Re: [Test-Announce] Call for testing: updates to address today's CPU/kernel vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2018-01-03 at 17:48 -0800, Adam Williamson wrote:
> 
> This is certainly not correct. Both the Google researchers and Red
> Hat's security team have stated that many other CPUs and CPU families
> are affected. ARM has already released a statement acknowledging that
> several of their CPUs, including ones very widely used in smartphones
> etc., are affected.
> 
> The initial reporting that only Intel CPUs were affected was entirely
> wrong.

Just to reinforce this, Google's researcher's report:

"A PoC that demonstrates the basic principles behind variant 1 in
userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD
PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability
to read data inside mis-speculated execution within the same process,
without crossing any privilege boundaries.

...

A PoC for variant 1 that, when running with normal user privileges
under a modern Linux kernel with a distro-standard config, can perform
arbitrary reads in a 4GiB range [3] in kernel virtual memory on the
Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default 
configuration), it also works on the AMD PRO CPU."

- https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html

ARM's disclosure is here:

https://developer.arm.com/support/security-update

Note that the affected families are most of the ones you're
actually likely to care about: the assertion that "The majority of Arm
processors are not impacted" is severely misleading, as "the majority
of Arm processors" aren't used in applications which would really be
subject to attack in this manner. The affected processor families
include, by my reading, virtually all ARM processor families used in
modern smartphones, tablets and so on (the Cortex-A* families).

Red Hat's response is here:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

and is the first relatively authoritative source to state that System Z
(s390) and POWER8 / POWER9 (ppc64) are affected, but this is certainly
an accurate statement.

By my reading, the basic problematic behaviour here is something
virtually all modern CPUs do. Researchers have so far got furthest
along in developing practical exploits against Intel CPUs, but it seems
extremely unlikely to me that this means AMD CPUs are somehow immune to
the problem just because researchers haven't yet managed to get an
exploit that crosses a process boundary working on AMD *yet*. Indeed,
Google's research demonstrates they certainly *aren't* immune to the
basic problem.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux