1984 and (IT) (in)security – lots of Spectre / Meltdown links
Posted by jpluimers on 2018/01/07
Over the last few days I’ve collected a lot of Meltdown and Spectre links at 1984 and (IT) (in)security – Google+.
Most of them provide links to what happened this, year, but a few are also on the path leading to these vulnerabilities. In the links you will also find the affected architectures and patches by various vendors which I have tried to summarise below.
In the link collection, I’ve tried to keep the number of hops to the actual sources as short as possible (as many have re-shared original) links but still attribute to the first one I got the link from.
Since the WordPress “Press-This” functionality is limited, even after all these years, so for now it will be a one-time link dump; filling in more of the archival WayBack and Archive.is links and adding more context will hopefully come later.
I will try to keep links roughly in chronological order (please post a comment where I goofed up) and I hope to find some time to have a “most important” or “summary” list eventually.
A few notes first
- At the start of implementing any of these technologies, it was warned these could impose security risks:
- CISC by using a RISC microarchitecture
- processor and MMU level caching
- speculative execution
- indirect branch prediction
- All architectures involving these features are or will be involved over time.
- More of these vulnerability techniques are going to evolve beyond the architectures that have been found vulnerable now in alphabetical order:
- AMD x64/x86
- ARM AArch64
- IBM Power PC
- IBM Z series
- Intel x64/x86
- Patches will slow down things depending on the kinds of workloads.
- The only real solution is for CPU vendors to re-design their architectures so the problems are solved at the hardware levels.
This could take a few generations of CPU hardware, so until then, patches are needed. - Like many cases of vulnerabilities, public relations by various vendors was handled in a bad way. Please try to read through them.
- Read/view:
- [WayBack] Meltdown and Spectre (official site)
- [My Link] My version of the timeline on #Spectre #Meltdown. This post will be updated!… – Jan Wildeboer – Google+
- [WayBack] Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown – Raspberry Pi (because it has a very good explanation on the underlying problems in many architectures)
- [WayBack] Various less technical folks have been asking a lot about what they should be doing about the new exploits. These are my personal opinions. 1. Most emb… – Alan Cox – Google+
- [WayBack] Project Zero: Reading privileged memory with a side-channel
- [WayBack] Google Online Security Blog: Today’s CPU vulnerability: what you need to know
- [My Link] In the light of #Spectre and #Meltdown, one important piece of advice. Buy a hardware wallet like #Trezor for your #cryptocurrency keys. A #Yubikey… – Jan Wildeboer – Google+
- [WayBack] Joe Fitz on Twitter: But we’re still not there. #meltdown and #spectre attack fundamental architecture features that have been built on for decades. We may need to go back to the drawing board. (old intel product lifecycle slide). Everything so far has been in the yellow ‘development’ phase.
- [WayBack] In the wake of #meltdown and #spectre I just ordered a ##nitrokey Start and the ##HSM version from Nitrokey.com Plan: no private key lives on my com… – Jan Wildeboer – Google+
Remember:
-
There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.
via: [WayBack] TwoHardThings There are only two hard things in Computer Science: cache invalidation and naming things — Phil Karlton (bonus variations on the page)
- Caching is the root of all evil.
List
- [My Link] From the Alles kaputt Department… – Kristian Köhntopp – Google+
- [My Link] Caching. Die Wurzel alles Bösen. – Kristian Köhntopp – Google+
- [My Link] VMware … Oh and Microsoft have stuff but with a clickthrough agreement … – Alan Cox – Google+
- [WayBack] VMSA-2018-0002 vSphere Data Protection (VDP) updates address multiple security issues.
- [WayBack] One TL;DR is by the way: CPUs that do not have any of the three problems are so slow you do not want them anyway. So, go and yearn for your 6502, Pentium 100’s and old Sparcs, but no, this ain’t solving anything. – Kristian Köhntopp – Google+
- [My Link] Retpoline documentation https://support.google.com/faqs/answer/7625886 – Alan Cox – Google+
- [My Link] SuSE: Confirmation that Power and Z are affected https://www.suse.com/support/kb/doc/?id=7022512 “Mitigation is done with help of Linux Kernel fixes o… – Alan Cox – Google+
- [My Link] “Replace CPU hardware” – Kristian Köhntopp – Google+
- [My Link] Mozilla so: Dann schalten wir halt die Timer ab. Ja, das ist aber nicht das Problem… – Kristian Köhntopp – Google+
- [My Link] Xen … – Alan Cox – Google+
- [My Link] Linus says things about “working as designed”. He’s pissed at Intel’s pissedness… – Kristian Köhntopp – Google+
- [My Link] RHSA-2018:0012 (…) contains a microcode update that addresses in part CVE-2017-5715…
- [My Link; Kristian Köhntopp] AMD K8 and K10 microcode hacks demonstrated at ##34C3 are sobering; undetectable malware Inside every modern CPU since the Intel Pentium fdiv bug, asse… – HACKADAY – Google+
- [WayBack] 34C3: Hacking into a CPU’s Microcode | Hackaday Inside every modern CPU since the Intel Pentium fdiv bug, assembly instructions aren’t a one-to-one mapping to what the CPU actually does. Inside the CPU, there is a decoder that turns assembly into even more primitive instructions that are fed into the CPU’s internal scheduler and pipeline. The code that drives the decoder is the CPU’s microcode, and it lives in ROM that’s normally inaccessible. But microcode patches have been deployed in the past to fix up CPU hardware bugs, so it’s certainly writeable. That’s practically an invitation, right? At least a group from the Ruhr University Bochum took it as such, and started hacking on the microcode in the AMD K8 and K10 processors…
- [My Link; Alan Cox] Information on Kernel Side-Channel Attacks (#Spectre & #Meltdown) and how it affects @RedHat products. – red.ht/2CzauBO – CVE-2017-5754 CVE-2017-5753 C… – Jan Wildeboer – Google+
- [WayBack] Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 – Red Hat Customer Portal
- [WayBack] … – Alan Cox – Google+ And the Red Hat update – which adds a bit of info not published AFAIK anywhere else “Additional exploits for other architectures are also known to exist. These include IBM System Z, POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian).”I’m still wondering about Sparc, not that my Sparc is useful as anything but a museum exhibit 8)Fuzix btw is not vulnerable. None of the processors it runs on are smart enough to be affected. Mind you they don’t have MMUs either so it’s a moot point 8)
- [My Link] TL;DR #cacheleak is NOT limited to Intel CPUs. PoCs are out there, patches/fixes on their way, Google broke the embargo by 6 days. It’s ugly… – Jan Wildeboer – Google+
- [My Link] In the light of #Spectre and #Meltdown, one important piece of advice. Buy a hardware wallet like #Trezor for your #cryptocurrency keys. A #Yubikey… – Jan Wildeboer – Google+
- [My Link] … Reading privileged memory with a side-channel Posted by Jann Horn, Project Zero We have discovered that C… – Alan Cox – Google+
- [My Link] … – Alan Cox – Google+
- [WayBack] Meltdown and Spectre official site
- [My Link] Find out how to protect your Fedora system from the recently disclosed Meltdown vulnerability: … – Fedora Project – Google+
- [My Link] ARM … includes a nice table of cores and variants as well as a whitepaper on mitigations and code modi… – Alan Cox – Google+
- [My Link] And Chromium … – Alan Cox – Google+
- [My Link] and some bits from Mozilla … – Alan Cox – Google+
- [My Link] … – Alan Cox – Google+
- [My Link] Google summary for their various services etc … – Alan Cox – Google+
- [My Link] AWS https://aws.amazon.com/security/security-bulletins/AWS-2018-013/ – Alan Cox – Google+
- [My Link] +Intel, +AMD, +Arm, Google and others publish info about the speculative execution exploits reported yesterday. https://www.cnx-software.com/2018/01/0… – Jean-Luc Aufranc – Google+
- [My Link] … has been talking about an upcoming Intel Kernel vulnerability. … – Kristian Köhntopp – Google+
- [My Link] #RedHat qualifies the performance impact of #Spectre #meltdown mitigations. #insightful – Jan Wildeboer – Google+
- [My link; WayBack] Various less technical folks have been asking a lot about what they should be doing about the new exploits. These are my personal opinions. 1. Most emb… – Alan Cox – Google+
- [My Link] Ubuntu Status … – Alan Cox – Google+
- [My Link] … List of products concerned…. – Alan Cox – Google+
- [WayBack] Intel® Product Security Center: Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- Basically anything ~2008 or later is involved, starting roughly at the Nehalem Core i3/i5/i7 introduced back then
- [My Link] I guess it says something about my PC collection that over half of it isn’t vulnerable due to it’s age 8) – Alan Cox – Google+
- [My Link; Alan Cox; Jan Wildeboer] See how to address CVE-2017-5753 on XEN platforms. Read more here. – Red Hat – Google+
- [My Link; Kristian Köhntopp; Daniel Berrange]
- [WayBack] QEMU and the Spectre and Meltdown attacks – QEMU
- Kristian Köhntopp (be sure to read the comments there too):
- [My Link] [WayBack] In the wake of #meltdown and #spectre I just ordered a ##nitrokey Start and the ##HSM version from Nitrokey.com Plan: no private key lives on my com… – Jan Wildeboer – Google+
- [My Link] ARM documents the three vulnerabilities and how they work in on the ARM platform: … – Kristian Köhntopp – Google+
- [WayBack] Arm Processor Security Update – Arm Developer Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation, here is the latest information on possible Arm processors impacted and their potential mitigations.
- [WayBack] https://armkeil.blob.core.windows.net/developer/Files/pdf/Cache_Speculation_Side-channels.pdf
- [My Link; Jan Wildeboer; Benjamin Kix] Theo on Intel Core 2 back in 2007 … – Mario St-Gelais – Google+
- [Archive.is] ‘Intel Core 2’ – MARCVarious developers are busy implimenting workarounds for serious bugs
in Intel’s Core 2 cpu.These processors are buggy as hell, and some of these bugs don’t just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.
- [Archive.is] ‘Intel Core 2’ – MARCVarious developers are busy implimenting workarounds for serious bugs
- [My Link] Intel white paper … – Alan Cox – Google+
- [My Link; Jan Wildeboer] Linux developers are busy fixing Meltdown and Spectre, but they’re none-to-happy about the hardware flaws and how they were revealed. – Steven Vaughan-Nichols – Google+
- [WayBack] How Linux is dealing with Meltdown and Spectre | ZDNet Torvalds and company are not happy with Intel as they continue to move forward with delivering Linux security patches.
- [My Link] h/t Dave Holland Raspberry PI believed to be safe … – Alan Cox – Google+
- [My Link] The slides from @MalwareJake on #Spectre and #Meltdown are a #mustread. I hope all tech journalists take their time to read and understand… – Jan Wildeboer – Google+
- [My Link] Finally found the IBM statement … – Alan Cox – Google+
- [WayBack] IBM Central Processor Unit (CPU) Architectural Design Flaws – United Kingdom: IBM Security X-Force is aware of the CPU vulnerability disclosed by Google. In response to the disclosure of vulnerabilities, the IBM X-Force has raised the current internet threat level to AlertCon 2.
- [WayBack] All models of Raspberry Pi are unaffected by the Meltdown and Spectre vulnerabilities. In today’s blog post, Eben Upton provides a primer in modern proc… – Raspberry Pi – Google+
- [WayBack] Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown – Raspberry Pi for current used ARM processors used in Raspberry Pi: ARM1176, Cortex-A7, and Cortex-A53.
- [My Link] The remaining mysteries for Meltdown/Spectre appear to be MIPS …, SPARC …, VIA, …, DEC Aplha, … – Alan Cox – Google+
- [My Link] CentOS … – Alan Cox – Google+
- [My Link] Oracle Linux … – Alan Cox – Google+
- [WayBack] linux.oracle.com | ELSA-2018-0008: Oracle Linux Errata Details: ELSA-2018-0008
- [WayBack] xkcd: Meltdown and Spectre: New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.
- Install updates. Update hardware. [WayBack] explain xkcd 1938
- [My Link] Spectre and Meltdown, explained in ~15 minutes. Via +Ferdy Guliker – Roderick Gadellaa – Google+
- [WayBack] … fixes for Meltdown in openSUSE Tumbleweed will be in build 0104 … – Jeroen Wiert Pluimers – Google+
- [Archive.is] Review of the week 2018/01 – Dominique a.k.a. DimStar (Dim*)
- [Archive.is] openQA: Test summary – build 20180104
- [WayBack] openSUSE News – Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities
- [WayBack] Security Vulnerability: “Meltdown” and “Spectre” side channel attacks against modern CPUs. | Support | SUSE
- [My Link] Surma on Twitter: Here’s some official guidance for web developers by @ChromiumDev what to do regarding Spectre/Meltdown:… TL;DR: – Set correct(!) `Content-Type` headers- Set `X-Content-Type-Options: nosniff`- If possible, use SameSite cookies
- [My Link] Risc-V ” No announced RISC-V silicon is susceptible, and the popular open-source RISC-V Rocket processor is unaffected as it does not perform memory access speculatively… – Alan Cox – Google+
- [My Link] … Covers various Nvidia devices. They have a forum statement elsewjere that the GPU itself is not affected… – Alan Cox – Google+
- [My Link] My version of the timeline on #Spectre #Meltdown. This post will be updated!… – Jan Wildeboer – Google+
- [My Link] Missed this yesterday DragonflyBSD has metldown fixes merged and Matt Dillion is more than a bit peeved at Intel… – Alan Cox – Google+
- [My link] »PoC code implementing variant 3a of the Meltdown attack for AArch64. … – Kristian Köhntopp – Google+
- [My Link; WayBack] Joe Fitz on Twitter: But we’re still not there. #meltdown and #spectre attack fundamental architecture features that have been built on for decades. We may need to go back to the drawing board. (old intel product lifecycle slide). Everything so far has been in the yellow ‘development’ phase.
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment