[sf-lug] Intel's Meltdown and (everyone's) Spectre flaws

Rick Moen rick at linuxmafia.com
Thu Jan 4 13:01:31 PST 2018 

Quoting acohen36 (acohen36 at SDF.ORG):

> 
> Much recent clamor over the last few days about Intel Inc's
> "Meltdown" and "Spectre" flaws, that have apparently been in nearly
> all Intel CPU's since even before the start of the Millenium(?)
> 
> E.g., as reported in at least
> - ' "Meltdown" and "Spectre": Every modern processor has unfixable
> security flaws'[1]
> - 'What's behind the Intel design flaw forcing numerous patches?'[2]
> - 'Spectre and Meltdown: Details you need on those big chip flaws'[3]
> - 'Meltdown and Spectre -- Bugs in modern computers leak passwords
> and sensitive data.'[4]
> 
> Anyone have further thoughts on Meltdown and Spectre?
> Helpful insights on this from Rick M, Akkana P, and others?

It's all over the news, right?

> IIRC, the most recent SF-LUG post on Intel's "problems" was Rick M's
> post on 'Intel reveal security problems with the IME, finally' from
> ~1.5 months ago, see [5].

Bear in mind, the Intel Management Engine problem is separate from, and
in addition to, that lingering menace.  Here's what I just posted to the
SVLUG list about Meltdown and Spectre:

Quoting Sarah Newman (newmans at sonic.net):

> There are actually 3 different classes of vulnerabilities. It's not
> just Intel. https://developer.arm.com/support/security-update

Good point.  Google's Security Blog has a very general rundown about
these findings from the Project Zero researcher:
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
It's pretty woefully deficient on specifics.
https://meltdownattack.com/ (from the researchers) is better, and
the ARM page at least outlines the three attacks and gives their CVEs:

Variant 1: bounds check bypass (CVE-2017-5753)    [RM: Spectre]
Variant 2: branch target injection (CVE-2017-5715)[RM: Spectre]
Variant 3: rogue data cache load (CVE-2017-5754)  [RM: Meltdown - Intel-specific]

Which ARM cores aren't and aren't affected by Spectre is shown on the
ARM page.  In general terms, _some_ 64-bit Intel, AMD, and ARM
processors are affected by Spectre, specifically those with 'speculative
execution'.  https://developer.arm.com/support/security-update

C code to test for the Spectre vulnerability:
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

As to Meltdown and Intel CPUs, researchers' claim is that 'every Intel
processor which implements out-of-order execution is potentially
affected, which is effectively every processor since 1995 (except Intel
Itanium and Intel Atom before 2013)'.
https://meltdownattack.com/#faq-systems-meltdown
They says it's not been confirmed yet on anything but Intel CPUs, e.g.,
not yet on ARM, AMD, MIPS, SPARC64, etc.

The patches for Linux, MS-Windows, and OS X adress Meltdown; fixing
Spectre is a work in progress, i.e., there are experimental Linux
patches for one of the two Spectre attacks, Variant 2:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html
https://lwn.net/Articles/743019/

Here's part of the work on Variant 1:
https://lwn.net/Articles/742754/


I have to say that 'Don't worry and just run Javascript from arbitrary
locations on the Web' is looking like an even worse idea than before,
given these side-channel exploits against system RAM.

I think _way_ more people other than VPS vendors need to be worried.

-- 
Cheers,                     « Le doute n'est pas une état bien agréable, mais
Rick Moen                   l'assurance est un état ridicule. »  ("Doubt is not 
rick at linuxmafia.com         a pleasant condition, but certainty is absurd.')
McQ! (4x80)                                                       -- Voltaire

More information about the sf-lug mailing list