Mitigations Prepared for Critical Flaw in Intel CPUs
Researchers have apparently discovered a serious vulnerability affecting all Intel CPUs. Software-level mitigations have already been developed, but they could cause significant performance penalties. Details of the vulnerability are expected to become available on January 9.
The impact of the flaw is comparable to the notorious Heartbleed bug, but an attack is said to be more practical. The existence of the security hole came to light following the introduction of kernel page table isolation (KPTI) in Linux. A similar feature is being implemented by Microsoft in Windows and Apple is also expected to make some changes in macOS.
Experts believe it will not be easy for Intel to address the problem directly in its processors. KPTI is a hardening technique designed to improve security by isolating the kernel space from user space memory. It's based on the KAISER system developed last year by a team of researchers at the Graz University of Technology in Austria.
KAISER brings improvements to address space layout randomization (ASLR), a mitigation designed to prevent control-flow hijacking and code injection attacks. Back in July 2017, researcher Anders Fogh shared some thoughts on how it may be possible to read kernel memory from an unprivileged process via speculative execution. While his attempts were unsuccessful, his work did yield some results.
Some believe that researchers at Graz University - Fogh has previously collaborated with Graz University researchers on memory-related attacks - may have found a way to make it work. Gaining access to the kernel space poses serious risks as this memory can include highly sensitive information. AMD says its processors are not vulnerable to the type of attacks mitigated by KPTI, but the company does mention speculative execution.
"The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault," an AMD representative explained. Cloud services from Microsoft, Amazon and Google are apparently impacted by the Intel hardware vulnerability - Amazon Web Services (AWS) and Microsoft Azure have informed customers of upcoming security updates that will require a reboot of their cloud instances. A developer who writes on the blog Python Sweetness speculated that the flaw could allow privilege escalation attacks against hypervisors.
As for the impact of the KPTI mitigation on performance, tests conducted by Grsecurity showed an impact of up to 35%, but it depends a great deal on what type of operations are being carried out. Tests done by Phoronix showed that gaming performance on Linux does not appear to be affected by the PTI changes in the kernel. "Performance penalties from single to double digits are expected on patched kernels," explained Michael Larabel, founder of Phoronix. "The penalty depends upon how much interaction the application/workload deals with the kernel if there's a lot of context switching and other activity. If it's a simple user-space application not doing much, the x86 PTI additions shouldn't cause much of an impact.
Newer Intel CPUs with PCID should also help in ensuring less of a performance impact." The developers of the KAISER system claimed that the method has a negative impact of only 0.28%. Related: Intel Warns of Critical Vulnerability in Processor Firmware
- ^ Heartbleed (www.securityweek.com)
- ^ implemented by Microsoft in Windows (twitter.com)
- ^ KPTI (en.wikipedia.org)
- ^ KAISER (gruss.cc)
- ^ read kernel memory from an unprivileged process (cyber.wtf)
- ^ believe (news.ycombinator.com)
- ^ memory-related attacks (www.securityweek.com)
- ^ explained (lkml.org)
- ^ Amazon Web Services (AWS) (twitter.com)
- ^ Microsoft Azure (twitter.com)
- ^ speculated (pythonsweetness.tumblr.com)
- ^ Grsecurity (twitter.com)
- ^ impact (grsecurity.net)
- ^ Tests (www.phoronix.com)
- ^ not appear to be affected (www.phoronix.com)
- ^ Intel Warns of Critical Vulnerability in Processor Firmware (www.securityweek.com)
- ^ Intel Chip Flaws Expose Millions of Devices to Attacks (www.securityweek.com)