US-CERT issued a security update regarding the latest Intel processor design flaws. According to the vulnerability note, the CPU hardware implementations are vulnerable to side-channel attacks. The two vulnerabilities are referred to as Meltdown and Spectre.
An excerpt from the advisory:
“CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.”
An attacker could execute code with user privileges, who then could read otherwise protected kernel memory and bypassing KASLR.
The vulnerability note further provides guidance that users would need to upgrade/replace CPU hardware to fully mitigate the vulnerability. However, various OS updates can be implemented to reduce impact of the vulnerability.
Additional references have been provided on the threat:
- Today’s CPU vulnerability: what you need to know (Google Security Blog)
- Reading privileged memory with a side-channel (Google Project Zero)
- https://meltdownattack.com (Graz University of Technology)
- https://spectreattack.com (Graz University of Technology)