Intel Math Unit (FPU) leaks ‘crypto-‘ daten (CVE-2018-3665)

[German]A design flaw in the math unit (FPU) of various Intel CPUs can leak crypto data to applications. Kernel developers of Windows, Linux and Co. has provided kernel patches (partially).


Advertising


The Spectre and Meltdown vulnerabilities in Intel CPUs offered us a first look into an abyss. But there are more bugs in Intel’s CPUs that are gradually becoming known. 

The next bug from securlists.org

A new report reveals that an Intel chip error in the processing unit (FPU) of modern Intel CPUs means that cryptographic information is not secure, but can be determined by applications. The report was posted on seclists.org a few hours ago.

An attacker can read x87/MMX/SSE/AVX/AVX-512 register state belonging to another vCPU previously scheduled on the same processor. This can be state belonging a different guest, or state belonging to a different thread inside the same guest. Furthermore, similar changes are expected for OS kernels. Consult your operating system provider for more information.

redhat has published this article yesterday – and other Linux vendors has also articles sind a few hours. The Register reported here about the new incident. A vulnerability in Intel Core and Xeon processors can potentially be exploited to retrieve sensitive data from the FPU processing units of the chips. Malware or attackers may attempt to use this design flaw to steal the input and results of calculations performed by other software. 

Mainboard
(Quelle: Pexels Fancycrave CC0 License)

Problem with cryptography

This may be an issue within cryptography calculations. The CPUs store values in FPU registers. Reading theses values could possibly be used to identify parts of cryptographic keys that are used to back up data in the system. For example, Intel’s AES encryption and decryption instructions use FPU registers to store keys. Or in short, the vulnerability could be used to extract or guess secret encryption keys in other programs.


Advertising

Not that bad at all – fixes available or in progress

The good news: Modern versions of Linux – from kernel version 4.9, released 2016 and later – and modern Windows versions, including Windows Server 2016, as well as the latest versions of OpenBSD and DragonflyBSD are not affected by this bug (CVE-2018-3665).

Windows Server 2008 is an operating system that needs to be patched. According to The Register, fixes for affected Microsoft and non-Microsoft kernels are on the way. The Linux kernel team is currently porting fixes with mitigations back to kernels prior to version 4.9..

So we can expect further patches for the Intel-based computers to be rolled out (hopefully soon). However, the scope of CVE-2018-3665) must also be considered. To exploit the vulnerability in the FPU (floating point unit), the attacking malware must already be running on the system. And the ‘guessing’ of sensitive information is probably difficult and must be done in many steps. The whole thing sails in the category of other complex, speculative execution-related processor design errors. These are fascinating for the external observer, but a nuisance for some kernel programmers. And for the administrators of the systems simply annoying – when I look at the whole topic of microcode updates against Spectre & Co.


Advertising


This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *