Jump to content

Meltdown (security vulnerability)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 64.121.146.209 (talk) at 03:22, 5 January 2018. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The logo of the vulnerability

Meltdown is a hardware vulnerability in Intel x86 microprocessors which implement speculative execution that allows an unauthorized process access to privileged memory. It was issued a Common Vulnerabilities and Exposures ID of CVE-2017-5754 in January 2018.

History

Meltdown was discovered independently by researchers from Google's Project Zero, Cyberus Technology, and Graz University of Technology.[1] The same research teams that discovered Meltdown also discovered a related CPU security vulnerability now called Spectre. The two vulnerabilities were made public jointly, on January 3, 2018, several days ahead of the coordinated release date of January 9, 2018 due to premature reports and widespread speculation.[2] As a result, patches were not available for some platforms, such as Ubuntu,[3] when the vulnerabilities were disclosed.

Affected hardware

The Meltdown vulnerability is only known to affect Intel microprocessors.[4] It is thought not to affect AMD microprocessors.[5][6][7][8][9] Intel has countered that the flaws affect all processors.[10] AMD has denied this, and claims that there is near zero chance for their processors to be affected.[11] Researchers have indicated that the Meltdown vulnerability is exclusive to Intel processors, while the Spectre vulnerability can possibly affect some Intel, AMD, and ARM processors.[12][13][14][15] Specifically, processors with speculative execution are affected with these vulnerabilities.[16] Intel and ARM processors are affected the most, while AMD processors are minimally affected.[17] Google has reported that every Intel processor since 1995 with out of order execution is potentially vulnerable to the Meltdown vulnerability.[18] Intel introduced speculative execution to their processors with Intel's P6 family microarchitecture with the Pentium Pro IA-32 microprocessor in 1995.[19]

ARM has reported that the majority of their processors are not vulnerable, and published a list of the specific processors that are affected.[20]

Mechanism

The following is a schematic outline.[21]

Suppose the attacker is in control of an unprivileged user-space process, which is normally prevented from reading the value at a protected memory address Ap by the CPU's memory protection mechanism. To circumvent such memory protection and read bit 0 at Ap, the attacker executes the following sequence of instructions:

  1. Clears the cache at two unprotected (i.e., normally readable by the attacker) addresses A0u and A1u;
  2. Reads the value at protected address Ap to a register R;
  3. Computes an address Axu that is equal to either A0u or A1u depending on whether bit 0 of register R is 0 or 1 (this should be done with arithmetic instructions rather than branches to avoid the branch predictor complicating matters);
  4. Reads the memory at address Axu.

The CPU's memory protection mechanism will raise a memory protection fault when attempting to read from the protected address Ap at step 2. However, since waiting for the memory protection hardware to finish its checks can cause significant slowdowns, affected CPUs will actually perform the read at step 2 and continue with steps 3 and 4 speculatively, and only annul their effects when the memory protection fault gets detected some clock cycles later. Only the so-called "architectural" effects are annulled; the speculative execution of step 4 causes the memory at Axu to be loaded into the cache, affecting the speed (but not the results) of subsequent reads from Axu, and this is not undone. So after the memory protection fault (which can be handled by a signal handler, or allowed to crash the process if the attacker has previously forked another process sharing the address space, or suppressed altogether if the read attempt in step 2 is itself only speculative), the attacker simply reads from A0u and A1u, timing both accesses. This timing will determine which of the two locations is now in cache, and thus reveal the value of memory bit 0 at address Ap.

The above steps can be repeated for the other bits of the value at Ap.

The above depends on the implementation of the address translation mechanism in the OS and the underlying hardware architecture. The attack can reveal the content of any memory which is mapped into a user address space, even if otherwise protected. For example, before kernel page-table isolation is introduced, most versions of Linux maps all physical memory into the address space of every user-space process; the mapped addresses are (mostly) protected, making them unreadable from user-space and accessible only when transitioned into the kernel. The existence of these mappings makes transitioning to/from the kernel faster, but is unsafe in the presence of this Meltdown vulnerability, as the contents of all physical memory (which may contain sensitive information such as passwords belonging to other processes or the kernel) can then be obtained via the above method by any unprivileged process from user-space.

Impact

According to researchers, "every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)."[1] Intel responded to the reported security vulnerabilities with an official statement.[22]

The vulnerability is expected to impact major cloud providers, such as Amazon Web Services (AWS)[23] and Google Cloud Platform. Cloud providers allow users to execute programs on the same physical servers where sensitive data might be stored, and rely on safeguards provided by the CPU to prevent unauthorized access to the privileged memory locations where that data is stored, a feature that the Meltdown vulnerability seems to be able to circumvent.

One of the paper's authors reports that paravirtualization (Xen) and containers such as Docker, LXC, and OpenVZ, are affected.[24] They report that the attack on a fully virtualized machine allows the guest user space to read from the guest kernel memory, but not read from the host kernel space.

Mitigation

Further information: Kernel page-table isolation

Mitigation of this vulnerability requires changes to operating system kernel code, including increased isolation of kernel memory from user-mode processes. Linux kernel developers have referred to this measure as kernel page-table isolation (KPTI). KPTI patches have been developed for Linux kernel 4.15, and have been released as a backport in kernel 4.14.11.[25][26] macOS has been patched since 10.13.2 High Sierra.[27] Microsoft released an emergency update to Windows 10, 8.1, and 7 SP1 to address the vulnerability on January 3, 2018,[28][29][30] as well as Windows Server.[31] These patches are known to cause conflicts with specific third-party antivirus software that use unsupported kernel calls; systems running these programs will not receive the update until the antivirus is patched.[32][33] Red Hat released kernel updates to their Red Hat Enterprise Linux distributions version 6[34] and version 7.[35] CentOS also already released their kernel updates to CentOS-7.[36]

It was reported that implementation of KPTI may lead to a reduction in CPU performance, with some researchers claiming up to 30% loss in performance depending on usage, though Intel considered this to be an exaggeration.[37] It was reported that Intel processor generations that support process context identifiers (PCID), a feature introduced with Westmere[38] and available on all chips from the Haswell architecture onward, were not as susceptible to performance losses under KPTI as older generations that lack it.[39][40]

A statement by Intel said that "any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."[41][5] Phoronix benchmarked several popular PC games on a Linux system with Intel's Coffee Lake Core i7-8700K CPU and KPTI patches installed, and found that any performance impact was little to non-existent.[7] In other tests, including synthetic I/O benchmarks, and benchmarks using PostgreSQL and Redis, a measurable impact in performance was found.[42]

On January 4, 2018 Google's security blog provided additional details how the variant speculative execution vulnerability (Spectre) might be mitigated using an x86 instruction set with a negligible amount of processor overhead in contrast to what earlier accounts have feared.[43][44]

See also

References

  1. ^ a b "Meltdown and Spectre: Which systems are affected by Meltdown?". meltdownattack.com. Retrieved January 3, 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  2. ^ Franco, Julio (January 3, 2018). "Massive CPU flaws get a name: Meltdown and Spectre -- what you need to know". TechSpot. Retrieved January 4, 2018.
  3. ^ "Information Leak via speculative execution side channel attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 aka Spectre and Meltdown)". Ubuntu Wiki. Retrieved January 4, 2018.
  4. ^ "A Critical Intel Flaw Breaks Basic Security for Most Computers". Wired. January 3, 2018.
  5. ^ a b Metz, Cade; Perlroth, Nicole (January 3, 2018). "Researchers Discover Two Major Flaws in the World's Computers". The New York Times. ISSN 0362-4331. Retrieved January 3, 2018.
  6. ^ "Intel's processors have a security bug and the fix could slow down PCs". The Verge. Retrieved January 3, 2018.
  7. ^ a b "Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work - Phoronix". www.phoronix.com. Retrieved January 3, 2018.
  8. ^ Gleixner, Thomas (January 3, 2018). "x86/cpu, x86/pti: Do not enable PTI on AMD processors".
  9. ^ Lendacky, Tom. "[tip:x86/pti] x86/cpu, x86/pti: Do not enable PTI on AMD processors". lkml.org. Retrieved January 3, 2018.
  10. ^ "Patches arrive for Intel's 'Meltdown' flaw — here's how to protect your device". January 4, 2018.
  11. ^ "Intel responds to the CPU kernel bug, claiming its patches will make PCs 'immune'".
  12. ^ "Who's affected by computer chip security flaw".
  13. ^ "Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign".
  14. ^ Staff (2018). "Meltdown and Spectre-faq-systems-spectre". Graz University of Technology. Retrieved January 4, 2018.
  15. ^ Busvine, Douglas; Nellis, Stephen (January 3, 2018). "Security flaws put virtually all phones, computers at risk". Reuters. Thomson-Reuters. Retrieved January 3, 2018.
  16. ^ "Today's CPU vulnerability: what you need to know".
  17. ^ Saad, Abdullah (January 3, 2018). "Google Pitches In On x86 Kernel Bug - 3 Variants, Intel & ARM Chips Mostly Affected, Near Zero Risk To AMD".
  18. ^ "Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws".
  19. ^ "P6 family microarchitecture". www.jaist.ac.jp.
  20. ^ "Arm Processor Security Update". ARM Developer. ARM Ltd. January 3, 2018. Retrieved January 5, 2018.
  21. ^ Lipp, Moritz; Schwarz, Michael; Gruss, Daniel; Prescher, Thomas; Werner Haas; Stefan Mangard; Paul Kocher; Daniel Genkin; Yuval Yarom; Mike Hamburg. "Meltdown" (PDF). Meltdown and Spectre. p. 8 sec. 5.1. Retrieved January 4, 2018.
  22. ^ Staff (January 3, 2018). "Intel Responds To Security Research Findings". Intel. Retrieved January 4, 2018.
  23. ^ "Processor Speculative Execution Research Disclosure". Amazon Web Services, Inc. Retrieved January 3, 2018.
  24. ^ "Cyberus Technology Blog - Meltdown". blog.cyberus-technology.de.
  25. ^ Corbet, Jonathon (November 15, 2017). "KAISER: hiding the kernel from user space". LWN. Retrieved January 3, 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  26. ^ Corbet, Jonathon (December 20, 2017). "The current state of kernel page-table isolation". LWN. Retrieved January 3, 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  27. ^ "Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign". The Register. Retrieved January 3, 2018. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  28. ^ Warren, Tom. "Microsoft issues emergency Windows update for processor security bugs". The Verge. Vox Media, Inc. Retrieved January 3, 2018.
  29. ^ Thorp-Lancaster, Dan (January 3, 2018). "Microsoft pushing out emergency fix for newly disclosed processor exploit". Windows Central. Retrieved January 4, 2018.
  30. ^ "Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities". support.microsoft.com. Retrieved January 4, 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  31. ^ "Windows Server Guidance to protect against the speculative execution side-channel vulnerabilities". Microsoft Support. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  32. ^ Tung, Liam. "Windows Meltdown-Spectre patches: If you haven't got them, blame your antivirus". ZDNet. Retrieved January 4, 2018.
  33. ^ "Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software". Microsoft. Retrieved January 4, 2018.
  34. ^ "RHSA-2018:0008 - Security Advisory". RedHat announcements. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  35. ^ "RHSA-2018:0007 - Security Advisory". RedHat announcements. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  36. ^ "[CentOS-announce] CESA-2018:0007 Important CentOS 7 kernel Security Update". CentOS announcements. January 4, 2018. Retrieved January 5, 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  37. ^ "Computer chip scare: What you need to know". BBC News. January 4, 2018. Retrieved January 4, 2018.
  38. ^ "Westmere Arrives". www.realworldtech.com.
  39. ^ "A Critical Intel Flaw Breaks Basic Security for Most Computers". Wired. Retrieved January 4, 2018.
  40. ^ "Intel CPU kernel bug FAQ: Fix for massive security flaw could slow down PCs and Macs". PCWorld. Retrieved January 4, 2018.
  41. ^ "Intel says processor bug isn't unique to its chips and performance issues are 'workload-dependent'". The Verge. Retrieved January 4, 2018.
  42. ^ "Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes". Phoronix. Retrieved January 4, 2018.
  43. ^ https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
  44. ^ https://tech.slashdot.org/story/18/01/04/2230207/google-says-cpu-patches-cause-negligible-impact-on-performance-with-new-retpoline-technique
Retrieved from "https://en.wikipedia.org/w/index.php?title=Meltdown_(security_vulnerability)&oldid=818706585"