ANNOUNCEMENT

Title: CPU Hardware Security Vulnerability Alert

Introduction

National Cyber Coordination and Command Centre (NC4) is aware of recent revelation of security vulnerabilities in processors that can be exploited to gather sensitive data from computing devices.

Impact

Malicious code executed with user privileges can access privilege information, at otherwise protected kernel memory level.

Brief Description

Recent research by security researchers uncovered security vulnerabilities, Meltdown and Spectre, involving kernel memory in Intel, ARM, AMD and other processors. The vulnerabilities could enable malware to steal privileged information stored in the memory location of other running programs such as passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

Meltdown

Meltdown vulnerability relates to execution of vulnerable code with out-of-bound index on CPUs that enables applications to read the entire kernel memory of the machine it executes on, including all physical memory at kernel level. Meltdown does not exploit any software vulnerability. Instead, it exploits side-channel information that is available on most modern processors.

Meltdown subverts CPU memory isolation capabilities and allows unprivileged process to read data mapped in the kernel address space, including the entire physical memory on Linux and OS X, and a large fraction of the physical memory on Windows. Hence, an enormous number of chip-based systems are affected.

KAISER patch can be used to prevent the vulnerabilities from being exploited by Meltdown in Linux. KAISER was initially developed to prevent site-channel attacks targeting KASLR where stronger isolation between kernel and user space is implemented.

Spectre

Spectre involves speculative execution technique which is used by processor in order to increase performance by guessing likely future execution paths and prematurely executing the instruction. Spectre attack involve inducing a processor to speculatively perform operations which results in leakage of side channel information to the attacker.

Speculative execution requires that the processor make guesses as to the likely outcome of the branch instructions. Better prediction improve performance by increasing the number of speculatively executed operations that can be successfully committed.

This attack is different from Meltdown where Meltdown heavily relies on observation that when an instruction causes a trap and exploit a privilege escalation vulnerability specific to Intel processor due to which speculatively executed instructions can bypass memory protection. Spectre tricks other applications into accessing arbitrary location in their memory. Both techniques use side-channels to obtain the information from accessed memory location.

Spectre includes a bounds check bypass covered in CVE-2017-5753 and branch target injections covered in CVE-2017-5715. Meltdown is a rogue data cache load, which is covered in CVE-2017-5754.

System Affected

Affects all desktops, laptops, servers, cloud computers, mobile phones and embedded devices running on Intel, AMD and ARM processors.

Recommendation

We advise agencies to take the following actions:

  1. Update all your devices operating systems with the latest security patches and firmware updates soon-to-be-released by respective vendors (refer to the CVE links under Reference); and
  2. For any incidents related to this attack, please report to NC4.

References

  1. CVE-2017-5754
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
  2. CVE-2017-5753
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
  3. CVE-2017-5715
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
  4. USCERT Vulnerability Note VU584653
    https://www.kb.cert.org/vuls/id/584653
  5. KAISER
    https://lwn.net/Articles/738975/
  6. Meltdown and Spectre - Bugs in modern computer leak password and sensitive data
    https://meltdownattack.com/
  7. Reading privileged memory with a side-channel
    https://googleprojectzero.blogspot.my/2018/01/reading-privileged-memory-with-side.html
  8. Kernel-memory-leaking Intel processor design flaw forces Linux Windows redesign
    https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Source : National Cyber Coordination and Command Centre (NC4) Official Website

CONTACT US

NATIONAL CYBER SECURITY AGENCY (NACSA)

National Security Council
Prime Minister's Department
Level LG & G, West Wing,
Perdana Putra Building,
Federal Government Administrative Center,
62502 Putrajaya, Malaysia.

FOLLOW US




Number of Visitors Last Updated
18,249 12 February 2019