Bitdefender Researchers Discover New Side-Channel Attack

0

  • This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
  • Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
  • Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
  • Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not enough to completely remove the new vulnerability

A Brief History Leading to LVI-LFB

In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs – MFBDS, load ports – MLPDS or store buffers – MSBDS).

This new, LVI-LFB method allows an attacker to inject rogue values in certain microarchitectural structures which are then used by the victim, which can lead to revealing secret, protected data across levels of privilege.

Impact

This new attack may be particularly devasting in multi-tenant and multi-workload environments which run on hardware shared between groups of workloads within an organization, or between organizations, such as public- and private-clouds. This is because, as the PoC shows, there is the potential for a lesser-privileged process under attacker control to speculatively hijack control flow in a higher-privileged process.

The most straightforward risk is the theft of secret data which should otherwise be kept private by security boundaries at the hardware, hypervisor, and operating system levels. This information can include anything from encryption keys, to passwords, or other information which an attacker could exfiltrate, or use to gain further control of a targeted system.

Mitigation

Mitigation strategies for hardware-based, side-channel attacks fall under several categories, each with a degree of operational impact on organisations.

  1. These are fixes included directly within hardware and apply to only generations of CPUs which were built after the architectural flaws were identified.
  2. These are patch implementations which function entirely within software. Kernel Page Table Isolation (KPTI) is an example of a fix that protects the kernel memory in an isolated virtual address space, thus rendering several speculative side-channel attacks, such as Meltdown, ineffective. However, to be effective against app-to-app LVI-LFB, a new type of KPTI – horizontal KPTI – is needed. Alternatively, the operating system must also flush the MDS buffers (LFBs in particular) when transitioning from a less privileged mode into a more privileged mode, to avoid microcode assisted memory accesses from executing speculatively with attacker-controlled data
  3. Microcode. These mitigations require cooperation between hardware and software. The hardware vendor supplies a microcode patch to expose new functionality (for example, the Spectre, L1TF or MDS mitigations) which are then used by the hypervisor or the operating system vendor(s) to mitigate the vulnerabilities.
  4. Disabling features. Disabling hyperthreading is a good idea on systems where security is critical, as would serializing all critical load operations using the lfence Other mitigations could involve modifications to the compilers, in order to generate code that is not vulnerable to such type of attacks.

Conclusion

This is a new attack which takes advantage of performance-centric functionality of modern Intel CPUs. LVI-LFB further breaks-down barriers between trust levels by demonstrating another methodology of attack in this highly advanced field of research.

To read more about recent Bitdefender advanced research in this realm, check-out the SWAPGS Attack.

Credits

The Bitdefender advanced research team would like to credit the researchers who first reported this issue to Intel in April 2019, and also thank them for their cooperation and collaboration leading-up to (and beyond) the public disclosure of this issue. The academic researchers are:

Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, and Frank Piessens

These researchers have created a dedicated website and detailed academic paper, which are available as follows:

https://lviattack.eu/ (a detailed description of the issue)

https://lviattack.eu/lvi.pdf (an academic whitepaper)

Intel’s statement:

Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface. We thank the researchers who worked with us, and our industry partners for their contributions on the coordinated disclosure of this issue.

Specific to SGX:

To mitigate the potential exploits of Load Value Injection (LVI) on platforms and applications utilizing Intel SGX, Intel is releasing updates to the SGX Platform Software and SDK starting today. The Intel SGX SDK includes guidance on how to mitigate LVI for Intel SGX application developers. Intel has likewise worked with our industry partners to make application compiler options available and will conduct an SGX TCB Recovery. Refer to the Intel SGX Attestation Technical Details for more information.

Software guidance: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection

Share.