A design flaw in Intel’s chip architecture, present since 1995, has come back to haunt the company - and the computing industry as a whole.
Following reports of a security issue affecting almost all Intel processors in use today, further details have been revealed - there are in fact two distinct vulnerabilities, codenamed Meltdown and Spectre. The issues are caused by speculative execution, a technique used by most CPUs to optimize performance. Some vulnerabilities also impact chips from AMD and Arm, but to a lesser extent.
Meltdown sounds about right
The problems were discovered by Google Project Zero employees and independent security researchers. There is currently no evidence that Meltdown and Spectre have been used to attack real users - although the exploit does not leave any traces in traditional log files, so it would be hard to detect. Researchers have also demonstrated Meltdown being used to steal passwords, by allowing access to the contents of the operating system kernel’s private memory areas.
Project Zero described the vulnerabilities in a blog post: “We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.”
On a website funded by the European Research Council (ERC) under the European Union’s Horizon 2020 program, researchers from the Graz University of Technology explained the difference between the vulnerabilities: “Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”
Meltdown is thought to impact virtually all Intel CPUs released since 1995, with the exception of Itanium and Atom chips made before 2013. Graz University team notes that it affects “cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.”
Arm’s Cortex-A75 is thought to be affected by Meltdown, but the rest of its chip lineup is believed to be safe.
Spectre, meanwhile, comes in two variants and affects ”almost every system,” Graz University researchers said.
“Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and Arm processors.”
The name Spectre was chosen not just because it’s based on the root cause - speculative execution - but because “it is not easy to fix, [and] it will haunt us for quite some time.”
Damage control to Major Tom
Responding to the vulnerabilities being made public, Intel said: “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices - with many different vendors’ processors and operating systems - are susceptible to these exploits.”
Some have taken exception to Intel’s claims that the vulnerabilities are an industry-wide issue, considering that the company’s chips are more likely to be affected.
Linux kernel creator Linus Torvalds said: “I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.
“And that really means that all these mitigation patches should be written with “not all CPU’s are crap” in mind. Or is Intel basically saying “we are committed to selling you shit forever and ever, and never fixing anything?”
“Because if that’s the case, maybe we should start looking towards the ARM64 people more.”
AMD said in a statement: “To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.”
Arm public relations director Phil Hughes told Wired: “I can confirm that Arm have been working together with Intel and AMD to address a side-channel analysis method which exploits speculative execution techniques used in certain high-end processors, including some of our Cortex-A processors.”
The issue might affect other chip manufacturers, with Red Hat teasing: “Additional exploits for other architectures are also known to exist. These include IBM System Z, Power8 (Big Endian and Little Endian), and Power9 (Little Endian).”
Update your systems
Software fixes for Meltdown have been rolled out across most operating systems, whilst Spectre remains a current issue. The updates are also expected to reduce chip performance, but, as of yet, the true impact on data center workloads is not known.
Major cloud companies were quick to announce security updates, with AWS moving scheduled maintenance forward after Meltdown and Spectre were made public. The company said: “All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.”
Microsoft issued a similar statement: “Most of the Azure infrastructure has already received mitigations against this class of vulnerability. An accelerated reboot is occurring for any remaining hosts. Customers can check the Azure Portal for additional details.” Update: Microsoft appears to be struggling with the upgrade, with some accounts not returning after the reboot.
Google’s VP of 24x7, Benjamin Treynor Sloss, said: “GCP has already been updated to prevent all known vulnerabilities. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”