Following rumors of the existence of new Spectre-like vulnerabilities, Microsoft and Google are jointly disclosing a new out-of-order execution vulnerability. Speculative Store Bypass (SSB) relies on the memory loading behavior common to Intel and AMD CPUs, IBM’s POWER8 and POWER9 CPUs, as well as System Z and certain ARM processors.
Jann Horn, a Google Project Zero security researcher, reported the vulnerability on February 6th. According Horn’s post:
Intel’s Optimization Manual says in section 126.96.36.199 («Memory Disambiguation»):
A load instruction micro-op may depend on a preceding store. Many microarchitectures block loads until all preceding store address are known.The memory disambiguator predicts which loads will not depend on any previous stores. When the disambiguator predicts that a load does not have such a dependency, the load takes its data from the L1 data cache.Eventually, the prediction is verified. If an actual conflict is detected, the load and all succeeding instructions are re-executed.
Horn was able to cause speculative execution to extend in a way that allowed for a «Spectre-style gadget on a pointer read from a memory slot to which a store has been speculatively ignored,» according to his report.
In simplified terms, the attack relies on a side-channel inspection of speculative reads of memory made before the addresses of memory writes are known. It can potentially be exploited by scripts in a program to gain information about data stored elsewhere in a program. As posed by Horn, it would allow attackers running a script in one browser tab to read data from another tab.
This vulnerability, classified as CVE-2018-3639, is also referred to as «variant 4,» which accompanies a bounds check bypass (CVE-2017-5753, variant 1), branch target injections (CVE-2017-5715, variant 2), and Meltdown, a rogue data cache load (CVE-2017-5754, variant 3).
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
Another vulnerability, Rogue System Register Read (RSRR; CVE-2018-3540, variant 3a) can affect CPUs, allowing ordinary programs to view status flags that should only be visible to device drivers or kernels.
Fortunately, awareness of the danger of side-channel exploits of speculative execution makes it substantially more difficult for malicious actors to leverage these vulnerabilities in attacks. As noted in Intel’s security advisory, «Most leading browser providers have recently deployed mitigations in their Managed Runtimes — mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.»
Intel has released Beta microcode updates to operating system vendors and OEMs that address both the SSB and RSRR vulnerabilities. Guidance has also been published by AMD and ARM on how to address the issue at a hardware level, while VMware and Xen have both issued guidance for hypervisor protection. Microsoft indicates that no specific patching is needed for Windows, as the issue is addressed at a hardware microcode level.
In contrast, Red Hat indicated that «system administrators must apply both hardware ‘microcode’ updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers, but at a future time Red Hat will release the tested and signed updates as we receive them.»
The big takeaways for tech leaders:
- The Speculative Store Bypass (SSB) attack relies on the memory loading behavior of CPUs, and it can be exploited in browsers to read information from other tabs.
- Rogue System Register Read (RSRR) can be exploited to allow ordinary programs to view status flags that should only be visible to device drivers or kernels.