New Spectre-Related CPU Flaw Tops Intel’s Latest Critical Security Fixes

New Spectre-Related CPU Flaw Tops Intel’s Latest Critical Security Fixes

Intel has announced a large number of patches and fixes for dozens of security problems in its products and processors. The company has provided a total of 77 patches to OEMs and partners as part of its Intel Platform Update program. We were briefed on this update prior to the formal announcement, but the documents Intel has provided are a bit vague and the links that should lead to the write-ups themselves on the nature of these issues aren’t actually live yet. The flaw that Intel spent the most time discussing, meanwhile, isn’t the highest-ranked security problem of the list.

According to Intel, it is fixing 77 security flaws with this raft of patches. 67 of the flaws were found internally at Intel, while 10 were discovered by outside researchers. At least one of the CVE vulnerabilities, CVE-2019-0169, has a CVSS rating of 9.6 (ratings of 9 – 10 are considered critical, the highest severity). As of this writing, the webpage for CVE-2019-0169 is a placeholder, but we’ll have more to say as soon as we can tell what this vulnerability does. It appears to be located in the Intel Management Engine or one of its subcomponents.

New Spectre-Related CPU Flaw Tops Intel’s Latest Critical Security Fixes

The first set of fixes are various aspects of Intel’s command-and-control hardware, including the Intel Management Engine (IME), Converged Security and Management Engine (CSME), Intel Server Platform Services (SPS), Trusted Execution, and the like. It’s clear that Intel has been laying the groundwork for a major security update — there’s a CSME Detection Tool available online dated to September 4, and various laptop manufacturers have been pushing UEFI updates for IME security issues since late September. The design and security of the IME have been strongly criticized by security researchers over the years, mostly for being an entirely black box and impossible to evaluate. The security processors used by ARM, AMD, and Apple have all faced similar complaints.

Intel’s paraphrased description of CVE-2019-0169 (which has not been published as of this writing) is that it concerns a heap overflow in a subsystem of the Intel CSME and one in the Trusted Execution (TXE) subsystem. These flaws may allow an unauthenticated user to enable privilege escalation, disclose information, or launch a denial of service attack via “adjacent access.” Adjacent access” is not defined, but is positioned against terms like “local access” or “network access.”

We can’t describe most of these vulnerabilities in detail, but CVE ratings of 8+ are generally significant and should be acted upon. The fact that UEFI updates have already been pushed for laptops means it might not be a bad idea to grab one.

TAA: Transaction Asynchronous Abort

Intel did describe one of these new vulnerabilities in somewhat more detail. TAA, or Transaction Asynchronous Abort, affects the TSX capability of Intel microprocessors. TSX was a capability initially introduced with Haswell that improves the CPU’s performance in multi-threaded software if the feature is used. Like the earlier Intel MDS disclosure, TAA can be used to leak data out of microprocessors because data from speculative execution steps that is not intended to be used can still be leaked and then retrieved. There is no way for the attacker to force any particular bit of data into a leakable state (there’s no direct way to control what leaks, though an attacker can try to influence it).

Intel’s guidance on which CPUs are affected is extremely precise and maximally unhelpful. The company lists three types of products which are not impacted:

Chips without TSX support.CPUs that enumerate IA32_ARCH_CAPABILITIES[TAA_NO] (bit 8)=1.CPUs that support TSX but do not enumerate IA32_ARCH_CAPABILITIES[TAA_NO] (bit 8)=1 do not need fixes beyond those already baked into Intel’s MDS fixes.

CPUs based on Whiskey Lake, Coffee Lake R, and 2nd Gen Scalable Xeons all require fixes if the systems support TSX.

New Spectre-Related CPU Flaw Tops Intel’s Latest Critical Security Fixes

The practical impact of this problem is likely to be limited, but Intel couldn’t have made it more difficult to determine which CPUs aren’t impacted if it tried. Listing the enumerated values of specific CPU fields is only helpful if those values are readily available for each individual CPU a person might own. Intel has web pages devoted to detailing MDS fixes at the per-CPU level, but none of the information on those pages corresponds to the values given above. As such, it’s useless for determining whether or not you have a CPU with a vulnerability. It would be better to identify the specific CPU families or models, even if that leads to rather long lists. A switch has been added to the UEFI of affected products to allow TSX to be turned off, and Intel’s guidance is that consumers who have the feature but don’t use it should disable it.

As always, wfoojjaec recommends keeping your system up-to-date. Don’t deliberately leave security holes open for hackers to walk into. At the same time, keep in mind that no one has detected any real-world attack based on Spectre or Meltdown. We may have more to say about the other items on this list depending on what they turn out to be.

Update, 1:40 PM: Added Intel’s description of CVE-2019-1069.

Continue reading

One Developer Is Fixing SNES Game Lag After 30 Years
One Developer Is Fixing SNES Game Lag After 30 Years

One dedicated developer is releasing 'FastROM' patches to emulate Nintendo's SA1 chip in games that never had it, eliminating the annoying slowdowns that have plagued gamers for almost 30 years.

AMD Has Fixed Its USB Connectivity Issues, Updates Arrive in Early April
AMD Has Fixed Its USB Connectivity Issues, Updates Arrive in Early April

AMD has found the problem leading to intermittent UEFI dropouts on Ryzen systems. Look for a fix in early April.

NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix
NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix

NASA previously said the Ingenuity helicopter would take to the Martian skies over the weekend, but the agency announced late Friday that liftoff was delayed until at least April 14 because of a software issue.

Microsoft Deploys Silent Patch to Fix Gaming Performance After April Updates
Microsoft Deploys Silent Patch to Fix Gaming Performance After April Updates

Microsoft is releasing a Known Issue Rollback (KIR) to address problems with a pair of system updates from earlier this month. The company now confirms that a "small subset" of Windows 10 systems suffered poor game performance after the updates.