33 hardware and firmware vulnerabilities: A guide to the threats


In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues.

Some hardware vulnerabilities are impossible to mitigate completely without releasing a new generation of components, while others can be fixed in firmware, the low-level programming present in hardware chips. In either case, patching is not straightforward, so such flaws can continue to impact real world devices for a very long time.

Here is a list of hardware-related vulnerabilities, discovered both before and after Meltdown, that you should be aware of:

CPU side-channel attacks 

Spectre variant 1 – CVE-2017-5753

Also known as bounds check bypass, CVE-2017-5753 allows attackers to exploit the branch prediction feature of modern CPUs to extract information from the memory of other processes by using the CPU cache as a side channel. It allows one process to extract sensitive information from the memory of another process but could also bypass the user/kernel memory privilege boundary. The vulnerability affects Intel, IBM and a limited number of ARM CPUs.

Spectre variant 2 – CVE-2017-5715

Spectre variant 2 has the same impact as variant 1 but uses a different exploitation technique called branch target injection. Mitigating this variant of Spectre efficiently requires updates to the affected CPU microcode, which can be applied either through BIOS/UEFI updates or by the operating system at every reboot.

Source link