[sf-lug] Two new variants of Spectre vulnerability

aaronco36 aaronco36 at SDF.ORG
Tue May 22 18:36:43 PDT 2018 

Two new variants of the Spectre CPU vulnerabaility were revealed 
yesterday.

Quoting from CERT's Alert (TA18-141A) 'Side-Channel Vulnerability Variants 
3a and 4' in ref [1]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Overview
On May 21, 2018, new variants of the side-channel central processing unit 
(CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly 
disclosed [2]. These variants--known as 3A and 4--can allow an attacker to 
obtain access to sensitive information on affected systems.

Description
Common CPU hardware implementations are vulnerable to the side-channel 
attacks known as Spectre and Meltdown. Meltdown is a bug that "melts" the 
security boundaries normally enforced by the hardware, affecting desktops, 
laptops, and cloud computers. Spectre is a flaw that an attacker can 
exploit to force a CPU to reveal its data.

Variant 3a is a vulnerability that may allow an attacker with local access 
to speculatively read system parameters via side-channel analysis and 
obtain sensitive information.

Variant 4 is a vulnerability that exploits "speculative bypass." When 
exploited, Variant 4 could allow an attacker to read older memory values 
in a CPU's stack or other memory locations. While implementation is 
complex, this side-channel vulnerability could allow less privileged code 
to
* Read arbitrary privileged data; and
* Run older commands speculatively, resulting in cache allocations that 
could be used to exfiltrate data by standard side-channel methods.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Further info on the Rogue System Register Read (RSRE) Spectre variant 3a / 
CVE-2018-3640 is at ref [3]
Further info on the Speculative Store Bypass (SSB) Spectre variant 4 / 
CVE-2018-3639 is at ref [4].

Might be a good idea to check the list of affected CPU's in Intel's 
Security Alert within ref [2] and compare it with your own machine 
architectures, and then consider the Solution Mitigation steps listed in 
ref [1], as appropriate for your machines.

IMHO, there will likely be updated info and patches coming out soon on 
this pair of vulnerabilities.

Further thoughts or suggestions regarding these new Spectre variants from 
Rick M, Michael P, and/or anyone else reading this?

-A

================================
References
================================

[1]https://www.us-cert.gov/ncas/alerts/TA18-141A
[2]https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
[3]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
[4]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639

================================



aaronco36 at sdf.org
SDF Public Access UNIX System - http://sdf.org

More information about the sf-lug mailing list