Multiple Hardware Vulnerability Variants Affecting CPU chipsets

Print
Details

Multiple Hardware Vulnerability Variants Affecting CPU chipsets

 

A former vulnerability discovered that affected modern microprocessor chips codenamed Spectre and Meltdown, has evolved with its new variants. Meltdown is a flaw that soften the security barriers imposed by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to push a CPU to reveal its data. Both the bugs utilize speculative execution strategy. Speculative execution is a methodology used by many modern processors to improve performance by anticipating which instructions may be executed based on prior execution.   

 

The new vulnerability allows an attacker with local user access to utilize sequences of speculative execution to perform a cache timing side-channel information disclosure attack. Sensitive information such as passwords stored in password manager or browser, personal photos, emails, business-critical documents and cache information can be obtained. The two new variants that are identified as Variant 3a and Variant 4, assigned as CVE-2018-3640 and CVE-2018-3639.

 

Variant 4

Variant 4 refers to exploitation of Speculative Store Bypass. This flaw allows an attacker to read older memory values in a CPU’s stack or other memory locations.

Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks.

This vulnerability is assigned CVE-2018-3639 and known as SpectreNG. 

 

Variant 3a

Variant 3a refers to exploitation of Rogue System Data Read (RSDR). This flaw may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information. 

This vulnerability is assigned CVE-2018-3640. 

 

Side Channel Variants

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

The variants 1,2,3 are the old variants of Side Channel Attack and are not related to this advisory. For more information on the old variants, please see references.

 

Affected Vendors

 

Recommendations for Mitigation

 

References

[1] Q2 2018 Speculative Execution Side Channel Update 

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html 

[2] Speculative Execution Side Channel Mitigations 

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf 

[3] ADV180012 | Microsoft Guidance for Speculative Store Bypass 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 

[4] ADV180013 | Microsoft Guidance for Rogue System Register Read 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180013 

[5] Analysis and mitigation of speculative store bypass (CVE-2018-3639) 

https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ 

[6] CPU Side-Channel Information Disclosure Vulnerabilities: May 2018 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel 

[7] Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism 

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability  

[8] Side-Channel Vulnerability Variants 3a and 4 

https://www.us-cert.gov/ncas/alerts/TA18-141A 

[9] CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks 

https://www.kb.cert.org/vuls/id/180049 

[10] Mitigation Strategies for Spectre and Meltdown Attack 

http://vsintelli.com/portal/blog/24-mitigation-strategies-for-spectre-and-meltdown-attack