Difference between revisions of "Meltdown, Spectre, Foreshadow, ZombieLoad and related exploits"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
(44 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Summary ==
== Summary ==


First disclosed in 2018, Meltdown and Spectre are hardware leveled exploits. They both apply so-called side channel attack strategies and speculative execution to gather access to otherwise protected data. While Meltdown (which mostly affected Intel hardware) grants attackers access to Kernel-level information from a user-level point of entry, Spectre allows attackers to access data from different users or programmes running on the same hardware (and affected basically every modern computer system). While read access is slow, applying these exploits in a cloud environment poses a huge threat: A program observing information and data running on the same physical device (but on different virtual machines) can slowly but surely gather confident information. Developers of the most prominent hardware and operating systems had been informed before the disclosure of the exploits, and as such, both exploits have since been fixed. It should be noted, however, that first patches were, although almost immediate, far from final and were highly criticized - performance issues and spontaneous reboots were among the most overtly criticized issues. As speculative execution is both a way to speed up processing tasks as well as it by design poses a certain uncertainty, follow-up exploits applying similar strategies still appear from time to time. Especially noteworthy is Netspectre, which does not even require local execution of malicious code. Hence, while private end users not in the cloud are not the primary target group, the theoretical destructive potential of such exploits is still very present.
Meltdown and Spectre are two hardware-level vulnerabilities that were first disclosed in 2018. Both vulnerabilities exploit a technique called speculative execution, which is used to speed up processing tasks, to gather access to protected data. Meltdown, which mainly affected Intel hardware, allows attackers to gain access to kernel-level information from a user-level point of entry. Spectre, on the other hand, allows attackers to access data from other programs or users running on the same hardware, which is virtually every modern computer system. While these exploits are slower to execute when it comes to reading data, they can be particularly dangerous in a cloud environment, where an attacker can gather sensitive information by observing data and programs running on the same physical device but on different virtual machines.
Developers of the most popular hardware and operating systems were informed about these vulnerabilities before they were publicly disclosed, and patches were released to fix them. However, the initial patches were not without their problems, and were criticized for causing performance issues and spontaneous reboots. Despite the fixes, new exploits that use similar techniques to Meltdown and Spectre continue to emerge. One notable example is Netspectre, which doesn't even require the execution of malicious code locally to be effective. While private end users are not the primary target for these kinds of exploits, their theoretical destructive potential should not be underestimated.
 
Foreshadow and ZombieLoad are two additional vulnerabilities that were discovered after Meltdown and Spectre. Foreshadow, also known as L1 Terminal Fault (L1TF), is a vulnerability that affects Intel processors and allows attackers to access sensitive data stored in the processor's Level 1 cache, which is usually protected. Foreshadow can be used to steal sensitive information such as passwords, encryption keys, and personal data from the operating system, virtual machines, and trusted execution environments.
ZombieLoad, also known as Microarchitectural Data Sampling (MDS), is a set of vulnerabilities that affect Intel processors and allow attackers to access sensitive data stored in the processor's microarchitecture, such as the data being processed by the CPU. ZombieLoad can be used to steal sensitive information such as passwords, encryption keys, and personal data from the operating system, virtual machines, and trusted execution environments. Both Foreshadow and ZombieLoad can be exploited through side-channel attacks, similar to Meltdown and Spectre.
 
Retbleed and Hertzbleed are two of the latest vulnerabilities to be discovered, both in 2022. Retbleed is a type of attack that exploits the speculative execution feature of modern CPUs to leak sensitive information. It works by intentionally guiding the CPU to execute code paths that reveal sensitive information and then extracting that information from the caches using side-channel techniques. Retbleed can potentially be used to steal sensitive information from multi-tenant cloud environments. Hertzbleed is a side-channel attack that involves observing the operation of a single chip or computer to extract sensitive information. It uses dynamic voltage and frequency scaling (DVFS) to extract information by exploiting variations in power consumption and CPU frequency. Hertzbleed can potentially be used to compromise the security of systems using Intel processors.
 


== Requirements and notes ==
== Requirements and notes ==


* Basically all Intel CPUs manufactered between 1995 and 2018 are vulnerable to both Spectre and Meltdown, as well as regular modern operating systems BEFORE early 2018 (which is when patches have been released).
* The vulnerabilities exploited by Meltdown and Spectre were present in virtually all Intel CPUs manufactured between 1995 and 2018, as well as in modern operating systems before early 2018, when patches were released to fix the vulnerabilities.


* AMD CPUs are not suspectible to Meltdown, but they are vulnerable to Spectre. They too have since been patched.
* AMD CPUs are not vulnerable to Meltdown, but they are susceptible to Spectre. Patches have also been released for AMD CPUs to address the Spectre vulnerability.


* Patching has been done both on the level of operating systems as well as with CPU developers themselves issuing BIOS update patches.
* In order to fix these vulnerabilities, patches have been released by both operating system developers and CPU manufacturers in the form of BIOS updates.


* As mentioned before, while all operating systems and CPU brands were affected, the biggest threat lured in a cloud environment - a double hit for cloud computing companies, as the patches usually cost some performance - a hefty price for a business model based on selling performance, but one they had to pay given the severity of danger in a clouded environment with these exploits unfixed.
* As mentioned before, the biggest threat posed by Meltdown and Spectre was in a cloud environment, where the vulnerabilities could be exploited to access sensitive data from multiple users or programs running on the same physical hardware. This posed a double threat for cloud computing companies, as the patches required to fix the vulnerabilities often resulted in a reduction in performance, which could be costly for a business model that relies on selling performance.


* It almost goes without saying, but in order for these exploits to actually amount to anything, the systems to be compromised must be connected to the internet in some way - while you theoretically could spread the malicious code among retro-enthusiasts via 3,5" floppy disks, the secretive data gathered would never leave the system in that scenario.
* It is important to note that in order for these vulnerabilities to be exploited, the affected systems must be connected to the internet in some way. While it is theoretically possible to spread malicious code through other means, such as 3.5" floppy disks, the data gathered through these exploits would not be able to leave the system in that scenario.


=== Historical background ===
=== Historical background ===


The exploits were disclosed in January 2018, and the research as well as the publication was handled by Google Project Zero, Cyberus Technology and the Technical University Graz. As developers of the largest CPU brands and operating systems had been contacted as mid 2017, the fist sets of patches were issued simultaneously, although developers of smaller Linux branches complained about receiving second-class security information. First patches seemed to come with terrible performance implications, especially for Intel systems, and in general Intel's statements around that time caused some distrust from people such as Linus Torvald. Some operating systems (or its iterations) and some hardware devices, in both cases mostly old variations, never saw any patches being deployed.
The exploits for Meltdown and Spectre were first disclosed in January 2018 by researchers from Google Project Zero, Cyberus Technology, and the Technical University of Graz. Developers of the major CPU brands and operating systems had been notified about the vulnerabilities in mid-2017, and the first patches were released simultaneously with the disclosure of the vulnerabilities. However, some developers of smaller Linux distributions complained about receiving second-class security information. The initial patches for these vulnerabilities were criticized for causing significant performance issues, particularly for Intel systems. Some operating systems and hardware devices, particularly older versions, never received patches to fix the vulnerabilities. Netspectre, a variant of Spectre that does not require the execution of malicious code locally, was first documented in the late summer of 2018.
 
After the discovery of Spectre and Meltdown, researchers continued to search for other vulnerabilities that could be exploited through speculative execution. The first discovery, known as Foreshadow or L1 Terminal Fault, is particularly dangerous because it allows attackers to steal information from multi-tenant cloud environments. In the case of Foreshadow, only Intel servers are affected. Software patches have been developed to mitigate the threat, but enterprises may need to take additional action depending on their specific situation.


Netspectre was first documented in the late summer of 2018.
A few months after the discovery of Meltdown, Spectre, and Foreshadow, another vulnerability was found called Microarchitectural Data Sampling (MDS) or ZombieLoad. This vulnerability affects Intel processors and allows attackers to read or "sample" data used by other programs, containers, and virtual machines in order to potentially steal sensitive information, particularly on shared machines such as public clouds. Patches have been released to fix this vulnerability as well.


All of these exploits were disclosed without a definite account on damages already caused - they were merely the result of researchers coming to the conclusion that the existing architecture could be abused in such ways. Companies are not exactly known to disclose all the issues of their own hardware they are aware of, and neither are people who make a living off compromising other people's security, so it is unknown how many more exploits exist and how many more are currently even being employed in the wild. The most recent similar exploit at the time of this writing (early 2021) is Platypus.
It is not known how many other similar vulnerabilities exist or how many of them are being actively exploited in the wild. The most recent known exploit at the time of writing (early 2023) is Retbleed and Hertzbleed.


=== Description of how Spectre works ===
=== Description of how Spectre works ===
Line 67: Line 76:


As can be seen, the actual principle of the attack does NOT differ fundamentally from the one of Spectre's Bound Check Bypass: A restricted address value is accessed, this request is speculatively executed, then denied, then nonetheless accessed indirectly. Meltdown attacks, too, are very slow in gathering data and require local execution of malicious code in the first place.
As can be seen, the actual principle of the attack does NOT differ fundamentally from the one of Spectre's Bound Check Bypass: A restricted address value is accessed, this request is speculatively executed, then denied, then nonetheless accessed indirectly. Meltdown attacks, too, are very slow in gathering data and require local execution of malicious code in the first place.
=== Description of how Foreshadow works ===
The way it works is as follows: In the L1 data cache of Intel processors, each byte of the memory byte has both a physical and a virtual address. The operating system keeps track of these addresses using special tables called "page tables". The processors spend a lot of time searching the page tables. To speed this up, they speculatively search the L1 data cache for matches before confirming the validity of the page table entry. If this is the case, the processor reports a terminal error to the operating system and discards the speculative data.
But before the error occurs, there is a small window of opportunity for malicious users to figure out the value of the data. Then they can trick the operating system to cache and steal sensitive information. Worse, cyber criminals can use this vulnerability to exploit a multi-tenant cloud environment. Here, hypervisors use page tables to allocate physical server resources to virtual machines. They can also use extended page tables to share management with these virtual machines. The problem is that a cybercriminal running a virtual machine on that server could create a malicious extended page table and trick the hypervisor into revealing secrets of other virtual machines.
=== Description of how ZombieLoad works ===
In a real server, MDS allows an attacker to extract data from previous operations. In the same way, or through other sophisticated techniques, further partial information is merged and valuable information is stolen. MDS is possible because Intel processors are optimized to use buffers in speculative operations. There are several ways attackers can use MDS, each targeting different processor structures.
The memory buffer variant exploits how Intel processors speculatively forward data from a memory buffer entry. Intel splits data storage into two separate operations: "Store this address" and "Store this value". To improve performance, the data in the memory buffer entry is not removed. During a load operation, the memory buffer is scanned to determine if a recent save operation needs to be forwarded to the same location. If the load operation requires special support, the processor may use stale data speculatively without checking whether it is valid. This makes it possible to query the data.


=== Description of how Netspectre works ===
=== Description of how Netspectre works ===


Netspectre has the big distinction of NOT requiring local execution of malicious code, and instead may even target servers, which then in turn become "complicit" in gathering data for the attacker. It, again, exploits speculative execution and a "mistraining" of branch prediction. Cache accessing is performed via paket flushing the machine.
Netspectre has the big distinction of NOT requiring local execution of malicious code, and instead may even target servers, which then in turn become "complicit" in gathering data for the attacker. It, again, exploits speculative execution and a "mistraining" of branch prediction. Cache accessing is performed via paket flushing the machine.
=== Description of how Retbleed works ===
Retbleed works by intentionally guiding the CPU to execute code paths that reveal sensitive information and then extracting that information from the caches using side-channel techniques. Unlike other attacks in the Spectre family, which exploit indirect jumps or calls, Retbleed exploits return instructions. This allows it to bypass some of the software defenses that were put in place to prevent previous attacks of this nature, such as the retpoline mitigation.
=== Description of how Hertzbleed works ===
Hertzbleed specifically involves monitoring the average power consumption of Intel processors to attack the system. It uses dynamic voltage and frequency scaling (DVFS), a technique that adjusts the frequency and voltage of the CPU to optimize performance, to extract information. Hertzbleed is able to exploit the variations in power consumption and CPU frequency that occur when different sets of data are processed. It can also use time-constant programming, which is important in the implementation of encryption algorithms, to further extract sensitive information. Hertzbleed can potentially be used to compromise the security of systems using Intel processors.


== Overview in one condensed table ==
== Overview in one condensed table ==
Line 103: Line 132:
| Intel privilege escalation,<br />speculative execution
| Intel privilege escalation,<br />speculative execution
| Branch prediction / branch<br />target injection (variant 2),<br />speculative execution<br />(both variants)
| Branch prediction / branch<br />target injection (variant 2),<br />speculative execution<br />(both variants)
| Lazy FP state restore:<br /> *speculative execution side channel<br />L1 Terminal Fault - SGX
| Lazy FP state restore:<br /> *speculative execution side channel<br />L1 Terminal Fault - SGX: <br />*side-channel analysis<br />L1 Terminal Fault - OS Kernel, SMM:<br /> *terminal page fault <br />*side-channel analysis<br />L1 Terminal Fault - Virtual Machines<br /> *terminal page fault <br />*side-channel analysis
|
| MSBDS, MLPDS, MFBDS and MDSUM:<br /> *side channel with local access
|-
|-
| Consequences
| Consequences
| Kernel memory accesible<br />from user space
| Kernel memory accesible<br />from user space
| Memory and content of other<br />users and programmes becomes<br />accessible
| Memory and content of other<br />users and programmes becomes<br />accessible
|
| Lazy FP state restore:<br /> *Allow a local process to infer data from<br />another process<br />L1 Terminal Fault - SGX: <br />*May allow unauthorized disclosure of<br />information residing in the L1 data cache from<br />an enclave to an attacker with local<br />user access<br />L1 Terminal Fault - OS Kernel, SMM:<br /> *May allow unauthorized disclosure of<br />information residing in the L1 data cache<br />to an attacker with local<br />user access<br />L1 Terminal Fault - Virtual Machines<br /> *May allow unauthorized disclosure of<br />information residing in the L1 data cache<br />to an attacker with local<br />user access with guest OS privilege
|
| MSBDS, MLPDS, MFBDS and MDSUM:<br />*May allow an authenticated user to<br /> potentially enable information disclosure
|-
|-
| Number of affected systems
| Number of affected systems
| 1868
| 1868
| 2816
| 2816
|
|none known so far (2018)
|
|none known so far (2019)
|}
|}


== References ==
== References ==


* Schwarz, Michael and Lipp, Moritz and Schwarzl, Martin and Gruss, Daniel: NetSpectre: Read Arbitrary Memory over Network, 2018. Accessed online at https://mlq.me/download/netspectre.pdf, last access on 11.01.2021. Accessed online at https://mlq.me/download/netspectre.pdf, last access on 11.01.2021.
* Schwarz, Michael and Lipp, Moritz and Schwarzl, Martin and Gruss, Daniel: NetSpectre: Read Arbitrary Memory over Network, 2018. Accessed online at https://mlq.me/download/netspectre.pdf, last access on 06.01.2023.  
* Lipp, Moritz and Schwarz, Michael and Gruss, Daniel and Haas, Werner and Horn, Jann and Mangard, Stefan and Kocher, Paul and Fogh, Andreas and Genkin, Daniel and Yarom, Yuval and et al.: Meltdown: Reading Kernel Memory from User Space, 2018. Accessed online at https://meltdownattack.com/meltdown.pdf, last access on 11.01.2021.
* Lipp, Moritz and Schwarz, Michael and Gruss, Daniel and Haas, Werner and Horn, Jann and Mangard, Stefan and Kocher, Paul and Fogh, Andreas and Genkin, Daniel and Yarom, Yuval and et al.: Meltdown: Reading Kernel Memory from User Space, 2018. Accessed online at https://meltdownattack.com/meltdown.pdf, last access on 06.01.2023.
* Kocher, Paul and Horn, Jann and Fogh, Andreas and Genkin, Daniel and Gruss, Daniel and Haas, Werner and Hamburg, Mike and Lipp, Moritz, and Mangard, Stefan and Prescher, Thomas and Schwarz, Michael and Yarom, Yuval: Spectre Attacks: Exploiting Speculative Execution, 2018. Accessed online at https://spectreattack.com/spectre.pdf, last access on 11.01.2021.
* Kocher, Paul and Horn, Jann and Fogh, Andreas and Genkin, Daniel and Gruss, Daniel and Haas, Werner and Hamburg, Mike and Lipp, Moritz, and Mangard, Stefan and Prescher, Thomas and Schwarz, Michael and Yarom, Yuval: Spectre Attacks: Exploiting Speculative Execution, 2018. Accessed online at https://spectreattack.com/spectre.pdf, last access on 06.01.2023.
* WikiChip: CVE-2017-5753 (Spectre, Variant 1) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5753, last access on 11.01.2021.
* WikiChip: CVE-2017-5753 (Spectre, Variant 1) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5753, last access on 06.01.2023.
* WikiChip: CVE-2017-5715 (Spectre, Variant 2) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5715, last access on 11.01.2021.
* WikiChip: CVE-2017-5715 (Spectre, Variant 2) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5715, last access on 06.01.2023.
* WikiChip: CVE-2017-5754 (Meltdown, Variant 3) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5754, last access on 11.01.2021.
* WikiChip: CVE-2017-5754 (Meltdown, Variant 3) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5754, last access on 06.01.2023.
* Windeck, Christoph: "Platypus": Sicherheitslücke missbraucht Messfunktion von Intel-Prozessoren, 2020. Accessed online at https://www.heise.de/news/Platypus-Sicherheitsluecke-missbraucht-Messfunktion-von-Intel-Prozessoren-4953484.html, last access on 11.01.2021.
* Windeck, Christoph: "Platypus": Sicherheitslücke missbraucht Messfunktion von Intel-Prozessoren, 2020. Accessed online at https://www.heise.de/news/Platypus-Sicherheitsluecke-missbraucht-Messfunktion-von-Intel-Prozessoren-4953484.html, last access on 06.01.2023.
 
* Schwarz, Michael and Lipp, Moritz and Moghimi, Daniel and Van Bulck, Jo and Stecklina, Julian and Prescher, Thomas and Gruss, Daniel: ZombieLoad: Cross-Privilege-Boundary Data Sampling, 2019. Accessed online at https://zombieloadattack.com/zombieload.pdf, last access on 06.01.2023.
* Van Bulck, Jo and Minkin, Marina and Weisse, Ofir and Genkin, Daniel and Kasikci, Baris and Piessens, Frank and Silberstein, Mark and Wenisch, Thomas F. and Yarom, Yuval and Strackx, Raoul: Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom with Transient Out-of-Order Execution, 2018. Accessed online at https://foreshadowattack.eu/#paper, last access on 06.01.2023.
* Johannes Wikner, Kaveh Razavi: RETBLEED: Arbitrary Speculative Code Execution with Return Instructions. Accessed online at https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf, last access 06.01.2023.
* Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher and David Kohlbrenner: Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. Accessed online at https://www.hertzbleed.com/hertzbleed.pdf, last access on 06.01.2023
[[Category:Documentation]]
[[Category:Documentation]]

Revision as of 08:41, 7 January 2023

Summary

Meltdown and Spectre are two hardware-level vulnerabilities that were first disclosed in 2018. Both vulnerabilities exploit a technique called speculative execution, which is used to speed up processing tasks, to gather access to protected data. Meltdown, which mainly affected Intel hardware, allows attackers to gain access to kernel-level information from a user-level point of entry. Spectre, on the other hand, allows attackers to access data from other programs or users running on the same hardware, which is virtually every modern computer system. While these exploits are slower to execute when it comes to reading data, they can be particularly dangerous in a cloud environment, where an attacker can gather sensitive information by observing data and programs running on the same physical device but on different virtual machines. Developers of the most popular hardware and operating systems were informed about these vulnerabilities before they were publicly disclosed, and patches were released to fix them. However, the initial patches were not without their problems, and were criticized for causing performance issues and spontaneous reboots. Despite the fixes, new exploits that use similar techniques to Meltdown and Spectre continue to emerge. One notable example is Netspectre, which doesn't even require the execution of malicious code locally to be effective. While private end users are not the primary target for these kinds of exploits, their theoretical destructive potential should not be underestimated.

Foreshadow and ZombieLoad are two additional vulnerabilities that were discovered after Meltdown and Spectre. Foreshadow, also known as L1 Terminal Fault (L1TF), is a vulnerability that affects Intel processors and allows attackers to access sensitive data stored in the processor's Level 1 cache, which is usually protected. Foreshadow can be used to steal sensitive information such as passwords, encryption keys, and personal data from the operating system, virtual machines, and trusted execution environments. ZombieLoad, also known as Microarchitectural Data Sampling (MDS), is a set of vulnerabilities that affect Intel processors and allow attackers to access sensitive data stored in the processor's microarchitecture, such as the data being processed by the CPU. ZombieLoad can be used to steal sensitive information such as passwords, encryption keys, and personal data from the operating system, virtual machines, and trusted execution environments. Both Foreshadow and ZombieLoad can be exploited through side-channel attacks, similar to Meltdown and Spectre.

Retbleed and Hertzbleed are two of the latest vulnerabilities to be discovered, both in 2022. Retbleed is a type of attack that exploits the speculative execution feature of modern CPUs to leak sensitive information. It works by intentionally guiding the CPU to execute code paths that reveal sensitive information and then extracting that information from the caches using side-channel techniques. Retbleed can potentially be used to steal sensitive information from multi-tenant cloud environments. Hertzbleed is a side-channel attack that involves observing the operation of a single chip or computer to extract sensitive information. It uses dynamic voltage and frequency scaling (DVFS) to extract information by exploiting variations in power consumption and CPU frequency. Hertzbleed can potentially be used to compromise the security of systems using Intel processors.


Requirements and notes

  • The vulnerabilities exploited by Meltdown and Spectre were present in virtually all Intel CPUs manufactured between 1995 and 2018, as well as in modern operating systems before early 2018, when patches were released to fix the vulnerabilities.
  • AMD CPUs are not vulnerable to Meltdown, but they are susceptible to Spectre. Patches have also been released for AMD CPUs to address the Spectre vulnerability.
  • In order to fix these vulnerabilities, patches have been released by both operating system developers and CPU manufacturers in the form of BIOS updates.
  • As mentioned before, the biggest threat posed by Meltdown and Spectre was in a cloud environment, where the vulnerabilities could be exploited to access sensitive data from multiple users or programs running on the same physical hardware. This posed a double threat for cloud computing companies, as the patches required to fix the vulnerabilities often resulted in a reduction in performance, which could be costly for a business model that relies on selling performance.
  • It is important to note that in order for these vulnerabilities to be exploited, the affected systems must be connected to the internet in some way. While it is theoretically possible to spread malicious code through other means, such as 3.5" floppy disks, the data gathered through these exploits would not be able to leave the system in that scenario.

Historical background

The exploits for Meltdown and Spectre were first disclosed in January 2018 by researchers from Google Project Zero, Cyberus Technology, and the Technical University of Graz. Developers of the major CPU brands and operating systems had been notified about the vulnerabilities in mid-2017, and the first patches were released simultaneously with the disclosure of the vulnerabilities. However, some developers of smaller Linux distributions complained about receiving second-class security information. The initial patches for these vulnerabilities were criticized for causing significant performance issues, particularly for Intel systems. Some operating systems and hardware devices, particularly older versions, never received patches to fix the vulnerabilities. Netspectre, a variant of Spectre that does not require the execution of malicious code locally, was first documented in the late summer of 2018.

After the discovery of Spectre and Meltdown, researchers continued to search for other vulnerabilities that could be exploited through speculative execution. The first discovery, known as Foreshadow or L1 Terminal Fault, is particularly dangerous because it allows attackers to steal information from multi-tenant cloud environments. In the case of Foreshadow, only Intel servers are affected. Software patches have been developed to mitigate the threat, but enterprises may need to take additional action depending on their specific situation.

A few months after the discovery of Meltdown, Spectre, and Foreshadow, another vulnerability was found called Microarchitectural Data Sampling (MDS) or ZombieLoad. This vulnerability affects Intel processors and allows attackers to read or "sample" data used by other programs, containers, and virtual machines in order to potentially steal sensitive information, particularly on shared machines such as public clouds. Patches have been released to fix this vulnerability as well.

It is not known how many other similar vulnerabilities exist or how many of them are being actively exploited in the wild. The most recent known exploit at the time of writing (early 2023) is Retbleed and Hertzbleed.

Description of how Spectre works

Spectre gets its name from an abuse of the SPECulative execution present in basically any modern computer: Before it is even ensured that an operation is legitimate, the CPU will - based on "experience" - potentially "speculatively" execute it immediately. The legitimacy of a command may depend on what the follow up command is, and to potentially save time once the execution proves legit, "experience" is applied to guess if that is even likely. Such "experience", of course, can be misleading if the attacker decidedly trains the branch predictor to assume as it is desirable for them. Of course, if the operation eventuall proves illegitimate, the operation itself will not be executed. However, when trying to access a restricted set of data, the results of the SPECULATIVE execution alone are reflected in the cache. The content of said cache can then be gathered using a side channel attack - piece by piece accessing data outside of the legitimate range of an object, and checking if the data is present immediately (= it is cached) or if it takes time (= it will THEN be cached).

There are two versions of Spectre - one focuses on Branch Target Injection, which can be used to execute malicious code out of order, and one on the Bounds Check Bypass, which is the bypassing of security restrictions described above.

Spectre attacks are very slow in gathering data and require local execution of malicious code in the first place. They do, however, grant read-access to data out of the current user's range of permissions.

Sample code for Spectre variant 1: Bounds Check Bypass (CVE-2017-5753):

if (x < array1_size)
	y = array2[array1[x] * 4096 ];

Here, the range of an array is breached, and as a consequence, data from an entirely different address space accessed.

Sample code for Spectre variant 2: Branch Target Execution (CVE-2017-5715):

\begin{lstlisting}
	class Shape {
	 public:
	  virtual void Draw() = 0;
	};
	class Circle : public Shape {
	 public:
	  void Draw() override { … }
	};

	Shape* obj = new Circle;
	obj->Draw();

This uses polymorphism to "mislead" the machine to resolve the relevant address space where to store data on the fly: As it is not sure which type of object will be created at the time of compilation (due to polymorphism), this requires - again - speculative execution and addressing.

Description of how Meltdown works

Somewhat misleading, Meltdown ALSO applies speculative execution. It does, however, also apply Intel-only escalation of privilege to "melt down" security barriers. This distinction is impactful mostly on the "internal" side, the result is however still data that data which should be confidential can be accessed by attackers. The difference as far as this goes is that Meltdown allows access of Kernel level information from a user level.


Sample code for Meltdown (CVE-2017-5754):

char val = *(char *)0xAAAAA;

As can be seen, the actual principle of the attack does NOT differ fundamentally from the one of Spectre's Bound Check Bypass: A restricted address value is accessed, this request is speculatively executed, then denied, then nonetheless accessed indirectly. Meltdown attacks, too, are very slow in gathering data and require local execution of malicious code in the first place.

Description of how Foreshadow works

The way it works is as follows: In the L1 data cache of Intel processors, each byte of the memory byte has both a physical and a virtual address. The operating system keeps track of these addresses using special tables called "page tables". The processors spend a lot of time searching the page tables. To speed this up, they speculatively search the L1 data cache for matches before confirming the validity of the page table entry. If this is the case, the processor reports a terminal error to the operating system and discards the speculative data.

But before the error occurs, there is a small window of opportunity for malicious users to figure out the value of the data. Then they can trick the operating system to cache and steal sensitive information. Worse, cyber criminals can use this vulnerability to exploit a multi-tenant cloud environment. Here, hypervisors use page tables to allocate physical server resources to virtual machines. They can also use extended page tables to share management with these virtual machines. The problem is that a cybercriminal running a virtual machine on that server could create a malicious extended page table and trick the hypervisor into revealing secrets of other virtual machines.

Description of how ZombieLoad works

In a real server, MDS allows an attacker to extract data from previous operations. In the same way, or through other sophisticated techniques, further partial information is merged and valuable information is stolen. MDS is possible because Intel processors are optimized to use buffers in speculative operations. There are several ways attackers can use MDS, each targeting different processor structures.

The memory buffer variant exploits how Intel processors speculatively forward data from a memory buffer entry. Intel splits data storage into two separate operations: "Store this address" and "Store this value". To improve performance, the data in the memory buffer entry is not removed. During a load operation, the memory buffer is scanned to determine if a recent save operation needs to be forwarded to the same location. If the load operation requires special support, the processor may use stale data speculatively without checking whether it is valid. This makes it possible to query the data.

Description of how Netspectre works

Netspectre has the big distinction of NOT requiring local execution of malicious code, and instead may even target servers, which then in turn become "complicit" in gathering data for the attacker. It, again, exploits speculative execution and a "mistraining" of branch prediction. Cache accessing is performed via paket flushing the machine.

Description of how Retbleed works

Retbleed works by intentionally guiding the CPU to execute code paths that reveal sensitive information and then extracting that information from the caches using side-channel techniques. Unlike other attacks in the Spectre family, which exploit indirect jumps or calls, Retbleed exploits return instructions. This allows it to bypass some of the software defenses that were put in place to prevent previous attacks of this nature, such as the retpoline mitigation.

Description of how Hertzbleed works

Hertzbleed specifically involves monitoring the average power consumption of Intel processors to attack the system. It uses dynamic voltage and frequency scaling (DVFS), a technique that adjusts the frequency and voltage of the CPU to optimize performance, to extract information. Hertzbleed is able to exploit the variations in power consumption and CPU frequency that occur when different sets of data are processed. It can also use time-constant programming, which is important in the implementation of encryption algorithms, to further extract sensitive information. Hertzbleed can potentially be used to compromise the security of systems using Intel processors.

Overview in one condensed table

Meltdown (variant #3) Spectre (variants #1 & #2) Foreshadow ZombieLoad (MDS)
Affected companies Intel, ARM, IBM, VIA AMD, Intel, ARM, IBM, VIA Intel Intel
Made public January 2018 January 2018 August 2018 May 2019
How it works Hardware based exploit;
requires local execution
of malicious code
Hardware based exploit;
requires local execution
of malicious code.
Netspectre is an offshot
which does NOT.
Hardware based exploit;
requires local execution
of malicious code
Hardware based exploit;
requires local execution
of malicious code
Applied techniques Intel privilege escalation,
speculative execution
Branch prediction / branch
target injection (variant 2),
speculative execution
(both variants)
Lazy FP state restore:
*speculative execution side channel
L1 Terminal Fault - SGX:
*side-channel analysis
L1 Terminal Fault - OS Kernel, SMM:
*terminal page fault
*side-channel analysis
L1 Terminal Fault - Virtual Machines
*terminal page fault
*side-channel analysis
MSBDS, MLPDS, MFBDS and MDSUM:
*side channel with local access
Consequences Kernel memory accesible
from user space
Memory and content of other
users and programmes becomes
accessible
Lazy FP state restore:
*Allow a local process to infer data from
another process
L1 Terminal Fault - SGX:
*May allow unauthorized disclosure of
information residing in the L1 data cache from
an enclave to an attacker with local
user access
L1 Terminal Fault - OS Kernel, SMM:
*May allow unauthorized disclosure of
information residing in the L1 data cache
to an attacker with local
user access
L1 Terminal Fault - Virtual Machines
*May allow unauthorized disclosure of
information residing in the L1 data cache
to an attacker with local
user access with guest OS privilege
MSBDS, MLPDS, MFBDS and MDSUM:
*May allow an authenticated user to
potentially enable information disclosure
Number of affected systems 1868 2816 none known so far (2018) none known so far (2019)

References

  • Schwarz, Michael and Lipp, Moritz and Schwarzl, Martin and Gruss, Daniel: NetSpectre: Read Arbitrary Memory over Network, 2018. Accessed online at https://mlq.me/download/netspectre.pdf, last access on 06.01.2023.
  • Lipp, Moritz and Schwarz, Michael and Gruss, Daniel and Haas, Werner and Horn, Jann and Mangard, Stefan and Kocher, Paul and Fogh, Andreas and Genkin, Daniel and Yarom, Yuval and et al.: Meltdown: Reading Kernel Memory from User Space, 2018. Accessed online at https://meltdownattack.com/meltdown.pdf, last access on 06.01.2023.
  • Kocher, Paul and Horn, Jann and Fogh, Andreas and Genkin, Daniel and Gruss, Daniel and Haas, Werner and Hamburg, Mike and Lipp, Moritz, and Mangard, Stefan and Prescher, Thomas and Schwarz, Michael and Yarom, Yuval: Spectre Attacks: Exploiting Speculative Execution, 2018. Accessed online at https://spectreattack.com/spectre.pdf, last access on 06.01.2023.
  • WikiChip: CVE-2017-5753 (Spectre, Variant 1) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5753, last access on 06.01.2023.
  • WikiChip: CVE-2017-5715 (Spectre, Variant 2) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5715, last access on 06.01.2023.
  • WikiChip: CVE-2017-5754 (Meltdown, Variant 3) - CVE, 2019. Accessed online at https://en.wikichip.org/wiki/cve/cve-2017-5754, last access on 06.01.2023.
  • Windeck, Christoph: "Platypus": Sicherheitslücke missbraucht Messfunktion von Intel-Prozessoren, 2020. Accessed online at https://www.heise.de/news/Platypus-Sicherheitsluecke-missbraucht-Messfunktion-von-Intel-Prozessoren-4953484.html, last access on 06.01.2023.
  • Schwarz, Michael and Lipp, Moritz and Moghimi, Daniel and Van Bulck, Jo and Stecklina, Julian and Prescher, Thomas and Gruss, Daniel: ZombieLoad: Cross-Privilege-Boundary Data Sampling, 2019. Accessed online at https://zombieloadattack.com/zombieload.pdf, last access on 06.01.2023.
  • Van Bulck, Jo and Minkin, Marina and Weisse, Ofir and Genkin, Daniel and Kasikci, Baris and Piessens, Frank and Silberstein, Mark and Wenisch, Thomas F. and Yarom, Yuval and Strackx, Raoul: Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom with Transient Out-of-Order Execution, 2018. Accessed online at https://foreshadowattack.eu/#paper, last access on 06.01.2023.
  • Johannes Wikner, Kaveh Razavi: RETBLEED: Arbitrary Speculative Code Execution with Return Instructions. Accessed online at https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf, last access 06.01.2023.
  • Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher and David Kohlbrenner: Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. Accessed online at https://www.hertzbleed.com/hertzbleed.pdf, last access on 06.01.2023