National Cyber Coordination and Command Centre (NC4) is aware of recent revelation of security vulnerabilities in processors that can be exploited to gather sensitive data from computing devices.
Malicious code executed with user privileges can access privilege information, at otherwise protected kernel memory level.
Recent research by security researchers uncovered security vulnerabilities, Meltdown and Spectre, involving kernel memory in Intel, ARM, AMD and other processors. The vulnerabilities could enable malware to steal privileged information stored in the memory location of other running programs such as passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.
Meltdown vulnerability relates to execution of vulnerable code with out-of-bound index on CPUs that enables applications to read the entire kernel memory of the machine it executes on, including all physical memory at kernel level. Meltdown does not exploit any software vulnerability. Instead, it exploits side-channel information that is available on most modern processors.
Meltdown subverts CPU memory isolation capabilities and allows unprivileged process to read data mapped in the kernel address space, including the entire physical memory on Linux and OS X, and a large fraction of the physical memory on Windows. Hence, an enormous number of chip-based systems are affected.
KAISER patch can be used to prevent the vulnerabilities from being exploited by Meltdown in Linux. KAISER was initially developed to prevent site-channel attacks targeting KASLR where stronger isolation between kernel and user space is implemented.
Spectre involves speculative execution technique which is used by processor in order to increase performance by guessing likely future execution paths and prematurely executing the instruction. Spectre attack involve inducing a processor to speculatively perform operations which results in leakage of side channel information to the attacker.
Speculative execution requires that the processor make guesses as to the likely outcome of the branch instructions. Better prediction improve performance by increasing the number of speculatively executed operations that can be successfully committed.
This attack is different from Meltdown where Meltdown heavily relies on observation that when an instruction causes a trap and exploit a privilege escalation vulnerability specific to Intel processor due to which speculatively executed instructions can bypass memory protection. Spectre tricks other applications into accessing arbitrary location in their memory. Both techniques use side-channels to obtain the information from accessed memory location.
Spectre includes a bounds check bypass covered in CVE-2017-5753 and branch target injections covered in CVE-2017-5715. Meltdown is a rogue data cache load, which is covered in CVE-2017-5754.
Affects all desktops, laptops, servers, cloud computers, mobile phones and embedded devices running on Intel, AMD and ARM processors.
We advise agencies to take the following actions:
Source : National Cyber Coordination and Command Centre (NC4) Official Website