Wednesday March 06, 2019

New Speculative Execution Bug Allegedly Affects Intel CPUs

Back in 2018, when the Spectre and Meltdown vulnerabilities were first publicized, many security experts feared that they opened a figurative Pandora's box. Those two exploits are part of a wider class of potential speculative execution flaws, and this week, those fears were realized, as researchers from Worcester Polytechnic Institute have revealed (PDF Warning) a new speculative execution exploit dubbed "Spoiler."

Intel CPUs reportedly use "dependency resolution logic" to resolve false dependencies when speculatively executing load operations, and the researchers say "the dependency resolution logic suffers from an unknown false dependency independent of the 4K aliasing. The discovered false dependency happens during the 1 MB aliasing of speculative memory accesses which is exploited to leak information about physical page mappings." In that vein, the researchers claim this particular exploit only requires "a limited set of instructions," and that all Intel "Core" CPUs running on any operating system are vulnerable to the attack. The attack can be loaded with Javascript code from a website, without any need for privilege escalation beforehand, and the researchers successfully demonstrated the exploit on Nehalem, Sandy Bridge, and Ivy Bridge-based Xeon servers. Intel was reportedly informed of the exploit on December 1st, 2018, and they recently published this response:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.

News Image

While speculative execution enables both SPOILER and Spectre and Meltdown, our newly found leakage stems from a completely different hardware unit, the Memory Order Buffer. We exploited the leakage to reveal information on the 8 least significant bits of the physical page number, which are critical for many microarchitectural attacks such as Rowhammer and cache attacks. We analyzed the causes of the discovered leakage in detail and showed how to exploit it to extract physical address information. further, we showed the impact of SPOILER by performing a highly targeted Rowhammer attack in a native user-level environment. We further demonstrated the applicability of SPOILER in sandboxed environments by constructing efficient eviction sets from JavaScript, an extremely restrictive environment that usually does not grant any access to physical addresses. Gaining even partial knowledge of the physical address will make new attack targets feasible in browsers even though JavaScript-enabled attacks are known to be difficult to realize in practice due to the limited nature of the JavaScript environment. Broadly put, the leakage described in this paper will enable attackers to perform existing attacks more efficiently, or to devise new attacks using the novel knowledge.