Omni is aware of several related security bulletins for vulnerabilities identified in multiple vendors’ central processing units (CPU) used by all major computer manufacturers. As of this writing, there are three known variants:
CVE-2017-5715 - Branch target injection (SPECTRE)
CVE-2017-5753 - Bounds check bypass (SPECTRE)
CVE-2017-5754 - Rogue data cache load (MELTDOWN)
As is highlighted below, local access to a computer or server is required to attempt these exploits, they cannot be executed remotely.
What are the MELTDOWN and SPECTRE exploits?
Both MELTDOWN and SPECTRE represent flaws that affect a system's CPU allowing an unprivileged attacker to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible. The three variants rely upon the fact that modern high-performance microprocessors implement both speculative executions, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.
The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as "SPECTRE". Both variants rely upon the presence of a precisely-defined instruction sequence in the privileged code, as well as the fact that memory accesses may cause allocation into the CPU’s level 1 data cache, even for speculatively executed instructions that never actually commit. Speculative execution is a technique used by high-speed processors to increase performance by guessing likely future execution paths and prematurely executing the instructions in them. SPECTRE attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution.
The third variant (CVE-2017-5754) known as “MELTDOWN”, exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations. Out-of-order execution is an indispensable performance feature design and present in a wide range of modern processors and is independent of operating system or software. MELTDOWN is a form of race condition between the fetch of a memory address and the corresponding permission check for this address.
In all three variants, an attacker would require local system access to attempt to execute these exploits. These exploits are closer to privilege escalation attacks, a class of attack that facilitates deeper system-level access to a system for which a user already has access. The nature of these exploits is that they are read-only attacks. Therefore, they cannot directly force code execution in the operating system (OS) kernel, in other virtual machines (VM), or other programs. At this time, based on our vendor's and partner's analysis of security announcements, there has been no known active exploitation of these vulnerabilities that have been reported to Internet Security organizations.
What Omni is doing
We are currently evaluating patches that have been made available by various vendors to be applied to systems and infrastructure under Omni management. We will continue to closely monitor future announcements indicative of potential exploitation until all patches have been applied.
If you have any further questions, feel free to contact us via email at email@example.com or phone at 304-343-0478.
Original content created by our partners at Expedient Data Centers