Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."
This isn't even surprising that the problem exists in almost every CPU since a long time considering that most CPUs share the same type of logic in order to achieve the best performance. But performance and security often comes into conflict.
Actually in this case I think "strategy" rather than "logic" is probably a better way of putting it. Everyone uses speculative evaluation to speed things up, Intel just does it slightly more aggressively than other chipmakers and so presents a slightly larger attack surface.
Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
Not really. Sophisticated security attacks written in ASM have been around for decades. I have a friend who has worked for a decade as a security contractor for federal agencies and they are well aware of this sort of thing. I think what's happened is the knowledge to be able to architect these types of exploits is known to a relatively small group of people that have highly specialized knowledge. Most of the exploits we see these days are effectively script kiddies but in some cases very effect. Back
But older architectures has other kinds of security gaps instead. So going back isn't going to help either.
And today we essentially only have ARM and x86 architectures to care about. Sparc is a fringe architecture, so is PowerPC and MIPS, which means that it really doesn't matter if these architectures are impacted or not.
SPARC, MIPS and PowerPC may be fringe but they are still out there in the fringe for servers and/or supercomputers.
Several CPUs of each architecture were released in 2017.
IBM's POWER chips have supported the full PowerPC ISA for a decade and its performance is very competitive to Intel XEON, if not surpassing.
Oracle (which had bought Sun) closed their SPARC processor group last year though. Fujitsu may still be active.
Chinese Loongson makes MIPS processors at 1.5GHz, but they would need to step it up to com
Re:Almost All processors (Score:4, Interesting)
Spectre is linked to two vulnerabilities: the first one is difficult to exploit and solvable via software, the second one is very difficult to exploit. Spectre allows to read memory from the same process, so it is an issue only for JIT and VM code. Meltdown allows to read memory everywhere.
Re:Almost All processors (Score:5, Insightful)
No. Spectre affects AMD and ARM as well (and likely other architectures too).
Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
Spectre is a red herring - there is no known way it can be exploited. Meltdown is far more dangerous and it can be exploited RIGHT NOW with a simple Javascript executed in a browser. Researchers demonstrated a Javascript exploit that uses Meltdown - and there is no telling who has already been compromised. But one thing is sure: non-Intel users have not been compromised.
Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations. And your posts smells a bit of sockpuppetry.
Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations.
I'd caution against a false sense of security, based on one's choice of processor for your personal desktop.
There's no disagreement that "Meltdown" is the greater problem, and affects pretty much any Intel chip still functioning. It's important to remember that it's virtually guaranteed that connect to many servers that uses an affected processor every day. Those of us who maintain cloud infrastructures are particularly unhappy with the situation.
The fact that Meltdown is worse shouldn't distract from the
No. Spectre affects AMD and ARM as well (and likely other architectures too).
AMD CPUs were demonstrated to be vulnerable to Spectre under Linux only in a non-standard kernel configuration. In the standard configuration, they demonstrated "the ability to read data within the same process, without crossing privilege boundaries."
It's possible that future research will reveal vulnerabilities on AMD CPUs, but as of now, I don't see that one has been verified under the standard kernel configuration. (So don't enable eBPF JIT)
Does anyone know if this will affect PowerPC, SPARC, Alpha, and MIPS as well?
This seems to focus on branch prediction and the impact of backing the pipeline contents. The error seems to center on taking a branch into privileged memory that is initiated by unprivileged code. Therefore, any CPU with branch prediction is likely suspect.
arm32 versus AArch64 (Score:2)
32-bit ARM may be safer, because speculative execution is much, much more difficult there.
The program counter is a visible register that can be manipulated by any opcode - an explicit JUMP or BRANCH is not necessary. This makes branch prediction mostly impossible.
Most opcodes are conditional. This dependency between adjacent instructions is also a huge obstacle for speculative execution.
32-bit ARM is mostly in-order for these reasons.
https://www.jwhitham.org/2016/02/risc-instruction-sets-i-have-known-and.h [jwhitham.org]
They didn’t say AMD was vulnerable to Meltdown. Do you have the reading comprehension skills of stone?
Re: (Score:3)
Yes - but both AMD and ARM are affected by Spectre, which there is NO KNOWN FIX for.
Spectre is already patched on some ARM processors (note that many ARM processors are not affected by Spectre), while AMD says that it should be patched in the software affected. Since Spectre only refers to leakages of memory in the same process, it is only a problem for JIT and VM stuff (e.g. browsers and their Javascript, wait for a browser update in the next f
"that it should be patched in the software affected"
That is code for "we cant update the microcode, it *should* be patched in the CPU, but cant be ( and we dont want to say that ), so, hopefully the software can mitigate".
If the defect is in the microcode and they patch it in software, isn't it still vulnerable? Doesn't seem like it would be difficult to undo or work around the software patch to access the original defective microcode.
Also, your statement isn't necessarily true. From the researchers:
At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
https://meltdownattack.com/ [meltdownattack.com]
Yes, because Spectre = Meltdown. Try reading.
Wrong. They are the same class of bug around speculative execution but they are not the same thing.
Re:Almost All processors (Score:5, Informative)
Please read the article. From it:
Meltdown uses out-of-order execution and a side channel attack that is unique to Intel. Spectre uses speculative execution and is more generalized, with tested proof-of-concept attack code on AMD and ARM.
At least not with the attack style that works on Intel processors, but I wouldn't be surprised if there are similar methods that works on AMD processors.
"According to Google, everything and everyone is affected. This includes all major chipset vendors (Intel, AMD, ARM), all major operating systems (Windows, Linux, macOS, Android, ChromeOS), cloud providers (Amazon, Google, Microsoft), and application makers."
It looks like the attack uses side effects of out-of-order execution that probably will affect every processor. There is not a practical demonstration on AMD yet, but it is likely affected. Interestingly, it looks like it can break out of a VM jail as
Re:Almost All processors (Score:4, Informative)
I just read the papers and it's actually a fascinating, and deceptively simple method. Out-of-order execution and execution prefetching causes a CPU to pre-execute instructions that are later on in the chain. If my program performs a divide-by-zero, which will cause an error when it happens, instruction pre-fetching and out of order execution has already in whole or part executed the instructions that happen after the error. So, you write your program to do this:
Something legal
Fork
Child:
Divide by Zero
Read of illegal memory
Parent:
Wait for child to crash
Read the prefetch cache to see what the out-of-order execution put in the cache when it read the illegal memory
In case that's not clear, a program forks. The child process induces an error, but after the error it has an instruction which would not normally be allowed, such as reading a portion of memory it wouldn't normally be able to. Out of order execution will already have begun performing the instruction, and because it doesn't have as rigorous controls on it, it actually reads the memory into the cache. This wouldn't be an issue, except there are ways to determine what a prefetch instruction resulted in. So the parent process waits for the child to crash and then it uses those instructions to determine the results of the prefetch which means you have just bypassed memory protection.
https://arstechnica.com/gadget... [arstechnica.com]
Every modern processor has unfixable security flaws
Which makes you wonder if this is actually a flaw. A flaw is where something does not work the way it was designed to work. The fact that every modern processor has the same vulnerability suggests that perhaps this was designed into them at some point. I have no evidence that this was designed in, but one should at least entertain the possibility that it was.
Re: (Score:3)
Of course it’s a flaw. It’s an unintended side-effect of speculative execution.
Are you sure it is unintended?
Proving such a subjective negative is almost impossible. Proving it was intended only requires providing some statement that someone intended to do this or evidence of the possibility of this exploit in the past.
Ball's in your court - prove it was intended.
Re:Almost All processors (Score:4, Insightful)
A hardware version of PRISM? https://en.wikipedia.org/wiki/... [wikipedia.org]
Room 641A Inside https://en.wikipedia.org/wiki/... [wikipedia.org] most computers?
It was interesting how much of the NSA ANT catalog https://en.wikipedia.org/wiki/... [wikipedia.org] connected to a computer rather than was able to work internally on a CPU as shipped?
Is the world missing the other part of the CPU catalog thats still doing collect it all missions?
...The fact that every modern processor has the same vulnerability suggests that perhaps this was designed into them at some point. I have no evidence that this was designed in, but one should at least entertain the possibility that it was.
Perhaps we should entertain the possibility that the revelations of Edward Snowden scratch the fucking surface as to the deceptive power and control that the US government holds over US corporations.
I'd say there's more than enough evidence to suggest this is no fucking "flaw". In fact, the timing of it all tends to suggest the Clipper chip program didn't just go away in the late 90s; it was superseded.
Shouldn't that be : Almost All Intel processors?
No if you read TFA carefully, Meltdown and Spectre affect Intel, AMD and Qualcomm Snapdragon processors to varying degrees. The 1995 bit probably solely refers to Intel in the sense that the AMD K5 was AMD's first processor and released in 1996. Back in 1995, if my memory serves me correct, the only two x86 CPU's in town in 1995 were the Intel Pentium 1 and the IBM Cyrix chipset. I'm guessing 8086/8088/286/386/486 were not affected?
Oh, for FFS, at least get your facts straight.
K5 was AMD's first processor? I must have imagined a whole heap of their processors which I owned and used before that one... And meltdown STILL doesn't affect AMD, all we have on that front is speculation from intel and their fanboys who wants to paint everyone else with the same tar brush.
I should have said the AMD K5 was AMD's first in-house processor. The whole history is right here [wikipedia.org]. No fan boi nonsense just facts. If you don't like facts, I can't help you.
Well, there was the NexGen, but I have only seen it being sold in a shop once - with the motherboard - and when I've returned with cash it was already gone.
Re: (Score:3)
the AMD K5 was AMD's first processor and released in 1996
I know I had an AMD 386DX/40. Intel was pretty expensive back then, and I couldn't have purchased the processor for what I paid for the whole full tower unit. Okay, so it was the Am386 [wikipedia.org]. You likely recall the K5 release name because they renamed the 586 the Pentium and the 686 the Pentium Pro, and they sued AMD and Cyrix for using the numbers 486 and 586. Ultimately Intel lost. However, to shield itself from lawsuits, AMD had no choice but to name their processor the K5. Also, Cyrix (now Via) named the
I have AMD 8088 processors. They second-sourced Intel from the beginning of the PC.
K5 was the first totally in-house designed AMD CPU and one of the first to do out of order execution, which is what these bugs exploit. Whether it is actually vulnerable would have to be tested.
https://en.wikipedia.org/wiki/... [wikipedia.org]
They did not test AMD or ARM (Score:3, Informative)
At the time of writing, Google believes that "every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)" is affected by Meltdown. Google says it verified Meltdown only against Intel CPUs, but not ARM and AMD. Nonetheless, Intel has a market share of than 80% on desktops and more than 90% on the laptop and server markets, meaning that a large number of desktops, laptops, and servers are affected.
AMD seem to think they're not affected by Meltdown: [lkml.org]
BTB it is almost certainly this email, sent on 26 December, which led to the Meltdown vulnerability being made public [twitter.com], causin
Re: (Score:3)
No, they did test their Meltdown code on AMD and ARM but were not able to reproduce it on the chips they tested on.
That does not prove that a Meltdown-like attack on AMD or ARM is impossible, either on a different chip they did not test on or with a tweaked version of Meltdown.
From the actual article ("meltdown.pdf"):
Re: (Score:3)
Spectre, which is more of a generalized class of attacks, but more difficult to implement, impacts Intel, AMD, and ARM as per the original spectre paper. https://spectreattack.com/spec... [spectreattack.com], from which I quote:
Hardware. We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.
and
Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.
References:
Spectre https://spectreattack.com/spec... [spectreattack.com]
Meltdown https://meltdownattack.com/mel... [meltdownattack.com]
Better link and description than story (Score:5, Informative)
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
It is verified "safe" by the compiler statically at compile time.
Static analysis is nice and all, but can only do so much. There are whole categories of problems that static analysis tools are blind to. For example: Spectre. Anything below the language layer, or any sufficiently clever runtime funny business won't be detected (Spectre is both).
Re: (Score:3)
There's a pretty good summary in the XenProject Security Advisory [xen.org]:
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
This paragraph, which you copy-pasted from meltdownattack.com, is not explaining much. I would go as far as to say that it's jackshit. Just read the linked research paper.
Crypto-coin paper wallet. Problem solved.
Now I am confused (Score:1)
The fix for the original "Intel only" bug was "fuckwit" (kpti=on) and there is a patch [1] from AMD to disable kpti on AMD cpus in order to avoid unnecessary performance loss. Now does this mean the the AMD patch was short sighted and we need kpti on AMD cpus as well? Or does it mean kpti isn't a sufficient counter measure for meltdown/spectre?
[1] https://lkml.org/lkml/2017/12/27/2
No, KPTI doesn’t help for Spectre.
Re: (Score:2)
Also Spectre and Meltdown are not the same thing.
Intel use weasel language to heavily imply they were in their press release. And based on comment chains on this story, it seems to have worked.
Ok, now what? (Score:2)
What are we supposed to do? Have you seen the price of Amiga and Atari ST computers on eBay? Not to mention that there's nowhere near enough to supply the whole planet!
Has anyone started working on an OS/9 port of Firefox for the Color Computer 3 yet?
What are we supposed to do? Have you seen the price of Amiga and Atari ST computers on eBay? Not to mention that there's nowhere near enough to supply the whole planet!
My Amiga doesn't have a MMU, you insensitive clod! Luckily I have AMD processors, on which you can mitigate these attacks. Now if I could just figure out how to disable their equivalent of the management engine
NetBSD runs quite adequately on my Macintosh SE/30.
Well, for some values of 'adequate.' Don't try to recompile the userland.
Or we could adopt the IBM POWER architecture.
Are you saying that the old PowerPC Macs are immune to these two problems?
Looks like I'm going to have to drag my Quadra 700 out of mothballs. Anybody know what the latest version of System 7 is? Just hope my 320MB external hard drive isn't full....
Hey, anybody got a 56K modem I could borrow?
Reaction? (Score:2)
486 (Score:4, Funny)
Time to bust out my 486!
Don't have to go back that far. Bonnelle and Saltflat (first and second generation) Atoms are strictly in-order. No speculative execution. Just move your server loads to clusters of 2nd generation eeepc's!
Vulnerability comes down to race condition (Score:3)
And why AMD and ARM may not be vulnerable to Meltdown:
Google says no such thing (Score:2)
Unpatchable bug granting access to any computer (Score:2)
Any word on how PCID helps mitigate? (Score:2)
Reading through a variety of descriptions I understand the attack for Meltdown, but I'm seeing less of a discussion around how patches may work - in particular I read if your model of Intel processor supports PCID (Process-Context Identifiers) a fix may not impact performance as much, but I've not seen any description of why and would be interested to know how that helps.
How does Javascript make illegal mem references? (Score:2)
One of the things I've seen flying around, is some people are saying this can be exploited in a web browser, thanks to Javascript JIT-compiling to machine code.
I am pretty damn out of date on Javascript compilers, so I was hoping someone could explain how this is possible. Javascript doesn't have pointers. I'd think that if a Javascript programmer is capable of writing Javascript code that compiles in such a way that the programmer can create a pointer of their own making (perhaps pointing to kernel memory)
Am I mistaken that a Javascript exploit is possible?
The fact that a given programming language gives you more or less freedom regarding how to deal with the memory management aspects doesn't change the fact that the generated applications rely on memory. In any case all these bugs seem fairly theoretically and very difficult to be actually exploited. It seems more a matter of making sure that computers are 100% safe at their most basic level than actually avoiding imminent threats.
