VERT Threat Alert: CPU Vulnerabilities - Meltdown and Spectre

Vulnerability Description

Meltdown and Spectre are hardware design vulnerabilities in CPUs utilizing speculative execution. While the defect exists in the hardware, mitigations in operating systems are possible and are currently available. CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. The issues are organized into three variants:

• CVE-2017-5753, Spectre Variant 1: CPUs utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
• CVE-2017-5715, Spectre Variant 2: Branch target injection
• CVE-2017-5754, Meltdown: allows attackers to read arbitrary physical memory (including kernel memory) from an unprivileged user process.

These attacks are possible due to the interaction between operating system memory management and CPU implementation optimization choices. The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.

Exposure and Impact

Attacks require the ability to execute code locally on a target system. Typically, this type of attack requires a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are also possible. Multi-user and multi-tenant systems (including virtualized environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk.

Remediation & Mitigation

Vendors are releasing patches for vulnerable systems and cloud environments like Amazon and Azure are patching the operating systems they deliver.

Detection

ASPL-759 shipped on January 5, 2018 contained checks for the following products:

• Microsoft Windows Patches/Mitigations for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 (x64 only)
• Microsoft SQL Server 2016 & 2017 Patches/Mitigations for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
• RHEL Patches/Mitigations for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
• CentOS Patches/Mitigations for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
• VMware ESXi Patches/Mitigations for CVE-2017-5715, CVE-2017-5753
• OEL Patches/Mitigations for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
• Amazon Linux Patches/Mitigations for CVE-2017-5754
• Apple Mac OS Patches/Mitigations for CVE-2017-5754
• Google Chrome, Mozilla Firefox, Microsoft Internet Explorer related mitigation detection.
• Host Information indicating the values of related Microsoft Windows Server registry configuration.

References

• https://www.kb.cert.org/vuls/id/584653
• https://www.sans.org/webcasts/downloads/106815/slides
• https://meltdownattack.com/
• https://meltdownattack.com/meltdown.pdf
• https://spectreattack.com/
• https://spectreattack.com/spectre.pdf