Mitigation Strategies for Spectre and Meltdown Attack

January 10,2018

Introduction



An industry-wide microprocessor chip vulnerability has been discovered recently known as ‘Spectre’ and ‘Meltdown’[1]. This flaw is a serious hardware flaw that uses a technique called ‘Side-Channel Attack’. A side-channel could be used to target the system’s operation like power consumption, timing etc. It is possible for a potential attacker to exploit this vulnerability to obtain sensitive information on computer systems running affected hardware. Information such as passwords stored in password manager or browser, personal photos, emails, business-critical documents and cache information can be obtained. The vulnerability could allow a potential attacker with unprivileged access, to read the memory of other processes or the memory designated to the operating system kernel.[6]

The CVE’s that are associated with this vulnerability are

CVE-2017-5715 – Bounds Check Bypass (Spectre)[7]

CVE-2017-5753 – Branch Target Injection (Spectre)[7]

CVE-2017-5754 – Rogue Data Cache Load (Meltdown)[7]

CVSS Rating



CVSS Metric 3.0 : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Metric 2.0 : AV:L/AC:L/AU:N/C:C/I:N/A:N

CVSS 3.0 Score : 6.11

CVSS 2.0 Score : 4.94



Recommendations for Mitigation



Please apply respective patches. For example, Microsoft[2], Apple[3], Linux[4] have released patches. Please see the references.

Disable “Execute Disable Bit” that will reduce the execution of arbitrary code.

Employ “Supervisor - Mode Access Prevention” to avoid cache attacks.

Enable “Supervisor - Mode Execution Prevention” to avoid direct execution of application code.

Patch Information

Sl.No. Name of the Vendor Name of the Product Reference Links 1 Intel[1] Processors https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr 2 Linux[4] Red Hat https://access.redhat.com/security/vulnerabilities/speculativeexecution SUSE https://www.suse.com/support/kb/doc/?id=7022512 3 Microsoft[2] Windows https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 Windows Server https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution Microsoft Edge

Internet Explorer

Windows Graphics

Windows Kernel

Windows Data center Networking

Windows SMB Server. https://support.microsoft.com/en-us/help/4056890/windows-10-update-kb4056890 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056890 4 Apple[3] iOS

macOS

High Sierra

Safari https://support.apple.com/en-us/HT208394 https://support.apple.com/en-in/HT201222 5 Google[11] Android

Google Chrome Browser

Google Chrome OS(Chromebooks, etc.)

Google Cloud Data flow

Google Cloud Datalab

Google Cloud Dataproc

Google Cloud Functions

Google Cloud Launcher

Google Cloud Machine Learning Engine

Google Compute Engine

Google Kubernetes Engine https://support.google.com/faqs/answer/7622138 6 Ubuntu[12]

https://usn.ubuntu.com/usn/



7 ASUS[13] https://www.asus.com/News/YQ3Cr4OYKdZTwnQK https://www.asus.com/News/V5urzYAT6myCC1o2 8 Dell[14] http://www.dell.com/support/article/in/en/indhs1/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en http://www.dell.com/support/article/in/en/indhs1/sln308588/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-emc-products--dell-enterprise-servers--storage-and-networking-?lang=en 9 HP[15] Desktops

Laptops and Workstations https://support.hp.com/us-en/document/c05869091 10

IBM[16]

https://www-945.ibm.com/support/fixcentral/



11 Mozilla[17] Firefox

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/



12 VMWare[18]

https://vinfrastructure.it/2018/01/meltdown-spectre-vmware-patches/



13 Citrix[19] XenServer https://translate.google.co.in/translate?hl=en&sl=de&u=https://blog.sievers-group.com/citrix-update-fuer-meltdown-und-spectre/&prev=search



14 Lenovo Laptops https://support.lenovo.com/in/en/solutions/len-18282





References



[1] Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr



[2] Guidance to mitigate speculative execution side-channel vulnerabilities (ADV180002)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002



[3] About speculative execution vulnerabilities in ARM-based and Intel CPUs

https://support.apple.com/en-us/HT208394



[4] Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

https://access.redhat.com/security/vulnerabilities/speculativeexecution



[5] An Update on AMD Security

https://www.amd.com/en/corporate/speculative-execution



[6] Vulnerability Note VU#584653 CPU hardware vulnerable to side-channel attacks

http://www.kb.cert.org/vuls/id/584653



[7] CPU Side-Channel Information Disclosure

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel



[8] Spectre Attacks: Exploiting Speculative Execution

https://spectreattack.com/spectre.pdf



[9] Mozilla Security Blog

https://beebom.com/mozilla-rolls-out-firefox-57-0-4-with-meltdown-and-spectre-patches/



[10] Meltdown and Spectre Intel Processor Vulnerabilities: What You Need to Know

https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/meltdown-and-spectre-intel-processor-vulnerabilities-what-you-need-to-know



[11] Product Status Google’s Mitigations Against CPU Speculative Execution Attack Methods

https://support.google.com/faqs/answer/7622138



[12] Ubuntu Security Notices

https://support.google.com/faqs/answer/7622138



[13] ASUS Update on Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

https://www.asus.com/News/YQ3Cr4OYKdZTwnQK

https://www.asus.com/News/V5urzYAT6myCC1o2



[14] Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products

http://www.dell.com/support/article/in/en/indhs1/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en

http://www.dell.com/support/article/in/en/indhs1/sln308588/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-emc-products--dell-enterprise-servers--storage-and-networking-?lang=en



[15] HP Support Communication-Security Bulletin

https://support.hp.com/us-en/document/c05869091



[16] IBM Support Fixcentral

https://www-945.ibm.com/support/fixcentral/



[17] Mozilla Security Blog

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/



[18] Meltdown and Spectre: VMWare Products

https://vinfrastructure.it/2018/01/meltdown-spectre-vmware-patches/



[19] Citrix Update for Spectre and Meltdown

https://translate.google.co.in/translate?hl=en&sl=de&u=https://blog.sievers-group.com/citrix-update-fuer-meltdown-und-spectre/&prev=search



[20] Reading Privileged Memory with a Side Channel

https://support.lenovo.com/in/en/solutions/len-18282



