Intel CPU flaw gets third-party patch but no details

Intel CPU flaw gets third-party patch but no details

After internet speculation dating back to June of last year boiled over in the opening days of 2018, Intel was forced to respond to claims by credible

Dahua, Hikvision IoT Devices Under Siege
Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update
A mess of Microsoft patches, warnings about slowdowns — and antivirus proves crucial

After internet speculation dating back to June of last year boiled over in the opening days of 2018, Intel was forced to respond to claims by credible researchers regarding a potential CPU flaw affecting its hardware. The statement, which led to more questions than answers regarding severity and the potential performance penalties of a fix, at least made it clear that something serious was afoot. Despite one researcher’s claims to the contrary, the Intel statement also suggested that rival AMD’s chips are affected by similar vulnerabilities.

The initial discovery of the Intel CPU flaw has been credited to researchers at the Graz University of Technology in Styria, Austria, who were attempting to prevent kernel ASLR (KASLR) attacks in Linux. The paper — titled “KASLR is Dead: Long Live KASLR” — detailed how the old system of kernel memory mapping — Linux KAISER — needed to be modified with kernel page-table isolation (KPTI).

Because the details of any potential Intel CPU flaw are unknown, experts couldn’t agree on the severity of the reported flaw, but did note that KASLR attacks are difficult to perform.

Evidence of the Intel CPU flaw            

After KPTI was integrated into Linux within three months and the speed at which this occured led some to speculate that the changes came preceding disclosure of an Intel CPU flaw related to KASLR attacks. This speculation intensified when combined with news from Alex Ionescu, vice president of EDR Strategy at CrowdStrike, in November 2017 that Microsoft was working on a similar patch.

 

Ionescu also found code in macOS 10.13.2 that would mitigate a potential Intel CPU flaw.

Additionally, Thomas Lendacky, software engineer at Advanced Micro Devices, claimed AMD chips were unaffected by similar attacks, but noted in a post on a Linux Kernel Mailing List archive that users should “assume for now that ALL x86 CPUs are insecure.”

“AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against,” Lendacky wrote. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

Erik Bosman, aka brainsmoke, PhD student in the Systems and Network Security group at the Vrije Universiteit Amsterdam in the Netherlands, posted what is thought to be proof-of-concept code to exploit the Intel CPU flaw, however the code has not yet been verified.

Official response

Although the details of the possible Intel CPU flaw remained unknown, the speculation around these posts and information led to Intel releasing an official statement on the news coverage.

“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits,” Intel wrote in the statement. “Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Ionescu said on Twitter that the statement seemed to focus more on the reporting rather than the evidence supporting the potential Intel CPU flaw.

Go to Source

COMMENTS