TID-103: Microarchitectural Side Channels
Threat Description
Operating system memory safety models rely on processor hardware to enforce separation between different virtual memory spaces. Failures of processor architectures to properly deliver these security guarantees can lead to sensitive information being disclosed across the boundaries between different kernel and process memory spaces. The performance optimization features in modern processors have been shown to be a source of such data leakage vulnerabilities.
Data leakage through timing-based side channels introduced by the behavior of processor features such as memory caches have long been known to be effective against cryptographic implementations. The Spectre and Meltdown vulnerabilities announced in 2018 brought attention to weaknesses in certain microarchitectural performance features that could be manipulated in conjunction with memory cache timing techniques to leak data across OS virtual memory bounds. Spectre / Meltdown, and subsequent research work, demonstrated that speculative execution features (e.g., branch prediction, speculative memory loads/stores, out-of-order execution, etc.) could lead to memory locations being read into the CPU’s cache in violation of virtual memory permissions. Malicious code could then utilize a subsequent cache timing side channel attack to extract the data stored in those memory locations.
Since the initial Spectre and Meltdown disclosure, researchers have explored timing-based side channels resulting from other CPU performance and power saving features, such as the Hertzbleed work that targets dynamic frequency scaling.
Consideration: This class of attack requires a threat actor to have the ability to execute arbitrary code on the target device to both create the conditions for the data leakage and subsequently extract data. However, it has been shown that access to even scripting and sandboxed environments (e.g., a Javascript engine) can be sufficient.
Threat Maturity and Evidence
Known Exploitable Weakness
- Spectre and Meltdown Cache Timing
Cache Timing was used to create micro-architecture side-channels in devices to read whether data was in the cache or not for the Spectre/Meltdown based-attacks. Through this side-channel data leak, it would be possible to dump entire sections of program memory in the case of Spectre/Meltdown, and kernel memory in the case of Meltdown. Both Spectre and, to a lesser extent, Meltdown have been observed in the wild by antivirus vendors.
Proof of Concept
- Hertzbleed
Researchers showed that dynamic frequency scaling features found in many modern processors can be susceptible to input-dependent differences in execution time
CWE
CWE-1037: Processor Optimization Removal or Modification of Security-critical Code
“The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.”CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels
“The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.”
CVE
CVE-2017-5754 (Meltdown)
“Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.”CVE-2017-5753 (Spectre)
“Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”CVE-2018-3640 (Spectre variant 3a)
“Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.”CVE-2018-3639 (Spectre variant 4)
“Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.”CVE-2018-3693
“Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.”CVE-2018-3615 (Spectre variant 5)
“Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.”CVE-2022-23823, CVE-2022-24436, CVE-2022-35888 (Hertzbleed)
“A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.”
“Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.”
“Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.”