The discovery of Meltdown and Spectre vulnerabilities in Intel chips last year opened up a whole new class of hardware vulnerabilities and encouraged further research in the processors’ speculative execution feature. Intel and a group of researchers have identified new side-channel attacks targeting weaknesses in speculative execution, similar to Meltdown and Spectre.
Modern processors rely on speculative execution—where the processor tries to guess what the instructions a program may call next and executes those instructions long before the program needs to—in order to boost performance. If the commands have already been carried out and the answer is ready by the time the program needs it, that’s microseconds that was saved. Results from instructions that were part of different paths that wound up being not needed are discarded by the processor.
Named ZombieLoad (CVE-2019-1109, CVE-2018-12130), Rogue In-Flight Data Load (RIDL, CVE-2018-12130), and Fallout (CVE-2018-12126), the attacks use different methods to harvest information—including passwords, website content, disk encryption keys, and user browsing history—stored in memory by applications, operating systems, virtual machines, and trusted execution environments. For example, ZombieLoad can let attackers obtain a user’s browsing history even if the victim had surfed the web from a virtual machine and used Tor. Fallout lets attackers determine the operating system’s memory position, which is valuable information for carrying out other attacks.
The attacks work across security boundaries—including the boundary between user-space/kernel-space, OS processes, virtual machines, and SGX enclaves. The security boundaries are like “the Wall which was supposed to protect the living from the dead,” wrote Kelly Shortridge, vice president of product strategy at Capsule8, referencing the TV show (and book) Game of Thrones. The boundaries keep user data separate from kernel data.
“Just like the Wall stood for one thousand years, these system security boundaries are supposed to be steadfast, so it’s pretty bad when they aren’t,” Shortridge wrote.
To describe how these attacks obtain data, Shortridge used a cat cafe analogy. The "the cats will want to play with toys at some point, but you don’t totally know which toys they will want," Shortridge wrote. Speculative execution is holding toys to give the cats when they look like they are about to pounce, and putting the toys away if they play with a shadow on the wall. If a cat peeks at the hands to see what toys were prepared, that's an attack.
“ZombieLoad 'resurrects' the toys that were just in your hand to see them. RIDL spies on your toys as they’re in your hands. Fallout reconstructs your toys and if it does this a lot, it can pinpoint exactly where the toys were in your hand, too,” Shortridge wrote.
These attacks have not been observed in the wild.
One thing about timing attacks: they typically take some time to execute, so it's not going to be part of a smash-and-grab attack. In fact, it isn't very likely that these attacks will be used by commodity malware. The attacks, if they come, are more likely to be used in highly targeted operations.
While these new attacks are similar to Meltdown and Spectre in that they target speculative execution, they are different in that they target data stored in various buffers within the processor, not the level 1 cache where memory is stored. The attacks read the Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers) and Store Buffers (temporary buffers to hold store addresses and data). These buffers can also hold stale data.
The issues affect many of the Intel chips made within the last ten years, which inclludes most Intel Core and Xeon chips dating back to 2011. Intel said newer chips, including some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors address these issues on the hardware level. ARM (used in mobile devices) and AMD processors do not appear to be affected.
Different Names, Same Bugs
Intel refers to these issues collectively as Microarchitectural Data Sampling (MDS), and assigned the following names and CVE identifiers: Microarchitectural Store Buffer Data Sampling (MSBDS, CVE-2018-12126), Microarchitectural Load Port Data Sampling (MLPDS, CVE-2018-12127), Microarchitectural Fill Buffer Data Sampling (MFBDS, CVE-2018-12130), and Microarchitectural Data Sampling Uncacheable Memory (MDSUM, CVE-2018-1109). MDS lets programs read data they otherwise would not have access to and the data is leaked by the CPU using a locally executed speculative execution side channel.
“MDS does not, by itself, provide an attacker with a way to choose the data that is leaked,” Intel said. “Practical exploitation of MDS is a very complex undertaking.”
The new attacks have multiple names because they were found by different groups of researchers. Intel said its own researchers and partners first identified the vulnerabilities and were independently reported later by other research groups from the University of Michigan, Worcester Polytechnic Institute in Massachusetts, Graz University of Technology in Austria (one of the original discoverers of Meltdown and Spectre), imec-DistriNet at Katholieke Universiteit te Leuven (KU Leuven) in Belgium, the University of Adelaide in Australia, VU Amsterdam’s VUSec group, Microsoft, Bitdefender, Oracle, and Qihoo 360. It appears Intel started receiving these outside reports in June 2018.
“It’s neat that disparate research teams all stumbled on new types of side channel attacks around the same time,” Shortridge said.
Lots of Updates
Intel asked the researchers to keep the details of the vulnerabilities quiet in order to coordinate fixes with other vendors and also to prepare its own updates. Intel has released its own microcode updates. There are additional opt-in mitigations to disable hyper threading and enable microcode-based mitigations. The mitigations and the microcode updates may impact performance for data center workloads, but should have minimal impact for PCs. Intel claimed that in a Core i9 9900L with Hyper-Threading disabled, the performance hit was as little as 9 percent.
Researchers have noted that the recommended defenses for previously disclosed speculative execution attacks are not sufficient against these new attacks.
While individual PCs and servers are affected, the biggest dangers are for the data centers and large cloud-service providers. Most of the major cloud providers have already taken steps to protect their customers. Amazon Web Services has already deployed protections to all its infrastructures and released updated kernels and microcode packages for Amazon Linux AMI 2018.3 and Amazon Linux 2. IBM is rolling out protections to its cloud services. Google said its cloud infrastructure, G Suite, and Google Cloud Platform products and services are protected. Microsoft has also deployed its own server-side fixes to Azure to mitigate the vulnerabilities.
Microsoft, and Apple have released updates. Microsoft also released a PowerShell script to let users check the status of speculative execution mitigations on their systems. Apple included a Safari update with Mojave 10.14.5 to prevent exploitation from the internet. Google disabled hyper-threading by default in Chrome OS 74 and additional mitigations will be added to Chrome OS 75.
VMWARE said VMware vCenter Server, vSphere ESXi, Workstation, Fusion, vCloud Usage Meter, Identity Manager, vCenter Server, vSphere Data Protection, vSphere Integrated Containers, and vRealize Automation products are affected, and released software updates and patches. Citrix has released a hotfix for XenServer 7.1, which includes hypervisor and CPU microcode updates.
While Oracle SPARC servers and Solaris on SPARC are not affected, Solaris on x86 systems are, Oracle said. Updates are available for Oracle LLinux and VM Server products.
Linux kernel developers released an advisory. Of the Linux distributions, Red Hat Linux, Debian, Ubuntu, and SUSE have started rolling out updates. Updates for Ubuntu LTS will be delivered through Extended Security Maintenance. Ubuntu users should also disable Simultaneous Multi-Threading/Hyper-Threading (SMT) in the BIOS since otherwise the updates won’t work.
Systems running all versions of Xen are affected if they use x86 Intel processors, the Xen Project said in its advisory.
Of the hardware manufacturers, HP and Lenovo has released firmware patches at this time.