perm_phone_msgUNDER ATTACK? S.O.S. LINE 0114 354 0054

Top Categories

Spotlight

today25/11/2020

Cyber security TechRepublic

Top 5 business sectors targeted by ransomware

Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware. You may have heard me mention ransomware before. You know, the malware that locks up your systems and asks you to pay money in [...]

Top Voted
Sorry, there is nothing for the moment.

IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips

Cyber security The Register today20/11/2020

Background
share close

IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability. The security shortcoming could allow a local user to access privileged information.

On Thursday IBM published a security advisory that explains, “IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.”

The vulnerability has a base score of 5.1 on the Common Vulnerability Scoring System (CVSS).

Speculative execution is a technique to improve processing speed by which processors anticipate future instructions and execute them in advance, keeping the results if the guess is correct and throwing them out if not.

The problem with this approach, as demonstrated by the Spectre and Meltdown flaws disclosed in 2018, is that these transient calculations can be spied upon through side channels, possibly providing a way to bypass memory and confidentiality protections.

Since the Spectre and Meltdown disclosures, security researchers have revealed similar techniques for compromising sensitive data data through side channel attacks. Though the Power9 flaw is not as serious as its predecessors, it adds yet another example of the challenges chip designers face when trying to create processors that are both fast and secure.

In a post to security mailing list, Linux kernel contributor Daniel Axtens said while hardware and software security mechanisms for Power9 systems prevent an attacker from directly accessing protected memory, these built-in protections fail to deal with an scenario in which an attacker induces the operating system to speculatively execute instructions using data the attacker controls.

“This can be used for example to speculatively bypass ‘kernel user access prevention’ techniques, as discovered by Anthony Steinhauser of Google’s Safeside Project,” explained Axtens.

“This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack.”

The CVE designation for the flaw, CVE-2020-4788, has been dubbed Cardiac Osprey by the Vulnonym bot.

There’s a fix, available in Linux patches and from IBM: Flushing the L1 cache across privilege boundaries – between kernel access and user access.

The only problem is that this affects performance. Benchmarks for the impact of the cache flushing patch have yet to be published.

Even as issues like this get addressed, there are more waiting to be explored and exploited. Not only has there been a steady stream of techniques to attack CPUs through structures like branch predictors, caches, and random number generators, among others, but boffins believe System-on-Chip (SoC) cross-component attacks could yield new attack paths.

In a working paper [PDF] published via ArXiv on Thursday, computer scientists at University of California at Riverside, Binghamton University, and Pacific Northwest National Laboratory outline how an integrated GPU can be used to attack an associated CPU, or vice versa. ®

See the original article here: The Register

Written by: The Register

Rate it
Previous post

Similar posts