Security Advisory - Meltdown and Spectre affecting all computing platforms via Processor Speculative Execution
Posted by Rahul :: WIPL on 05 January 2018 05:03 PM
WIPL is aware and keeping a close watch on a recently disclosed security vulnerability that is affecting Intel, AMD and ARM processor architectures across servers, desktops & mobile devices. We will be updating all the affected infrastructure and our cloud images in the upcoming days, once the fix becomes available from OS vendors.
Website dedicated to this vulnerability -
What is the difference between Meltdown and Spectre?
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technical discussion we refer to the papers ( Meltdown and Spectre)
Is there a workaround/fix?
There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation by Spectre .
Is there more technical information about Meltdown and Spectre?
Several microarchitectural (hardware) implementation issues affecting many modern microprocessors have surfaced recently. As explained in Red Hat's security advisory, fixing these requires
"updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update. An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. All three rely upon the fact that modern high performance microprocessors implement both speculative execution, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.
The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as "Spectre". Both variants rely upon the presence[ of a precisely-defined instruction sequence in the privileged code, as well as the fact that memory accesses may cause allocation into the microprocessor’s level 1 data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use these two flaws to read privileged memory by conducting targeted cache side-channel attacks. These variants could be used not only to cross syscall boundary (variant 1 and variant 2) but also guest/host boundary (variant 2).
The third variant (CVE-2017-5754) relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. Researchers have called this exploit "Meltdown". Subsequent memory accesses may cause an allocation into the L1 data cache even when they reference otherwise inaccessible memory locations. As a result, an unprivileged local attacker could read privileged (kernel space) memory (including arbitrary physical memory locations on a host) by conducting targeted cache side-channel attacks."
Fix on CentOSHow to patch Meltdown CPU Vulnerability CVE-2017-5754 and Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux
Type the following yum command:
$ sudo yum update kernel
Reboot the instance
Fix on Debian/Ubuntu
Use the following apt-get command:
$ sudo apt-get update
Reboot the instance
Happy to help.
Kindly contact the support of any concerns that you may have. Please mail us at Support Team for any queries.
Read more »