Jump to content

Recommended Posts

securitybreach
Posted
7 hours ago, raymac46 said:

I honestly wonder how much effect all these "vulnerabilities" are having on the Linux universe. Are they out in the wild or just academic curiosities? Would the mitigations really mess up an old desktop Linux system that is used for light Web surfing and some office stuff? Seems to me that the risk of a kernel panic is worse than anything that Spectre can do to you.

 

The majority are proof of concept and usually are only found in a lab and not in the wild.

abarbarian
Posted
21 hours ago, raymac46 said:

I honestly wonder how much effect all these "vulnerabilities" are having on the Linux universe.

 

Well we as personal users are just a small drop in the linux ocean. Commercial linux on the other hand faces a much more real threat.

 

While  personal users can be at risk the risk is very infinitesimally small. This Kaspersky article from 2022 is very informative.

 

Retbleed attack, or Spectre strikes back

 

This part of the article describes a 2018 attack similar to Retbleed.

 

Quote

This is an extremely complex attack. Firstly, the attacker has to be able to execute code on the system under attack, albeit without the desired privileges, i.e., without access to sensitive data. For example, a user could be persuaded to open a web page containing a malicious script in their browser. Secondly, the attacker needs software on the target system that includes code suitable for the attack. In the researchers’ jargon, this is known as a “gadget”. The attack code trains the branch prediction system to speculatively execute this gadget. This causes it to access an area of memory inaccessible to the attacker. The secret data is placed in the CPU cache, from where it can be extracted very slowly – no more than tens of bits per second – by side-channel reading.

 

Older Intel and AMD cpu's are vulnerable,

 

Quote

As the table shows, not entirely new, but rather up-to-date AMD Zen 1 and Zen 2 (2017–2019) and Intel’s Kaby Lake and Coffee Lake (2016–2017) processors are prone to a Retbleed attack. On the more modern AMD Zen 3 processors, as well as Intel Alder Lake and the earlier 9th generation processors, a Retbleed attack doesn’t work. This is also due to implementation of Enhanced IBRS hardware protection in Intel processors.

 

Newer AMD cpu's have their own problems but are harder to hack,

 

Quote

AMD processors turned out to be vulnerable in their own way, and the researchers discovered a phenomenon they called “Phantom JMPs”. It turned out that, under certain conditions, it’s possible to make a branch prediction system execute an arbitrary instruction even if it’s not there in the code under attack. Because of this, the authors had to release a brief one-page addendum to the study. They stipulate, however, that exploiting this vulnerability to do real damage is even more difficult than with traditional Spectre V2.

 

 

So it seems that big business is the most at threat,

 

Quote

The most obvious scenario is an attack through hosting and distributed computing providers. A typical virtual server that you can rent for a reasonable sum from a random provider is essentially a program that runs beside other customers’ virtual OSs on the same high-powered server.

 

Quote

For ordinary users, the threat of Spectre attacks remains entirely virtual. Preventive patches from operating-system developers will suffice. In Windows, by the way, effective IBRS protection is enabled by default. New Linux kernel patches will possibly lead to performance degradation, which may be most noticeable in business solutions where computer hardware is squeezed to the limits.

The problem is compounded by the fact that there are many Spectre variants. Retbleed could also be considered a separate variant, which works differently on processors from different manufacturers. AMD and Intel have acknowledged Retbleed as a separate vulnerability and will possibly come up with some hardware solution for it.

 

Phew this has been a pretty steep learning curve. I originally installed the retbleed stuff after reading a Phronix article and it seemed a sensible and easy thing to do. Similar to adding " initrd=intel-ucode.img  " to my boot config.

After reading around the subject it seems that my personal pc is not so vunerable as long as I keep a up to date browser with all the inbuilt security switched on and possibly some security add-ons. An of course as long as I do not click on every link that pops up out of curiosity.

 

Now that my gremlin has been put to bed and I have more knowledge regarding Retbleed and other security vulnerabilities I can stop worrying  and carry on with life. It has been quite difficult to tease out the important facts relating to my situation but that is always the case when researching.

 

😎

  • +1 1
V.T. Eric Layton
Posted
Quote

This is an extremely complex attack. Firstly, the attacker has to be able to execute code on the system under attack, albeit without the desired privileges, i.e., without access to sensitive data. For example, a user could be persuaded to open a web page containing a malicious script in their browser. Secondly, the attacker needs software on the target system that includes code suitable for the attack. In the researchers’ jargon, this is known as a “gadget”. The attack code trains the branch prediction system to speculatively execute this gadget. This causes it to access an area of memory inaccessible to the attacker. The secret data is placed in the CPU cache, from where it can be extracted very slowly – no more than tens of bits per second – by side-channel reading.

 

That's a d@mned complicated means of attack, along with a whole lot of "ifs" and "maybes" necessary for it to be successfully done. Might be worthwhile for the hackers to breech commercial systems, but they'd be quite disappointed try to breech mine and finding anything they could use.

 

ALL of my important personal documents are encrypted on my system... and there aren't really many of them. Also, if they did get control of my system, they'd have to figure out when it was in use to utilize it for anything. My system does NOT stay on all the time. I power up in the morning, hang out online for a while, then power down completely (computer and all peripherals at this desk, including the ISP's router).

 

It seems a serious issue, but not something most individual users are going to have to worry about.

Posted (edited)

My Linux junkers are even older than Skylake and Ryzen so I suppose in principle they are vulnerable. However like Eric I don't keep them running all the time and I use up to date browsers.

I don't have any special boot options to eliminate mitigations or enable retbleed stuff so I don't know if that is good or bad. My old machines run OK with SSDs in any event.

Edited by raymac46
  • +1 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...