KAISER: a new-old vulnerability in Intel (and maybe also and AMD) [file #1]

BlueBorne (the Blootooth), KRACK (Wi-Fi) and now KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed or Kernel Page Table Isolation) makes itself again know, after July 2017 year revealed a vulnerability that allows you to code execution, bypassing ASLR through KASIER-vulnerability of identifying vulnerabilities in x 86-64 processors from Intel. In extreme cases, someone finally will exploit in JavaScript, that runs the unsafe code when you visit a malicious website, causing read user code at ring-0. Intel processors that have been produced in the last decade are the most exposed. About AMD little is known, but the engineer Tom Lendacky denies that AMD processors were vulnerable.

Unfortunately, eliminating the risk of remote code execution, or by installing the update, both the Intel on Linux and Windows will become slower. The Register, which first reported the vulnerability, estimates that performance degradation can be from 5% to 30%, with processors having function of PCID (Process-Context Identifiers) should at least experience a decrease in performance. What does not change the fact, however, feel.

Unfortunately, Intel does not provide any details. The media are written by a "collusion of silence", and "embargo" on the news. If we were to take into account the conspiracy theories, it's obviously the oldest processors will get the most in the bone. Their owners will be forced to buy a new CPU — and often — a new motherboard, RAM, or even the power supply. That is, to put it bluntly, the whole unit.

Security updates for Linux are already available and probably slowly appear in the official repositories for distribution with the latest. Windows will get updates ASAP (as soon as possible). Virtual systems can be just as susceptible to the vulnerability and execute code with elevated privileges. Although not all — but this is conditional on the hypervisor.

The vulnerability that allows you read kernel memory with user level applies not only to desktop processors, but also commercial, used in computing clouds and ARM processors.

[Updated #1 04.01.2018]

An embargo on information has been broken. Experts from the Google Project Zero have published the technical details, from which we learn that the vulnerable are both Intel and AMD, as well as the ARM. Of course, all models of processors, there is no way to test it.

  • Vulnerability CVE-2017-5715 could allow an authenticated attacker to read data from the cache at a rate of 1500 bytes per second.
  • Vulnerability CVE-2017-5753 gives an attacker the opportunity to avoid isolated areas of memory for different applications, allowing you to more easily develop an exploit.
  • Vulnerability CVE-2017-5754 allows you to read the system areas that are used by user applications.

All vulnerabilities with positive results has been tested on:

  • Intel Xeon CPU E5-1650 v3 @ 3.50 GHz
  • AMD FX (tm) 8320 Eight-Core Processor
  • AMD PRO A8-9600 R7 10 COMPUTE CORES 4 c + 6 g
  • Arm Cortex A57

Meltdown and Spectre

As befits a serious security errors, Intel and AMD have their image counterparts "Meltdown & Spectre". And so:

  • Meltdown (KAISER) allows you to read the contents of the system memory (CVE-2017-5754) with Intel manufactured after 1995 year, except for the Intel Itanium and Intel Atom on Windows, Linux and MacOS. By the end of it is not known whether KAISER applies to AMD and others. But ...
  • ... Spectre (CVE-2017-5753 and CVE-2017-5715) allows you to read process memory by the malicious process. And here the vulnerable are Intel, AMD, and ARM, and so: PCs, servers, smartphones, IoT, laptops, tablets, Netflix and others.

Google is not waiting until 23 January (release date of the new version of Chrome) has published a brief statement include isolating memory each open tab. If you do not want to wait for a new version, now you can turn on a flag, by pasting this link: "chrome://flags/#enable-site-per-process".

"If my processor is?"

This question, which can spend awake many a reader. If you have a processor manufactured after 1995 year, then you can assume that in the dark. Security updates, we recommend that you deploy as soon as possible:

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.