Specter and Meltdown are back: New vulnerabilities at AMD and Intel
AMD and Intel provide microcode and firmware updates for numerous processors that are intended to help against newly discovered security gaps. Above all, this affects the vulnerability known as Inception in Ryzen and Epyc CPUs from AMD and a downfall in the case of Intel.
Both attacks rely on Specter and Meltdown, but bypass previous security patches. They are primarily relevant for operators of cloud data centers on whose servers different customers run their respective software in parallel. Comparable attacks on desktop PCs and notebooks are possible, but unrealistic – data can be accessed more easily there thanks to direct access.
Downfall with Meltdown roots
Downfall (CVE-2023-32543, medium classification 6.5) overflows memory areas in order to read data from external processes. However, for this to work, the downfall malware and its victim process must be running on the same CPU core. But then downfall also works with active Software Guard Extensions (SGX), which are actually supposed to protect sensitive data better (Confidential Computing in Trusted Execution Environments/TEE). Of course, many cloud instances are tailored in such a way that several of them do not run on the same CPU cores.
While previous Meltdown attacks were aimed at the data caches of the CPU cores, Downfall attacks the SIMD units. SIMD stands for “Single Instruction, Multiple Data”, because it allows the CPU to apply individual instructions to a complete data vector, which then executes the tasks on all lanes assigned to it at the same time.
Google security researcher Daniel Moghimi found that the Gather instruction leaks data from the SIMD vector register at 5.7 KB/s. The Gather Data Sampling (GDS) type of attack uses cryptographic keys, for example.
Gather Value Injection (GVI) goes one step further and combines the Gather command with the Load Value Injection (LVI) attack type. GVI looks for a Gather instruction in the victim process and puts its own data value under it.
As Moghimi writes in his Downfall paper: “For example, if a program executes the Gather statement and uses its output to index into another allocated memory, an attacker can force the program to access out-of-bounds data by it injects stale memory indexes into Gather during transient execution to leak any data outside of that allocation and out of the victim’s address space.”
Inception with Specter roots
All Zen processors from AMD, including the current Zen 4 models (Epyc 9004, Ryzen 7000), are susceptible to the Inception attack. This new spin from security researchers at ETH Zurich shows once again that Specter-style attacks on AMD CPUs are complicated, but not impossible.
Inception (CVE-2023-20569, medium rating) combines the techniques of phantom speculation (Spectre) with transient execution. The attack disguises any binary operations (so-called XOR instructions) as recursive call commands. It triggers incorrect branch predictions and overflows the return stack buffer. The attacker can determine the target memory address to which the processor writes the data.
Block diagram of the Inception attack.
(Image: Daniël Trujillo, Johannes Wikner, Kaveh Razavi)
Many – including current – processors are affected
All Intel processors from the Skylake to Tiger or Rocket Lake generations are affected by the downfall, including various server CPUs such as the Xeon Platinum 8180. According to the list of manufacturers, Alder Lake, Raptor Lake and the server offshoots Sapphire Rapids are not susceptible. Intel mitigates the vulnerability with the lfence command so that the data is no longer passed on after a gather instruction.
AMD mitigates inception by directing all incorrect branch predictions to the same initial state in the execution chain. This jump back also leads to an incorrect result, which can, however, be checked. This should cost significantly less performance than emptying the CPU pipeline in the event of an incorrect branch prediction (flush).
If you want to be on the safe side, you can still empty the pipeline. AGESA updates only come for Zen 3 and Zen 4 processors because the necessary flush instruction is missing there.
Intel lists some other security vulnerabilities with medium ratings in its Security Advisories of August 8th. This applies to the Unite Android app, the Intelligent Test System (ITS) tool and the MAVinci software for the Falcon 8+ drone. IST and MAVinci are discontinued by Intel – there are no updates. Unite receives a security patch.
Intel also closes some BIOS vulnerabilities. In turn, the manufacturers of mainboards and PCs have to enter the updates into their own product-specific firmware updates, sign them and make them available for download.
Go to home page
#Specter #Meltdown #vulnerabilities #AMD #Intel