Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Researchers at ETH Zurich have identified two ways to bypass Spectre attack protection based on the use of Indirect Branch Prediction Barriers (IBPB) processor instructions to reset the state of the jump prediction block every time the context is switched (e.g., when passing control between user space and the kernel or between the guest and host environment). The first method affects Intel processors, and the second is AMD processors. In addition, the researchers implemented for the first time a working exploit that exploits the Spectre vulnerability to leak memory contents between processes, and demonstrated its use to extract passwords from the memory of suid processes such as sudo, su, and polkit.
The first way to bypass Spectre protection is caused by a bug in the microcode of Intel processors and appears on systems with 12, 13, and 14 generations of Intel Core processors and 5 and 6 generations of Intel Xeon processors. The issue was fixed in a microcode update released by Intel in March. Due to the error, the results of the jump prediction were saved after the IBPB instruction was executed, which was supposed to invalidate them, which made it possible to determine the data left over from speculative execution of the instructions in other processes or virtual machines.
In the course of the study, special attention was paid to the development of a method for organizing the leakage of memory contents of other processes, including privileged ones, such as sudo. Since there were no working techniques for exploiting Spectre-class vulnerabilities aimed at breaking isolation between processes, the implementation of protection focused mainly on the kernels and the hypervisor, and the problems associated with speculative execution in processes that manipulate confidential data were left unaddressed. Thus, in order to attack processes, as a rule, it is not necessary to bypass IBPB-based protection, since such protection at the process level was used only in isolated cases. The exploit prepared in the course of the study demonstrated the possibility of using Spectre vulnerabilities to attack processes that use the suid bit to execute with privilege escalation.
Video:
Exploitation of Spectre vulnerabilities at the process level requires the presence of certain sequences of instructions in the process code that lead to speculative code execution depending on external conditions that can be influenced by an attacker. Speculative memory accesses that occur after determining an incorrect transition prediction are discarded by the processor, but traces of their execution are stored in the processor cache and can then be retrieved from other processes using side-channel analysis, for example, analyzing changes in access times to cached and uncached data.
The second way to bypass Spectre protection is because the details of using IBPB instructions differ between processors from different manufacturers and from different generations of processors from the same manufacturer. Because IBPB semantics in past generations of AMD processors are different from those in Intel CPUs and newer generations of AMD CPUs, the Linux kernel did not take into account the differences and some configurations were not properly secured. Similar problems are likely present in other operating systems and hypervisors, but the study only examined the Linux kernel, due to the availability of its source code. The issue has been confirmed in AMD's Zen, Zen2, and Zen3 generation CPUs (issues on Zen3 systems have not been confirmed by researchers, but are mentioned in AMD's report) and are being fixed by installing a kernel update (a change to fix the problem has been adopted in the 6.12 development branch, but has not yet been ported to stable kernel releases).
To protect against vulnerabilities caused by speculative instruction execution, each time control is transferred, the kernel calls a procedure that executes an IBPB instruction to flush the jump prediction buffer. The problem is caused by the fact that on some AMD systems, in addition to clearing the jump prediction, a separate cleanup of the Return Address Stack (RSB) prediction stack used in RET instructions is required. To launch an attack on AMD Zen and Zen2 CPU systems, an attacker can initiate a false prediction of the return address before the IBPB operation is complete. As a demonstration of the method, an exploit has been prepared that extracts the contents of arbitrary kernel memory areas, which can be used to extract the hash of the root user's password from the page cache of the operating system.
Video:
Source
The first way to bypass Spectre protection is caused by a bug in the microcode of Intel processors and appears on systems with 12, 13, and 14 generations of Intel Core processors and 5 and 6 generations of Intel Xeon processors. The issue was fixed in a microcode update released by Intel in March. Due to the error, the results of the jump prediction were saved after the IBPB instruction was executed, which was supposed to invalidate them, which made it possible to determine the data left over from speculative execution of the instructions in other processes or virtual machines.
In the course of the study, special attention was paid to the development of a method for organizing the leakage of memory contents of other processes, including privileged ones, such as sudo. Since there were no working techniques for exploiting Spectre-class vulnerabilities aimed at breaking isolation between processes, the implementation of protection focused mainly on the kernels and the hypervisor, and the problems associated with speculative execution in processes that manipulate confidential data were left unaddressed. Thus, in order to attack processes, as a rule, it is not necessary to bypass IBPB-based protection, since such protection at the process level was used only in isolated cases. The exploit prepared in the course of the study demonstrated the possibility of using Spectre vulnerabilities to attack processes that use the suid bit to execute with privilege escalation.
Video:
Exploitation of Spectre vulnerabilities at the process level requires the presence of certain sequences of instructions in the process code that lead to speculative code execution depending on external conditions that can be influenced by an attacker. Speculative memory accesses that occur after determining an incorrect transition prediction are discarded by the processor, but traces of their execution are stored in the processor cache and can then be retrieved from other processes using side-channel analysis, for example, analyzing changes in access times to cached and uncached data.
The second way to bypass Spectre protection is because the details of using IBPB instructions differ between processors from different manufacturers and from different generations of processors from the same manufacturer. Because IBPB semantics in past generations of AMD processors are different from those in Intel CPUs and newer generations of AMD CPUs, the Linux kernel did not take into account the differences and some configurations were not properly secured. Similar problems are likely present in other operating systems and hypervisors, but the study only examined the Linux kernel, due to the availability of its source code. The issue has been confirmed in AMD's Zen, Zen2, and Zen3 generation CPUs (issues on Zen3 systems have not been confirmed by researchers, but are mentioned in AMD's report) and are being fixed by installing a kernel update (a change to fix the problem has been adopted in the 6.12 development branch, but has not yet been ported to stable kernel releases).
To protect against vulnerabilities caused by speculative instruction execution, each time control is transferred, the kernel calls a procedure that executes an IBPB instruction to flush the jump prediction buffer. The problem is caused by the fact that on some AMD systems, in addition to clearing the jump prediction, a separate cleanup of the Return Address Stack (RSB) prediction stack used in RET instructions is required. To launch an attack on AMD Zen and Zen2 CPU systems, an attacker can initiate a false prediction of the return address before the IBPB operation is complete. As a demonstration of the method, an exploit has been prepared that extracts the contents of arbitrary kernel memory areas, which can be used to extract the hash of the root user's password from the page cache of the operating system.
Video:
Source
