Researchers from Romanian security firm BitDefender have uncovered a troubling security vulnerability in Intel processors that could allow an attacker to access privileged kernel-mode information typically considered “off limits” for most applications.
An exploit for the vulnerability, which is called microarchitectural data sampling (MDS), has been proven to work on Intel’s Ivy Bridge, Haswell, Skylake, and Kaby Lake processors.
This is the most recent CPU-level vulnerability discovered in Intel’s silicon. In 2018, researchers announced the discovery of two bugs, Spectre and Meltdown, which exploited vulnerabilities in modern speculative execution features in order to access parts of the memory. Both of those issues were resolved – or, perhaps more accurately, mitigated – with software tweaks and microcode patches.
BitDefender says this recently-discovered issue can be resolved — at least, partially — with microcode patches. The company also says that protections can be added at the hypervisor level, and is working with Intel and other partners to accomplish that.
That’s where the good news ends, as BitDefender notes that a general fix is “impossible,” as the issue derives from a hardware design flaw. To conclusively protect against this attack, customers would have to replace their Intel silicon with a redesigned chip.
Lord of the Rings
First, a bit of background. Most modern CPUs segment permissions in so-called “rings.” On Intel CPUs there are four rings, with the higher-numbered rings having least amount of access to the underlying system.
Ring 0 is called “kernel mode.” This offers the most access to the underlying hardware, including the memory stored in the CPU’s register, and can directly execute CPU instructions. This is primarily used by the operating system’s most fundamental, low-level functions. For stability and security reasons, access to kernel mode is carefully restricted.
On the other hand, Ring 3 is commonly referred to “user mode,” and has hardly any access to the computer hardware, instead having to delegate to other rings. Everything you use, from Microsoft Word to Google Chrome, sits on this layer. In order to interact with the computer’s hardware, user mode applications must go through several intermediaries.
This isn’t an abstract concept. It’s a security system that’s the product of careful thought from highly skilled electrical engineers and computer scientists. It is directly implemented on the chipset level.
(As an aside, the most accessible explanation of this system comes from Jeff Atwood, who wrote about the ring system for his Coding Horror blog. I highly recommend you check it out. He does the topic justice in a way that I cannot.)
The ring system also makes it possible for multi-tenant computing to exist. I can rent a VPS or Heroku slice, and know that, unless something goes catastrophically wrong, applications don’t have access to the underlying system. That’s crucial, especially if my site will process credit card transactions, or hold customer data.
An attacker could leverage this vulnerability in order to launch attacks against customers of a shared hosting provider, performing actions that would typically require deep system-level privileges. And that’s absolutely petrifying when you consider the direction the hosting industry has taken over the past decade.
For reasons ranging from cost to scalability, business customers have moved from using dedicated servers, and now have an unquenchable appetite for cloud-based hosting. This ranges from Amazon’s Elastic Compute Cloud (EC2) to container-based and serverless platforms (like Heroku and AWS Lambda respectably).
Therefore, any vulnerability that undermines the cloud computing industry could throw the digital economy into chaos.
For a deeper-dive into the problem, you can read BitDefender’s technical white paper here, which explains the problem in more granular detail, and discusses the methodology and scope used to discover the vulnerability.
Obviously though, this is bad news, not least for Intel, but for the entire digital sector at large, which is driven by a thirst for cheap and scalable computing power. It’ll be interesting to see how the big players in this space, namely Google, SalesForce (which owns Heroku), Microsoft, and Amazon mitigate and protect their customers.
Furthermore, it’ll be interesting to see if, like after Spectre, if there’s a performance impact to any patches or mitigations.
TNW reached out to Intel for comment. A representative, speaking over email, directed us to the company’s advisories and documentation for the issue. The company has also offered specific guidance to software developers, which you can read here and here. Intel also shared the following statement:
Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers who worked with us and our industry partners for their contributions to the coordinated disclosure of these issues.
In addition, we’ve contacted four of the largest cloud players — Google, Amazon Web Services, Microsoft and Heroku — for their take on the situation.
Google pointed us to its security bulletin, which lists affected services, along with best steps for consumers. Furthermore, Amazon Web Services has issued a statement highlighting the course of action the company has took to protect its customers. You can read this below.
Intel has published a security advisory (INTEL-SA-00233) regarding new information disclosure methods “Microarchitectural Data Sampling” (MDS) related to their processors. In parallel, the Xen security team have released Xen Security Advisory 297.
AWS has designed and implemented its infrastructure with protections against these types of bugs, and has also deployed additional protections for MDS. All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.
Updated kernels and microcode packages for Amazon Linux AMI 2018.03 and Amazon Linux 2 are available in the respective repositories (ALAS-2019-1205). As a general security best practice, we recommend that customers patch their operating systems or software as relevant patches become available to address emerging issues.
Microsoft has issued an advisory, and is in the process of releasing software updates for its Azure platform, and will install Intel microcode patches as soon as they become available. Speaking to TNW, a Microsoft spokesperson said:
We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers. We are working to deploy mitigations to cloud services and release security updates to protect customers against vulnerabilities affecting supported hardware chips.
Should we hear back from Heroku, we’ll update this post.
Update 18:15 – added links to Amazon and Google’s security bulletins.
Update 19:13 – Added Amazon statement.
Update 20:12 – Added comment from Microsoft
UPDATE: 20:23 – Added links to Intel documentation, as well as a company statement.