A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible.
Speculative execution is a core component of modern microprocessor design that speculatively executes instructions based on assumptions that are considered likely to be true.
If the assumptions come out to be valid, the execution continues, otherwise discarded.
Such speculative executions also have side effects that are not restored when the CPU state is unwound, leading to information disclosure, which can then be accessed using side-channel attacks.
Microsoft silently issued patches for the new speculative execution vulnerability in its July 2019 Patch Tuesday security update which was discovered and responsibly disclosed by researchers at security firm Bitdefender.
According to a security advisory released today by Red Hat, the attack relies on speculatively executing unexpected SWAPGS instructions after a branch gets mispredicted.
SWAPGS instruction is a privileged system instruction that swaps the values in the GS register with the MSR values and is only available on devices with x86-64 architecture
What is the SWAPGS attack?
“We call this the SWAPGS attack because the vulnerability leverages the SWAPGS instruction,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, says “an under-documented instruction that makes the switch between user-owned memory and kernel memory.”
Botezatu also says that, at this point, “all Intel CPUs manufactured between 2012 and today are vulnerable to the SWAPGS attack.”
Which means every Intel chip going back to the “Ivy Bridge” processor is vulnerable if inside a machine running Windows.
However, it appears it is not just Intel CPUs that are affected by the SWAPGS attack vulnerability. According to a Red Hat advisory published August 6th, the threat “applies to x86-64 systems using either Intel or AMD processors.” Something that AMD itself disputes.
An AMD spokesperson pointed me in the direction of a public statement online: “AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data.
Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS.
For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”
That same Red Hat advisory stated that “based on industry feedback, we are not aware of any known way to exploit this vulnerability on Linux kernel-based systems.”
During my briefing with Botezatu, he noted that “Linux machines are also impacted,” however, due to the operating system architecture they are “less prone to this type of attack, as it is less reliable.”
Botezatu says that other operating system vendors are not impacted at this point, “but are still investigating similar attack avenues leveraging the SWAPGS attack.”
The scary firmware attack surface explained
Ian Thornton Trump, head of cybersecurity at Amtrust International, knows what this “BIOS and firmware” attack surface looks like. “To understand why it’s so scary comes down to one simple concept,” Thornton-Trump tells me, “if the firmware, BIOS and microcode layers of a computer are insecure than it is impossible to put a secure operating system on top of that.”
Indeed, when the original Spectre threat story first broke, I recall Thornton-Trump speculating that the modern CPU is actually an operating system unto itself; concluding that architectural and procedural vulnerabilities will be aggressively explored by security researchers.
“Now we have a new development in this story,” Thornton-Trump says, “inserting code into speculative execution can yield an exploit for a component of the 64-bit Windows Kernel.” What does this mean? “It means the Operating System is no longer secure because the CPU is not secure,” and the result of that is a leak of user mode data.
“This is achieved by abusing the fact that SWAPGS instruction can be executed speculatively. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address.” researchers at Bitdefender say.
The SWAPGS attack breaks the Kernel Page-Table Isolation (KPTI) provided by modern CPUs and can be used to leak sensitive kernel memory from unprivileged user mode, Intel acknowledged.
“It is possible that these conditional branches in the Linux kernel entry code may mis-speculate into code that will not perform the SWAPGS, resulting in a window of speculative execution during which the wrong GS is used for dependent memory operations,” RedHat says in its advisory.
According to Bitdefender researchers, the new attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown vulnerabilities in early 2018 that put practically every computer in the world at risk.
Though the Linux kernel also contains a gadget which may be exploited to target Linux systems in an attack, researchers believe exploiting Linux operating systems could slightly be tougher than Windows computers.
Since the attack can not be launched remotely, it is unlikely to cause mass malware infections, like EternalBlue was used for WannaCry; instead, it can be exploited as part of an extremely targeted attack.
Affected users can address this issue through a software update for their operating systems that would mitigate how the CPU speculatively accesses memory.
Meanwhile, Google has also prepared a patch to fix this vulnerability in its ChromeOS 4.19 with a soon-to-be-released update, describing the flaw as:
“An attacker can train the branch predictor to speculatively skip the swapgs path for an interrupt or exception. If they initialize the GS register to a user-space value, if the swapgs is speculatively skipped, subsequent GS-related percpu accesses in the speculation window will be done with the attacker-controlled GS value. This could cause privileged memory to be accessed and leaked.”
In a statement AMD said:
“Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”