The first publicly accessible indication of a new Spectre-NG vulnerability appeared on June 5, 2018, in a commit message on the OpenBSD project. The log message briefly provides some technical background and states three reasons for the code change, including, “post-Spectre rumors suggest that the %cr0 TS flag might not block speculation, permitting leaking of information about FPU state (AES keys?) across protection boundaries.”1
Some technical details were presented by OpenBSD project leader Theo de Raadt on June 9, 2018, in a BOF session at the BSDCan 2018 conference. A recording is available on YouTube.2
According to Theo de Raadt, OpenBSD was not invited to the embargo. The project asked Intel to join, but received no response. This means that OpenBSD is free to release whatever and whenever they feel is appropriate at any time. However, it also means that a member of the embargo has provided OpenBSD with technical details that finally resulted in the early patch and telling commit message.
On Twitter, former FreeBSD security officer Colin Percival claims to have learned about LazyFP at said BOF session and that it took him “about five hours to write a working exploit based on the details he [Theo de Raadt] announced.”3 Percival states that he has made the exploit available to relevant security teams only and is not going to publish it yet.
Cyberus Technology GmbH4, one of the discoverers of this vulnerability, saw the embargo crumble and prepared a blog post with some technical details on June 6, 2018. Being a member of the embargo, they respected Intel’s request to withhold information and released their post, now in redacted form, on June 13, 2018.5
The floating point unit (FPU) is an integral part of any recent central processing unit (CPU). Processes may utilize the FPU to perform specialized arithmetic operations at a high speed. When the operating system switches execution from one process to another, it has to switch the context of the FPU as well.
For many years, an FPU context switch was a time-consuming operation. Operating systems implemented “lazy context switching” as a means to avoid unnecessary save and restore operations. Whenever the operating systems switched from one process to another, it would also deactivate the FPU. Only in the rare case of a process accessing the FPU would an interrupt be triggered. The operating system would then reactivate the FPU, save the state belonging to the old process, restore the proper state for the current process, and finally resume operation.
Like in the Meltdown attack, this process is susceptible to a speculative execution attack. Using a small window of opportunity, the new process could speculatively read the FPU register set belonging to the old process.
Intel assess the impact on confidentiality as “low”, resulting in a moderate CVSS v3 base score of 4.3. This might not be appropriate for certain applications, for example cryptographic routines: When the AES-NI instruction set is utilized, the FPU registers contain keying material. In this case, one should assume a high impact on confidentiality, resulting in a CVSS score of 7.1 and a “high” risk. Regardless, there is no impact on integrity and availability.
The cure is easy. Meanwhile, the save/restore operation has been greatly optimized. An operating system could implement “eager context switching,” hence forcing the FPU to save and restore state on every process switch. Linux changed to this new strategy in 2016 and did not experience any noticeable impact on system performance.6
The Worst Is yet to Come
There still remain at least five vulnerabilities, with four of them ranked as critical. A coordinated release is expected for August 14, 2018. This date coincides with the regular Microsoft Patch Tuesday.
Renowned computer security conference USENIX Security Symposium will feature a track on side-channel attacks on August 16, 2018. 7 Beside the well-known paper on Meltdown, the following talks may be highly relevant:
- Foreshadow: A Speculative Execution Attack Against Enclaved Execution
- Malicious Management Unit: Why Stopping Cache Attacks in Software Is Harder Than You Think
- Translation Leak-Aside Buffer: Defeating Cache Side-Channel Protections With TLB Attacks
Attacks based on speculative execution will continue to stay in the focus of researchers from academia and the industry for a while. Intel and Microsoft spur further research and incentivize coordinated disclose by their bug bounty programs. Therefore, it is safe to assume that further vulnerabilities related to the concept of speculative execution will be discovered in the near future.
DCSO recommends to carefully assess the risk of data processed by vulnerable CPU/FPU. Turn on eager FPU context switching if needed and possible. Ensure that sensitive data is processed on the FPU in accordance with Intel’s security advisory INTEL-SA-00145. Monitor relevant vendor announcements and install patches as they become available.
Expect severe vulnerabilities to be disclosed on or shortly before Tuesday, August 14, 2018. Ensure availability of mission-critical staff in IT security and operations, especially during the summer holidays. Have suitable equipment ready to test the impact of patches on stability and performance. Ensure the availability of extra CPU capacity to compensate for the performance impact.
Further information and expert advice is available to DCSO community/customers.
Who we are
The Threat Intelligence -Team helps clients to reduce the threat posed by adversaries for their networks by leveraging the power of collaborative defense in combination with comprehensive analytics and contextualized threat intelligence. DCSO delivers actionable intelligence on all levels – from atomic Indicators of Compromise (IoC) to insights into the political, economic and cultural context of adversaries.