From WikiChip
Difference between revisions of "cve/cve-2017-5754"
< cve

m (Affected Processors)
 
(13 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{cve title|CVE-2017-5754 (Meltdown, Variant 3)}}
 
{{cve title|CVE-2017-5754 (Meltdown, Variant 3)}}
'''CVE-2017-5754''' ('''Meltdown''', '''Variant 3''', '''Rogue Data Cache Load''') is a [[microprocessor]] vulnerability that allows an attacker to overcome all memory isolation mechanisms offered by the microprocessor by causing it to [[speculatively execute]] code [[out-of-order]] that loads inaccessible information which end up changing the cache state of the [[microarchitecture]], thereby leaking information through [[side-channel analysis|side-channel timing analysis]].
+
[[File:meltdown-text.svg|125px|right]]
 +
'''[[cve id::CVE-2017-5754]]''' ('''Meltdown''', '''Variant 3''', '''Rogue Data Cache Load''') is a [[microprocessor]] vulnerability that allows an attacker to overcome all memory isolation mechanisms offered by the microprocessor by causing it to [[speculatively execute]] code [[out-of-order]] that loads inaccessible information which end up changing the cache state of the [[microarchitecture]], thereby leaking information through [[side-channel analysis|side-channel timing analysis]].
  
 
== Overview ==
 
== Overview ==
Line 11: Line 12:
 
</source>
 
</source>
  
When executed, this line will likely cause a [[segmentation fault]] due an access restriction violation. Meltdown demonstrated that while the fault is being handled by the operating system (in an elevated supervisor mode), the microprocessor can continue to execute subsequent code [[out-of-order]] under [[speculative execution|the assumption]] that this is the right path. More-so, Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to. A carefully crafted piece of code by an attacker can be used in a way similar to {{cve|cve-2017-5753|Spectre Variant 1}} to leak any kernel space memory.
+
When executed, this line will likely cause a [[segmentation fault]] due an access restriction violation. However, the microprocessor can continue to execute subsequent code [[out-of-order]] while memory reference is being resolved (including TLB lookup and page table walk, if necessary) - processor does not wait for it to complete. In Meltdown-affected processors, the speculative execution happens even if data reference points to an existing, but privileged memory area - the "val" is speculatively available to subsequent speculative instructions.
  
 
== Example ==
 
== Example ==
Line 23: Line 24:
 
</source>
 
</source>
  
Consider what happens when operation 2 is executed. The microprocessor will realize that this is an [[access violation]] and the exception will result in a [[context switch]] to the operating system in order to handle the fault. When this happens, the microprocessor will also [[speculative execution|speculatively]] start to execute operation 3 out of order. Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to.
+
Consider what happens when operation 2 is executed. The microprocessor performs the load. If address 0xAAAAA points to OS kernel data, access will not be allowed - but this can only be known after page tables are examined. While this happens, the microprocessor will [[speculative execution|speculatively]] execute op 3 while memory load in op 2 did not reach the retire stage. When op 2 is retired, exception is raised and speculative execution results are dropped.
  
Since <code>probeTable</code> is uncached, the code that executed cause a [[cache miss]], resulting the microprocessor going and grabbing the value from [[main memory]]. Meanwhile, the operating system will likely kill the process the for the invalid memory access.
+
However, if <code>probeTable</code> was uncached, the code in op 3 caused a [[cache miss]], resulting the microprocessor going and grabbing the value from [[main memory]]. By measuring time to read each probeTable[i] element, we can determine which element is cached now. From this, we can infer the value of "val".
  
Although the code has been terminated and the architectural state of the machine has been restored, the state of the microarchitecture has changed. If an attacker is running a second process (e.g., a parent process), then <code>probeTable[]</code> can be used in conjunction with a [[side-channel analysis]] timing attack, to determine the value of <code>byte</code> in <code>probeTable[byte]</code>. Since <code>probeTable</code> was initially uncached, the only element in <code>probeTable</code> that is [[cached]] is the secrete byte stored in <code>*(char *)0xAAAAA</code>.
+
This method can then be used repeatedly to read a larger part of memory.
  
This method can then be used repeatedly to read a larger part of memory.
+
== Affected Processors ==
 +
Below is a list of known affected processors, alphabetized. This is '''NOT''' en exhaustive list but rather the ones we were able to verify.
 +
 
 +
{| class="wikitable"
 +
|-
 +
! colspan="3" | List of Processors affected by Meltdown
 +
|-
 +
! Designer !! Processor/Architecture !! Related Notes
 +
|-
 +
| rowspan="6" | [[Apple]] || {{apple|Swift|l=arch}} ({{apple|A6}}/{{apple|A6X}}) || rowspan="6" | [https://support.apple.com/en-us/HT201222 Post]<br>[https://support.apple.com/en-us/HT208331 Post]
 +
|-
 +
| {{apple|Cyclone|l=arch}} ({{apple|A7}})
 +
|-
 +
| {{apple|Typhoon|l=arch}} ({{apple|A8}}/{{apple|A8X}})
 +
|-
 +
| {{apple|Twister|l=arch}} ({{apple|A9}}/{{apple|A9X}})
 +
|-
 +
| {{apple|Hurricane|l=arch}} ({{apple|A10}}/{{apple|A10X}})
 +
|-
 +
| {{apple|Monsoon|l=arch}} ({{apple|A11}}/{{apple|A11X}})
 +
|-
 +
| rowspan="4" | [[ARM Holdings|ARM]] || {{armh|Cortex-A15|l=arch}} || rowspan="4" | [https://developer.arm.com/support/security-update Post]
 +
|-
 +
| {{armh|Cortex-A57|l=arch}}
 +
|-
 +
| {{armh|Cortex-A72|l=arch}}
 +
|-
 +
| {{armh|Cortex-A75|l=arch}}
 +
|-
 +
| rowspan="9" | [[Intel]] || {{intel|Nehalem|l=arch}} || rowspan="2" |
 +
|-
 +
| {{intel|Westmere|l=arch}}
 +
|-
 +
|{{intel|Sandy Bridge|l=arch}} || rowspan="7" | [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr Post]
 +
|-
 +
| {{intel|Ivy Bridge|l=arch}}
 +
|-
 +
| {{intel|Haswell|l=arch}}
 +
|-
 +
| {{intel|Broadwell|l=arch}}
 +
|-
 +
| {{intel|Skylake|l=arch}}
 +
|-
 +
| {{intel|Kaby Lake|l=arch}}
 +
|-
 +
| {{intel|Coffee Lake|l=arch}}
 +
|}
 +
{{expand list}}
 +
 
 +
== Proof-of-Concept ==
 +
* Meltdown Proof-of-Concept - https://github.com/IAIK/meltdown
  
 
== See also ==
 
== See also ==
Line 37: Line 88:
 
== References ==
 
== References ==
 
* Lipp, Moritz, et al. "[https://arxiv.org/abs/1801.01207 Meltdown]." arXiv preprint arXiv:1801.01207 (2018).
 
* Lipp, Moritz, et al. "[https://arxiv.org/abs/1801.01207 Meltdown]." arXiv preprint arXiv:1801.01207 (2018).
 +
* "CVE-2017-5754", https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
 +
 +
== Documents ==
 +
* [[:File:intel-ref-336983-001.pdf|White Paper: Intel Analysis of Speculative Execution Side Channels]]
  
 
[[category:cve]]
 
[[category:cve]]

Latest revision as of 21:16, 8 October 2018

meltdown-text.svg

CVE-2017-5754 (Meltdown, Variant 3, Rogue Data Cache Load) is a microprocessor vulnerability that allows an attacker to overcome all memory isolation mechanisms offered by the microprocessor by causing it to speculatively execute code out-of-order that loads inaccessible information which end up changing the cache state of the microarchitecture, thereby leaking information through side-channel timing analysis.

Overview[edit]

Rogue Data Cache Load leverages the speculative execution out-of-order behavior of the microprocessor in order to cause some code to expose more information than intended. Specifically, Meltdown breaks the basic memory isolation assumptions that's used by the operating system to manage the virtual memory of each process.

Consider the following code.

char val = *(char *)0xAAAAA;

When executed, this line will likely cause a segmentation fault due an access restriction violation. However, the microprocessor can continue to execute subsequent code out-of-order while memory reference is being resolved (including TLB lookup and page table walk, if necessary) - processor does not wait for it to complete. In Meltdown-affected processors, the speculative execution happens even if data reference points to an existing, but privileged memory area - the "val" is speculatively available to subsequent speculative instructions.

Example[edit]

Consider the following (simplified) code.

char probeTable[256] = {0};  /* op 1 */
/* ... */
char val = *(char *)0xAAAAA; /* op 2 */
char temp = probeTable[val]; /* op 3 */

Consider what happens when operation 2 is executed. The microprocessor performs the load. If address 0xAAAAA points to OS kernel data, access will not be allowed - but this can only be known after page tables are examined. While this happens, the microprocessor will speculatively execute op 3 while memory load in op 2 did not reach the retire stage. When op 2 is retired, exception is raised and speculative execution results are dropped.

However, if probeTable was uncached, the code in op 3 caused a cache miss, resulting the microprocessor going and grabbing the value from main memory. By measuring time to read each probeTable[i] element, we can determine which element is cached now. From this, we can infer the value of "val".

This method can then be used repeatedly to read a larger part of memory.

Affected Processors[edit]

Below is a list of known affected processors, alphabetized. This is NOT en exhaustive list but rather the ones we were able to verify.

List of Processors affected by Meltdown
Designer Processor/Architecture Related Notes
Apple Swift (A6/A6X) Post
Post
Cyclone (A7)
Typhoon (A8/A8X)
Twister (A9/A9X)
Hurricane (A10/A10X)
Monsoon (A11/A11X)
ARM Cortex-A15 Post
Cortex-A57
Cortex-A72
Cortex-A75
Intel Nehalem
Westmere
Sandy Bridge Post
Ivy Bridge
Haswell
Broadwell
Skylake
Kaby Lake
Coffee Lake

This list is incomplete; you can help by expanding it.

Proof-of-Concept[edit]

See also[edit]

References[edit]

Documents[edit]