[svlug] Intel CPUs' Kernel Page Table Isolation (KPTI) fix

Alex Keller axkeller at stanford.edu
Thu Jan 4 13:17:57 PST 2018


Jann Horn's (Google Project Zero) superb write-up is here:
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

These flaws were apparently discovered independently by multiple teams at roughly the same time. 

Best,
Alex  


-----Original Message-----
From: svlug-bounces+axkeller=stanford.edu at lists.svlug.org [mailto:svlug-bounces+axkeller=stanford.edu at lists.svlug.org] On Behalf Of Rick Moen
Sent: Thursday, January 4, 2018 12:57 PM
To: svlug at lists.svlug.org
Subject: Re: [svlug] Intel CPUs' Kernel Page Table Isolation (KPTI) fix

Quoting Sarah Newman (newmans at sonic.net):

> There are actually 3 different classes of vulnerabilities. It's not 
> just intel. https://developer.arm.com/support/security-update

Good point.  Google's Security Blog has a very general rundown about these findings from the Project Zero researcher:
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
It's pretty woefully deficient on specifics.  
https://meltdownattack.com/ (from the researchers) is better, and the ARM page at least outlines the three attacks and gives their CVEs:

Variant 1: bounds check bypass (CVE-2017-5753)    [RM: Spectre]
Variant 2: branch target injection (CVE-2017-5715)[RM: Spectre] Variant 3: rogue data cache load (CVE-2017-5754)  [RM: Meltdown - Intel-specific]

Which ARM cores aren't and aren't affected by Spectre is shown on the ARM page.  In general terms, _some_ 64-bit Intel, AMD, and ARM processors are affected by Spectre, specifically those with 'speculative execution'.  https://developer.arm.com/support/security-update

C code to test for the Spectre vulnerability:
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

As to Meltdown and Intel CPUs, researchers' claim is that 'every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)'.
https://meltdownattack.com/#faq-systems-meltdown
They says it's not been confirmed yet on anything but Intel CPUs, e.g., not yet on ARM, AMD, MIPS, SPARC64, etc.

The patches for Linux, MS-Windows, and OS X adress Meltdown; fixing Spectre is a work in progress, i.e., there are experimental Linux patches for one of the two Spectre attacks, Variant 2:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html
https://lwn.net/Articles/743019/

Here's part of the work on Variant 1:
https://lwn.net/Articles/742754/


I have to say that 'Don't worry and just run Javascript from arbitrary locations on the Web' is looking like an even worse idea than before, given these side-channel exploits against system RAM.

I think _way_ more people other than VPS vendors need to be worried.


_______________________________________________
svlug mailing list
svlug at lists.svlug.org
http://lists.svlug.org/lists/listinfo/svlug




More information about the svlug mailing list