In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced. In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE-2021-26341. According to Linux kernel developers AMD CPUs are also affected. It affects certain ARM64 CPUs and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed. In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability. It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs. In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI. In order to mitigate them software has to be rewritten and recompiled. In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, CVE-2021-0086) and Floating Point Value Injection (FPVI, CVE-2021-0089), affecting all modern x86-64 CPUs both from Intel and AMD were discovered. According to Phoronix there's little performance impact in disabling the feature. In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing. Starting in 2017, multiple examples of such vulnerabilities were identified, with publication starting in early 2018. If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data. However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations. In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". Specifically, a transient instruction refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution. If it was correct then execution proceeds uninterrupted if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. The prediction may be based on recent behavior of the system. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. Modern computers are highly parallel devices, composed of components with very different performance characteristics. Since January 2018 many different cache-attack vulnerabilities have been identified. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. Main articles: Downfall (security vulnerability), Foreshadow, Lazy FP state restore, Load value injection, Meltdown (security vulnerability), Microarchitectural Data Sampling, Retbleed, Spectre (security vulnerability), Speculative Store Bypass, and SWAPGS (security vulnerability)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |