Jump to content

CPU Kernel Page Table Isolation bug disclosure


Recommended Posts

was: Security Flaws Disclosed Wednesday 03 Jan 2018


FRANKFURT/SAN FRANCISCO (Reuters) - Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp <INTC.O>, Advanced Micro Devices Inc <AMD.O> and ARM Holdings.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

Researchers with Alphabet Inc's <GOOGL.O> Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

The researchers said Apple Inc <AAPL.O> and Microsoft Corp <MSFT.O> had patches ready for users for desktop computers affected by Meltdown. Microsoft declined to comment and Apple did not immediately return requests for comment.

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it "probably one of the worst CPU bugs ever found" in an interview with Reuters.

Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

Speaking on CNBC, Intel's Krzanich said Google researchers told Intel of the flaws "a while ago" and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9.

The flaws were first reported by tech publication The Register. It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly. (http://bit.ly/2CsRxkj)

Intel denied that the patches would bog down computers based on Intel chips.

"Intel has begun providing software and firmware updates to mitigate these exploits," Intel said in a statement. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."

ARM spokesman Phil Hughes said that patches had already been shared with the companies' partners, which include many smartphone manufacturers.

"This method only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory," Hughes said in an email.

AMD chips are also affected by at least one variant of a set of security flaws but that it can be patched with a software update. The company said it believes there "is near zero risk to AMD products at this time."

Google said in a blog post that Android phones running the latest security updates are protected, as are its own Nexus and Pixel phones with the latest security updates. Gmail users do not need to take any additional action to protect themselves, but users of its Chromebooks, Chrome web browser and many of its Google Cloud services will need to install updates.

The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.

That could make it possible for hackers to exploit other security bugs or, worse, expose secure information such as passwords, thus compromising individual computers or even entire server networks.

Dan Guido, chief executive of cyber security consulting firm Trail of Bits, said that businesses should quickly move to update vulnerable systems, saying he expects hackers to quickly develop code they can use to launch attacks that exploit the vulnerabilities. “Exploits for these bugs will be added to hacker’s standard toolkits,” said Guido.

Shares in Intel were down by 3.4 percent following the report but nudged back up 1.2 percent to $44.70 in after-hours trading while shares in AMD were up 1 percent to $11.77, shedding many of the gains they had made earlier in the day when reports suggested its chips were not affected.

It was not immediately clear whether Intel would face any significant financial liability arising from the reported flaw.

"The current Intel problem, if true, would likely not require CPU replacement in our opinion. However the situation is fluid," Hans Mosesmann of Rosenblatt Securities in New York said in a note, adding it could hurt the company's reputation.





Link to comment
Share on other sites

Microsoft issues emergency Windows update for processor security bugs


Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft’s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today.

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

While Microsoft is quickly addressing the issues, the fixes will also rely on firmware updates from Intel, AMD, or other vendors that are rolling out. Some anti-virus vendors will also need to update their software to work correctly with the new patches, as the changes are related to Kernel-level access.

The firmware updates and software patches could cause some systems to run slower. Sources familiar with the situation tell The Verge that Intel processors that are based on Skylake or newer architecture won’t see a significant performance degradation. However, older processors could slow down more significantly due to the firmware and software updates.

Intel says any slow downs will be “workload-dependent,” but the company has not expanded on how this will affect older machines. Microsoft is also planning to update its cloud-based servers with the latest firmware and software patches, and these updates are rolling out now.

The Verge understands that Google is planning to document and disclose the security flaws in processors at 5PM ET today. The exact bug appears to be related to the way that regular apps and programs can discover the contents of protect kernel memory areas. Kernels in operating systems have complete control over the entire system, and connect applications to the processor, memory, and other hardware inside a computer. There appears to be a flaw in modern processors that let attackers bypass kernel access protections so that regular apps can read the contents of kernel memory.

Software vendors like Microsoft and other Linux programmers are protecting against this by separating the kernel's memory away from user processes in what’s being called “Kernel Page Table Isolation.” Linux patches have been rolling out over the past month, and now Windows patches are being made available today.

Microsoft has confirmed the Windows update in a statement:

We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.



Link to comment
Share on other sites

Early Data Shows Linux Update to Fix Intel Security Flaw Hits Performance Hard

By Joel Hruska on January 3, 2018



Critical Intel security patch will slow PCs, servers and Macs


"The impact of the flaw is potentially huge because Intel’s microprocessors are found in millions of internet and corporate servers as well as business and consumer PCs, with the performance degradation of the security patches potentially as much as 30%, according to The Register. This means if a server has the capacity to support 100 users, this could drop to 70 after the software updates are applied."


Edited by monroe
Link to comment
Share on other sites

An interesting note in there that this issue does not effect AMD CPUs (Ryzen comes out on top?) but putting in the patches to computers with AMD CPUs will slow them down just the same. Seems like it could be a nightmare for anyone using Windows 10 on a Ryzen... if (at least) the linux patches are CPU agnostic, you wonder if MS will make it so only PCs with Intel and ARM CPUs will get (or be able to be) updated with these specific fixes.


5 hours ago, monroe said:


But according to this, it is not: https://lkml.org/lkml/2017/12/27/2

Is it all just a bunch of FUD to lump AMD into this issue or has anyone been able to replicate it on their CPUs?

EDIT: topics merged and title changed.

Link to comment
Share on other sites

Just reading this ... looks like Intel has it covered ... I hope this will be the case.


Intel responds to the CPU kernel bug, claiming its patches will make PCs 'immune'

Intel said the patches for the CPU vulnerability, due next week, would bring a negligible performance hit to the average user. Claiming that the patches can make PCs "immune" from the vulnerabilities is a first, though.

By Mark Hachman

Senior Editor, PCWorld | Jan 4, 2018

(Editor's Note: Intel has now provided a list of the affected processors, as well as when it first learned of the problem.)

Intel said Thursday that by next week, the company expects to have patched 90 percent of its processors that it released within the last five years, making PCs and servers "immune" from both the Spectre and Meltdown exploits, the company said.

Intel's announcement was the latest update in an ongoing fight to patch microprocessors against a pair of vulnerabilities released this week. The company said that it had already released updates "for the majority" of its chips released in the last five years, and would hit the 90 percent mark next week. The updates are being released as firmware updates and software patches. 

Right now, there are two areas of concern for the Spectre and Meltdown vulnerabilities, which we've described in more detail in a separate FAQ. First, there's the security concerns: both vulnerabilities allow an attacker to peer into privileged data that normally is concealed. There's also a worry that any patches will slow down PCs as a result, though Intel has maintained that the average user will be only slightly affected.

What this means: At this point, we know that major chip and operating system vendors are aware of the problem and working to release fixes. The first should probably arrive as part of Microsoft’s Patch Tuesday, or earlier. What’s unclear is how many different types of software and CPU architectures the patches will affect, and the amount of performance (if any) that PCs will suffer as a result. It’s a very complicated issue, so we’ve created an Intel CPU kernel bug FAQ that breaks down all the info we know in clear, easy-to-read language to help you wrap your head around it.

How we got here

If you think both Spectre and Meltdown were new to Intel -- no, they're not. In a FAQ published Thursday, Intel said it was aware of the problem in June 2017. "In this case, the security researchers presented their findings in confidence, and we and other companies worked together to verify their results, develop and validate firmware and operating system updates for impacted technologies, and make them widely available as rapidly as possible," the company said.

During a conference call Wednesday afternoon, Intel shed more light on the CPU kernel vulnerability, now being referred to as a “side channel analysis exploit.” Expect to see patches roll out to address the flaw over the next several weeks, Intel executives said. The performance impact of the patches is expected to be at frustrating levels—somewhere between 0 and 30 percent, though “average” PC users are expected to see little impact.

To the question of which Intel microprocessors are affected: it's pretty much all of them. Here's the complete list, as published by Intel.

Intel Core i3 processor (45nm and 32nm)

Intel Core i5 processor (45nm and 32nm)

Intel Core i7 processor (45nm and 32nm)

Intel Core M processor family (45nm and 32nm)

2nd generation Intel Core processors

3rd generation Intel Core processors

4th generation Intel Core processors

5th generation Intel Core processors

6th generation Intel Core processors

7th generation Intel Core processors

8th generation Intel Core processors

Intel Core X-series Processor Family for Intel X99 platforms

Intel Core X-series Processor Family for Intel X299 platforms

Intel Xeon processor 3400 series

Intel Xeon processor 3600 series

Intel Xeon processor 5500 series

Intel Xeon processor 5600 series

Intel Xeon processor 6500 series

Intel Xeon processor 7500 series

Intel Xeon Processor E3 Family

Intel Xeon Processor E3 v2 Family

Intel Xeon Processor E3 v3 Family

Intel Xeon Processor E3 v4 Family

Intel Xeon Processor E3 v5 Family

Intel Xeon Processor E3 v6 Family

Intel Xeon Processor E5 Family

Intel Xeon Processor E5 v2 Family

Intel Xeon Processor E5 v3 Family

Intel Xeon Processor E5 v4 Family

Intel Xeon Processor E7 Family

Intel Xeon Processor E7 v2 Family

Intel Xeon Processor E7 v3 Family

Intel Xeon Processor E7 v4 Family

Intel Xeon Processor Scalable Family

Intel Xeon Phi Processor 3200, 5200, 7200 Series

Intel Atom Processor C Series

Intel Atom Processor E Series

Intel Atom Processor A Series

Intel Atom Processor x3 Series

Intel Atom Processor Z Series

Intel Celeron Processor J Series

Intel Celeron Processor N Series

Intel Pentium Processor J Series

Intel Pentium Processor N Series

Intel, whose processors were the focus of an initial report from The Register, said that both ARM and AMD, as well as several operating system vendors, have been notified of the vulnerability. The flaw was first discovered by Google’s Project Zero security team, says Intel, which Google confirmed. Two names, Spectre and Meltdown, are also being used to identify the vulnerabilities.

Intel said that it would issue its own microcode updates to address the issue, and over time some of these fixes will be rolled into hardware. At press time, Microsoft declined to comment on how it would proceed, though it is expected to release its own patches soon. Google, too, issued its own report on which of its products could be affected: These include Chrome and Android phones, though the latter will depend on how quickly phone makers roll out updates. 

... more reading at the link to the article



Link to comment
Share on other sites

2 hours ago, monroe said:

2nd generation Intel Core processors

3rd generation Intel Core processors

4th generation Intel Core processors

5th generation Intel Core processors

6th generation Intel Core processors

7th generation Intel Core processors

8th generation Intel Core processors

What are these anyways? They are only the CPUs in the i-3/5/7 range according to wikipedia.


Look at the contents/index part to see the breakdown. But I thought articles were saying this issue goes back 20 years? So they are not going to offer 20 years worth of fixes or Intel says that CPUs older than the ones listed do not have the problem? Based on the list from Intel, it would seem that ... say Core 2 Quad Q6600 does not have the problem. What about Pentium 4?

  • Like 1
Link to comment
Share on other sites

So then we will not see fixes for legacy OS and likely even the patches we would see are for OSes in their support period or extended (paid) support period say for XP or Server 2003. If there ends up being a fix in XPe or POSReady2009, then this might be the way to get the update on desktop XP. I wonder about the methods for exploiting this, is it going to be the usual "it won't work on W95 because you need to use some thing that doesn't work on the OS" ...

PS: added tags to the topic.

  • Like 1
Link to comment
Share on other sites

2 hours ago, dencorso said:

AFAICS, everything from Pentium Pro on is affected. "Speculative execution" is the keyword here. The rest is silence.

Not necessarily. The weakness results from the CPU restoring imperfectly its state when an exception occurs. Speculative execution makes restoration difficult, but alone it doesn't imply a weakness.

From Intel's list, the Core 2 for instance seems immune, with the design flaw beginning at Core i3/i5/i7.

I trust Intel's list (...which can evolve) better than arbitrary claims from other sources, which often rely only on the presence of speculative execution, a very old feature indeed.

I wonder: exceptions occur much more frequently than after a violation of memory protection, including during legitimate operation of the OS and applications. If the restoration of state is faulty, then the CPU must introduce erroneous behaviour in the machine. This hasn't been observed before?

Link to comment
Share on other sites

4 hours ago, Tripredacus said:

Look at the contents/index part to see the breakdown. But I thought articles were saying this issue goes back 20 years? So they are not going to offer 20 years worth of fixes or Intel says that CPUs older than the ones listed do not have the problem? Based on the list from Intel, it would seem that ... say Core 2 Quad Q6600 does not have the problem. What about Pentium 4?

Exactly what I was thinking when I first read this ... I had first heard '10 years', then 20 years. I thought my Pentium M ThinkPads might be 'good to go' ... but not sure. I am also wondering if there will be a 'fix' for the older chips at some point.


Link to comment
Share on other sites

SpecuCheck doesn't check for the vulnerabilities, it checks for a patch. No patch for Win<7, so no reason for a Win<7 SpecuCheck.

From https://github.com/ionescu007/SpecuCheck/blob/master/README.md:

SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel.

Microsoft released patches for Windows 7 SP1 and higher...[that] apply a number of software and hardware mitigations against these issues. The enablement state of these mitigations, their availability, and configuration is...exposed to user-mode callers through an undocumented system call.

SpecuCheck takes advantage of this system call in order to confirm if a system has indeed been patched (non-patched systems will fail the call) and what the status of the mitigations are, which can be used to determine potential performance pitfalls.

  • Like 1
Link to comment
Share on other sites

I have downloaded the meltdown and spectre papers several times, inclusive from the wayback machine. When I open either in Adobe Reader 8.3.1  all I get is gibberish. IrfanView, OTOH, compliains Ghostscript (v. 8.63) thinks the files are corrupted. The files say they're PDF v. 1.5, so the readers I'm using ought to be more than enough to read either... I'm baffled! What's going on? If those files were really corrupted, they'd've fixed it already? Please advise.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...