and thus boosting performance. As a result of this behavior, however, there are cases where speculative memory reads can see stale values of memory. Any such stale read is discarded at the end of the speculative execution and under normal conditions doesn’t cause any issues.

However, since the previous Spectre variants have shown how to carry over information from speculative execution using a cache side channel, the stale data effect of memory disambiguation can be used to obtain data that would be otherwise inaccessible.

In an exploit, an attacker needs to be able to execute carefully crafted code sequences on the system. This could be compiled code, but the typical attack scenario revolves around code generated by just-in-time compilation of interpreted languages, like eBPF or javascript (ECMAScript). This is because these cases span security boundaries – browsers execute untrusted javascript code downloaded from the internet, in the case of eBPF the kernel is executing code provided from user space. Within a virtualized environment, a local user inside a guest with administrative privilege may also be able to attack the hypervisor as well other virtual machines.

The mitigation code developed for the Linux kernel allows disabling the processor’s memory disambiguation capability, either selectively per-process, or globally for the whole running system.

The just released SUSE Linux kernel updates disable memory disambiguation for eBPF execution, for any process making use of SECCOMP (browsers) and provide an opt-in capability to additionally disable it for individual processes that might be running untrusted code generated by a JIT. There is also a system-wide option to disable memory disambiguation globally.

Given that a kernel and hypervisor update is needed, installing the updated packages and rebooting the system is required to obtain the mitigation. In addition to that, on Intel CPU’s a microcode update is required for the mitigation to work.

CPU Microcode availability and release schedules can be checked at Intel’s website or via your hardware vendor. SUSE will also re-publish official microcode updates. For AMD x86 and Power, no CPU microcode updates are required. For ARM, kernel and Microcode updates will be published in future update rounds.

TID link: https://www.suse.com/support/kb/doc/?id=7022937

CVE page link: https://www.suse.com/security/cve/CVE-2018-3639/

SUSE Addresses Meltdown and Spectre Vulnerabilities blog: https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

SUSE wishes to thank the CPU and hardware vendors and the Linux kernel community for their collaboration in mitigating this issue in such a timely fashion for the good of customers and the industry.

(Visited 1 times, 1 visits today)

Share with friends and colleagues on social media
Tags: , ,
Category: Announcements, Compliance, Containers as a Service, SUSE CaaS Platform, SUSE Linux Enterprise, SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, SUSE News, Technical Solutions
This entry was posted Monday, 21 May, 2018 at 9:00 pm
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet