[sf-lug] Intel's Meltdown and (everyone's) Spectre flaws
Rick Moen
rick at linuxmafia.com
Thu Jan 4 13:01:31 PST 2018
Quoting acohen36 (acohen36 at SDF.ORG):
>
> Much recent clamor over the last few days about Intel Inc's
> "Meltdown" and "Spectre" flaws, that have apparently been in nearly
> all Intel CPU's since even before the start of the Millenium(?)
>
> E.g., as reported in at least
> - ' "Meltdown" and "Spectre": Every modern processor has unfixable
> security flaws'[1]
> - 'What's behind the Intel design flaw forcing numerous patches?'[2]
> - 'Spectre and Meltdown: Details you need on those big chip flaws'[3]
> - 'Meltdown and Spectre -- Bugs in modern computers leak passwords
> and sensitive data.'[4]
>
> Anyone have further thoughts on Meltdown and Spectre?
> Helpful insights on this from Rick M, Akkana P, and others?
It's all over the news, right?
> IIRC, the most recent SF-LUG post on Intel's "problems" was Rick M's
> post on 'Intel reveal security problems with the IME, finally' from
> ~1.5 months ago, see [5].
Bear in mind, the Intel Management Engine problem is separate from, and
in addition to, that lingering menace. Here's what I just posted to the
SVLUG list about Meltdown and Spectre:
Quoting Sarah Newman (newmans at sonic.net):
> There are actually 3 different classes of vulnerabilities. It's not
> just Intel. https://developer.arm.com/support/security-update
Good point. Google's Security Blog has a very general rundown about
these findings from the Project Zero researcher:
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
It's pretty woefully deficient on specifics.
https://meltdownattack.com/ (from the researchers) is better, and
the ARM page at least outlines the three attacks and gives their CVEs:
Variant 1: bounds check bypass (CVE-2017-5753) [RM: Spectre]
Variant 2: branch target injection (CVE-2017-5715)[RM: Spectre]
Variant 3: rogue data cache load (CVE-2017-5754) [RM: Meltdown - Intel-specific]
Which ARM cores aren't and aren't affected by Spectre is shown on the
ARM page. In general terms, _some_ 64-bit Intel, AMD, and ARM
processors are affected by Spectre, specifically those with 'speculative
execution'. https://developer.arm.com/support/security-update
C code to test for the Spectre vulnerability:
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6
As to Meltdown and Intel CPUs, researchers' claim is that 'every Intel
processor which implements out-of-order execution is potentially
affected, which is effectively every processor since 1995 (except Intel
Itanium and Intel Atom before 2013)'.
https://meltdownattack.com/#faq-systems-meltdown
They says it's not been confirmed yet on anything but Intel CPUs, e.g.,
not yet on ARM, AMD, MIPS, SPARC64, etc.
The patches for Linux, MS-Windows, and OS X adress Meltdown; fixing
Spectre is a work in progress, i.e., there are experimental Linux
patches for one of the two Spectre attacks, Variant 2:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html
https://lwn.net/Articles/743019/
Here's part of the work on Variant 1:
https://lwn.net/Articles/742754/
I have to say that 'Don't worry and just run Javascript from arbitrary
locations on the Web' is looking like an even worse idea than before,
given these side-channel exploits against system RAM.
I think _way_ more people other than VPS vendors need to be worried.
--
Cheers, « Le doute n'est pas une état bien agréable, mais
Rick Moen l'assurance est un état ridicule. » ("Doubt is not
rick at linuxmafia.com a pleasant condition, but certainty is absurd.')
McQ! (4x80) -- Voltaire
More information about the sf-lug
mailing list