Meltdown/Spectre and other chip-related resources

This was originally a one-off blog article relating strictly to Meltdown/Spectre-related issues: now  expanded and to be maintained (when time allows) here as a ‘live’ resource. While those vulnerability issues aren’t likely to go away immediately and apply across a wide range of platforms, I’m also adding chip/CPU/GPU info that are of interest but not directly related. However, I don’t promise any in-depth commentary: rather, links to articles and resources that might be useful. Where I can’t resist commenting at length, it will be in an article on this site, though it may be reproduced or just linked to on this page.

Index

  • News and General Resources
    • Webkit
    • PoCs (Proofs of Concept)
    • Skyfall/Solace
  • Security Company Commentary
    • ESET Resources
    • G-Data Resources
    • Checkpoint Resources
    • Trend Micro Resources
  • Affected Companies
    • Apple
    • Google/Android
    • IBM
    • Intel
    • AMD
    • Microsoft/Windows
  • ICS/SCADA

News & General resources

[16th June 2018]

1.

Lawrence Abrams for Bleeping Computer: New Lazy FP State Restore Vulnerability Affects All Intel Core CPUs – ‘According to Intel this new vulnerability affects all Intel Intel Core-based microprocessors and is a bug in the actual CPU, so it does not matter what operating system the user is running. It could be Windows, Linux, BSD, or any other operating running an an Intel Core-based CPU and using “Lazy FPU context switching”.’

2.

The Register: Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune – “Malware on Cores, Xeons may lift computations, mitigations in place or coming … In short, the security hole could be used to extract or guess at secret encryption keys within other programs, in certain circumstances, according to people familiar with the engineering mishap.”

3.

The Register: Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix – “Good thing too because Intel’s planned chip changes may break Google’s Retpoline”

“In a paper distributed this week through the ArXiv preprint server, “SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation,” computer scientists from University of California, Riverside, College of William and Mary and Binghamton University describe a way to isolate the artifacts produced by speculative execution so that they can’t be used to glean privileged data.”

[6th June 2018]

Mark Pesce for The Register: ‘Moore’s Revenge’ is upon us and will make the world weird – “When everything’s smart, the potential for dumb mistakes becomes enormous”.

[1st June 2018]

The Register: Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode) – “Apps, 32 or 64-bit, will continue to run just fine as design biz looks to ditch baggage … Linux and Android, Windows, and other operating systems built for this latest Cortex-A family member are being positioned, or are already positioned, to work within this 64-bit-only zone.”

Also from The Register: Spectre-protectors: If there’s something strange in your CPU, who you gonna call? “Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more … Enhanced Spectre-protectors will soon come to the Chrome browser … and upgrades for Windows, Mac and Linux have started to flow.”

[May 30 2018]

Interesting paper: Post-Spectre Threat Model Re-Think

[26th May 2018]

[12th May 2018]

[5th May 2018]

The Register: Fresh fright of data-spilling Spectre CPU design flaws haunt Intel – “Chipzilla checking fresh set of CVEs in chip side-channel flaw”

And ESET’s resource article has been updated again: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

[3rd May 2018]

Hilbert Hagedoorn for The Guru of 3-D: Eight new Spectre Variant Vulnerabilities for Intel Discovered – four of them critical

The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”

ESET: further updates to Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

[27th April 2018]

Kaspersky Threat Post: MICROSOFT ISSUES MORE SPECTRE UPDATES FOR INTEL CPUS – “Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware (microcode) updates for Intel CPUs that include the Broadwell and Haswell chipsets.”

ZDnet: A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Commentary on Exploiting CVE-2018-1038 – Total Meltdown

[25th April 2018]

Kyle Orland for Ars Technica: The “unpatchable” exploit that makes every current Nintendo Switch hackable [Updated] “Newly published Tegra bootROM exploit could be a big headache for Nintendo and others.” Commentary from The Verge: Nintendo’s Switch can be hacked to run custom apps and games.

[23rd April 2018]

Security Explorations: THE ORIGIN AND IMPACT OF SECURITY VULNERABILITIES IN ST CHIPSETS SE-2011-01 [Security weaknesses in a digital satellite TV platform]

[17th April 2018]

Help Net Security: Rambus launches fully programmable secure processing core – “At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU.”

The Register: Microsoft has designed an Arm Linux IoT cloud chip… – “Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.”

Paul Ducklin for Sophos: Could an Intel chip flaw put your whole computer at risk? – “Well, the spectre of CIH is back in the news following a recent security advisory, numbered INTEL-SA-00087, from chip maker Intel.”

[1st April 2018]

Webkit

Webkit.org: What Spectre and Meltdown Mean For WebKit

PoCs (Proofs of Concept)

Skyfall/Solace

Security Company Commentary

ESET resources

Wait, don’t go! This resource is not run for or by ESET, and of course lots of other security companies are providing sound information on these issues. However, as I’m on several ESET mailing lists (I work with the company as a consultant) I see a wider range of material from there than I do from other companies. If time allows, I’ll try to include vendor info from other major companies too.

G-Data resources

Inside Meltdown and Spectre: Interview with Anders Fogh

Checkpoint resources

How The Spectre/Meltdown Vulnerabilities Work

Trend Micro Resources

Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”

Affected Companies 

Apple

Google

Android

Chrome OS

IBM

The Register: IBM’s complete Meltdown fix won’t land until mid-February – POWER CPU patches available now or next week, AIX and i OS fixes are more than a month off

Intel

[12th May 2018]

[21st April 2018] The Verge: Intel is offloading virus scanning to its GPUs to improve performance and battery life

[16th April 2018] Also only distantly related. Bleeping Computer: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

[6th April 2018] Only distantly related, but… The Register: NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app – “No joke: another security SNAFU for Chipzilla, this time for a popular remote admin app” (applies to “Intel Remote Keyboard” for iOS and Android).

[4th April 2018] Simon Sharwood for The Register: Intel admits a load of its CPUs have Spectre v2 flaw that can’t be fixed – “And won’t fix Meltdown nor Spectre for 10 product families covering 230-plus CPUs”. For more specific information, see Intel’s document Microcode Revision Guidance, April 2 2018

[16th March 2018]

John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”

[24th January 2018]

  1. Zelkjka Zorz for Help Net Security: Intel testing new Spectre fixes, tells everyone to hold off on deploying current firmware updates

“Shortly after Red Hat stopped providing microcode to address variant 2 (branch target injection) of the Spectre attack, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current firmware updates that fix the same vulnerability (CVE-2017-5715).”

  1. Intel’s own “News Byte”: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners

“Based on this, we are updating our guidance for customers and partners:

  • We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
  • […]
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
  1. GBHackers: Intel asks customers to hold off Applying Patches for Spectre and Meltdown

“Intel told now they have identified the root cause of the reboot issue that affected Broadwell and Haswell CPUs and they are preparing a solution to address the issue and asks to hold off applying patches for Spectre and Meltdown.”

[26th January 2018]

The Register: Trebles all round! Intel celebrates record sales of insecure processors – Siri, what’s a monopoly?

[8th February 2018]

Simon Sharwood for The Register: Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery – For now, have some code that won’t crash Skylakes and stay close to your Telescreens.

He observes:

Sound advice, but a bit hard to swallow given that Shenoy’s “Security Issue Update” revealed that Intel is yet to develop properly working microcode updates for many of the CPUs imperilled by Spectre and Meltdown […] Chipzilla has managed to sort out sixth-generation Skylakes, as a February 7th Microcode Revision Guidance (PDF) document records.

AMD

Microsoft/Windows

[14th April 2018] Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.

[11th April 2018] Pierluigi Paganini: AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday.

[3rd April 2018] And the sad story of Microsoft’s Windows 7 patch does not yet seem to be over. Shaun Nichols for The Register: Mad March Meltdown! Microsoft’s patch for a patch for a patch may need another patch – “If at first, er, second, ah, third, no, fourth, you fail, sadly, you’re probably Redmond”

[March 31st 2018]

[March 29th 2018]

  • Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)

[March 28th 2018]

[March 23rd 2018]

Microsoft Technet: KVA Shadow: Mitigating Meltdown on Windows

[March 16th 2018]

Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”

[March 2nd 2018.]

ICS/SCADA

David Harley

Advertisements