AMD and Intel CPU bugs lead to Linux patches.

AMD and Intel CPU bugs lead to Linux patches.

Linux Kernel Developers Address AMD Inception and Intel Downfall Vulnerabilities

penguin-gettyimages-1473514702

The Linux kernel development community, always on the front lines of dealing with vulnerabilities, has once again been tasked with fixing the aftermath of AMD and Intel’s latest CPU flaws. These vulnerabilities, named AMD Inception and Intel Downfall, prompted Linux creator Linus Torvalds to release a series of patches to address them.

Both AMD Inception and Intel Downfall are speculative side-channel attacks that can potentially leak privileged data to unprivileged processes. Torvalds described them as “yet another issue where userspace poisons a microarchitectural structure which can then be used to leak privileged information through a side channel.”

This may sound familiar to Linux security experts, as it resembles the kind of vulnerabilities that plagued Intel’s Meltdown and Spectre exploits. Fortunately, developers were aware of the issues in advance, allowing them to release patches before news of the vulnerabilities spread.

To mitigate the threats posed by AMD Inception, the recent Linux kernel merge incorporated measures to counteract AMD’s Speculative Return Address Stack (RAS) overflow vulnerability on its Zen 3 and Zen 4 architectures. AMD asserts that this vulnerability is only potentially exploitable locally, such as through downloaded malware. However, security researchers at ETH Zurich have expressed concerns that Inception could be utilized by attackers in cloud computing environments where customers often share processing hardware resources.

According to the researchers, Inception represents a novel class of transient execution attacks that utilize Training in Transient Execution (TTE). Instead of attempting to leak data within a transient window, these attacks manipulate the transient window to insert new predictions into the branch predictor. When combined with the Phantom, a method of triggering transient windows from arbitrary instructions, Inception becomes a potent tool for extracting private data.

Interestingly, Intel engineer Peter Zijlstra, involved with the Linux kernel development, refined the AMD patches. It’s amusing to witness an Intel engineer spearheading the kernel’s refinement of AMD mitigation code, showcasing the collaborative spirit of the open-source community.

The Linux kernel developers also addressed the Intel Gather Data Sampling (GDS) vulnerability, known as Downfall. This vulnerability affects Intel Core processors from the 6th-generation Skylake to the 11th-generation Tiger Lake, making PCs, servers, and cloud processors potentially vulnerable.

The vulnerability stems from memory optimization features in Intel processors, unintentionally exposing internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should normally be inaccessible. Exploiting Downfall can lead to the theft of security keys and passwords belonging to other users. These attacks are highly practical and can be executed if the attacker and victim share the same physical processor core, a common occurrence in modern-day computers with preemptive multitasking and simultaneous multithreading.

Even Intel’s hardware security feature, Intel Software Guard Extensions (SGX), is helpless against this vulnerability. The potential fix for this issue comes at a cost, as some workloads may experience up to 50% overhead. However, disregarding this fix is ill-advised since modern CPUs rely on vector registers for optimizing common operations.

Fortunately, Linux users may not experience as severe a performance impact. Benchmarking conducted by Linux software engineer Michael Larabel, the editor-in-chief of Phoronix, indicates that the Downfall patches primarily affect user-space bound software, unlike previous fixes for vulnerabilities like Meltdown and Spectre. Although performance degradation may not be as significant as Intel predicted, some slowdowns are still present.

The Linux security patches have been incorporated into the Linux Git for the upcoming Linux 6.5 kernel. Stable point releases have also been adjusted to include these patches, which cover the current Linux 6.4 stable series and the supported Long-Term Support (LTS) series kernels.

These patches enable the reporting of CPU speculative execution vulnerabilities and introduce new controls to modify their behavior with the latest CPU microcode. To benefit from these patches, users must also install the AMD and Intel microcode updates.

To protect against these vulnerabilities, it’s crucial to stay updated with the latest microcode releases and promptly apply patches to Linux systems as they become available. While this process may not be a significant concern for Linux desktop users, it is crucial for those running Linux on servers and in cloud environments.

In conclusion, the Linux kernel development community continues to demonstrate its commitment to addressing critical vulnerabilities affecting AMD and Intel CPUs. By refining patches and providing timely updates, they maintain the stability and security of Linux systems in the face of evolving threats.