US-CERT- TA18-141A: Side-Channel Vulnerability Variants 3a and 4

Netwörkheäd · May 22, 2018, 06:02:39 PM

TA18-141A: Side-Channel Vulnerability Variants 3a and 4

[html]Original release date: May 21, 2018 | Last revised: May 22, 2018

Systems Affected

CPU hardware implementations

Overview

On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as https://www.us-cert.gov/ncas/alerts/TA18-004A">Spectre and Meltdown were https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html">publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems.

Description

Common CPU hardware implementations are vulnerable to the side-channel attacks known as Spectre and Meltdown. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Variant 4 is a vulnerability that exploits "speculative bypass." When exploited, Variant 4 could allow an attacker to read older memory values in a CPU's stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to

Read arbitrary privileged data; and
Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

Variant 1: Bounds Check Bypass – CVE-2017-5753
Variant 2: Branch Target Injection – CVE-2017-5715
Variant 3: Rogue Data Cache Load – CVE-2017-5754
Variant 3a: Rogue System Register Read – CVE-2018-3640