Intel has released “INTEL-SA-00115,” the latest information on Intel product security or lack thereof.
Here it is, verbatim:
Summary:
Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.
Intel is committed to product and customer security and to coordinated disclosure. We worked closely with other technology companies and several operating system and system software vendors, developing an industry-wide approach to mitigate these issues promptly.
For facts about these new methods, technical resources, and steps you can take to help protect your systems and information please visit: https://www.intel.com/securityfirst.
Description:
CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4
• Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
•> 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a
• Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis.
• 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products:
The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time.
Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Atom™ Processor C Series (C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958)
Intel® Atom™ Processor E Series
Intel® Atom™ Processor A Series
Intel® Atom™ Processor X Series (x5-E3930, x5-E3940, x7-E3950)
Intel® Atom™ Processor T Series (T5500, T5700)
Intel® Atom™ Processor Z Series
Intel® Celeron® Processor J Series (J3355, J3455, J4005, J4105)
Intel® Celeron® Processor N Series (N3450)
Intel® Pentium® Processor J Series (J4205)
Intel® Pentium® Processor N Series (N4000, N4100, N4200)
Intel® Pentium® Processor Silver Series (J5005, N5000)
Please check with your system vendor or equipment manufacturer for more information regarding updates for your system. For non-Intel based systems please contact your system manufacturer or microprocessor vendor.
Recommendations:
Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.
Intel has released Beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.
The microcode updates will also address Rogue System Register Read (RSRR) – CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return data under certain conditions. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. No operating system or hypervisor changes are required to support the RDMSR change.
It is expected beta microcode updates will be fully production qualified in the coming weeks. Intel recommends end users and systems administrators check with their OEM and system software vendors and apply any available updates as soon as practical.
Acknowledgements:
Intel would like to acknowledge and thank Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) for independently reporting CVE-2018-3639.
Intel would like to acknowledge and thank Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (https://sysgo.com) for reporting CVE-2018-3640. Intel would also like to acknowledge and thank Innokentiy Sennovskiy from BiZone LLC (bi.zone).
source: Intel Corporation
MacDailyNews Take: When a companies sell defective wares, as Intel has, they are hit with class action lawsuits, as Intel has been, and rightfully so. If the result causes the companies to go bankrupt because their incompetence compromised the security and performance of untold millions of products, so be it. Such a result would be deserved.
When flawed, insecure, and therefore defective products are sold to consumers, recalls and/or recompense are the proper responses. — MacDailyNews, January 4, 2018
CERT: The only way to fix the Meltdown and Spectre vulnerabilities is to replace the CPU. Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly. Watch and see. https://t.co/OeC2AoPdlK #Intel #AMD #ARM
— MacDailyNews (@MacDailyNews) January 4, 2018
SEE ALSO:
Intel’s Spectre patch is causing reboot problems – January 12, 2018
In wake of Spectre and Meltdown, Intel CEO offers open letter, looks to restore confidence in Intel CPU security – January 11, 2018
Apple releases iOS and macOS updates with a mitigation for Spectre CPU flaw – January 8, 2018
Meltdown and Spectre: What Apple users need to know – January 8, 2018
How Apple product users can protect themselves against Spectre and Meltdown CPU flaws – January 5, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018
My Macbook Pro 13″ has the i5 Intel processor, saying that the list of intel processors affected is huge so many Mac owners would be included. On top of it its Google and Microsoft employees along with SYSGO AG who have identified the problems. How will Intel address the problem is what i want to know
“multiple types of computing devices with different vendors’ processors and operating systems” love the way they can’t bring themselves to actually say INTEL processors.
Except “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” Apple said in a statement. “Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”
Can you bring yourself to say “Apple processors!”
If I have understood all of this correctly as it has unfolded over the past 6 months or so…
They don’t say INTEL processors because other processors have the same potential flaws. The concept of speculative processing is used everywhere now, including the ARM processor in our iPhones. While perhaps not these identical vulnerabilities, the same possibilities exist on other processors, making it accurate for them to say “multiple types of computing devices with different vendors’ processors and operating systems”.
This also means that MDN should be careful spouting off about how “they” should be sued and put out of business, because “they” might not only include Apple, but could practically halt all modern computing. We wouldn’t be where we are today without this concept that created the vulnerabilities that have recently come to light.
MDN’s take (and many, many others’ too) is just plain idiotic.
The supposition is that Intel knew about these bugs, just didn’t care, and fabbed chips that had known security problems.
If you can prove that back in 2007 (back when the 45 nm chips taped out — about a year before any 45 nm chips started shipping in full production) Intel knew about these flaws and still shipped anyway, then you people might have a case against Intel. Otherwise, it’s a bug. It’s just a bug. The flaw is an unintended consequence of speculative execution.
Speculative execution is pervasive. Almost every CPU put out in the past 10+ years does it. It is a way to get more instructions executed per processor clock cycle. Researchers are finding out that there are ways to access the memory storing data associated with those speculative executions. Likely no one back then (or even up until a year or two ago) had any idea that speculative executions that are for paths not actually taken would be of interest to anyone as they are effectively discarded as the various threads move forward.
Now people are figuring out how to read those pieces of data. Now people are getting upset that this data is even accessible. The real issue is how quickly and how effectively will these issues be addressed.
It takes as much as two or more years to do the chip designs, then after the chip designs are finalized (“tape out”) it can take up to a year of test chips before limited production, then it can be as much as six months or more before full production — meaning the full cycle can be well over three years (but typically only a year to year and a half from tape out to full production).
Last summer both Spectre and Meltdown were disclosed to Intel and others. IF the new breed of chips coming out this fall and early 2019 don’t have those two properly addressed then there’s something to be truly worth people’s ire.
So… If a couple years from now Intel (and others, as virtually all chips do speculative execution including those from Apple) do not close these security holes then scream and sue them, but until then relax and just be prudent: install any and all appropriate patches.
Time to leave Intel behind.
MDN: The world is not a binary cartoon fantasy. We have to have some pragmatism in the solutions to our problems. There’s a high likelihood that you have been and will continue to be completely unaffected by this, that you will incur no expense attempting to remediate any potential issues, and that the resale value of your systems will be unchanged. Intel going out of business would be a disaster for everyone. Enough with the drama…
Every piece of software and hardware ever sold has security flaws. I don’t necessarily agree that means you deserve to be sued.