Rogue System Register Read / CVE-2018-3640 / INTEL-SA-00115

Published: 05/21/2018

Disclosure date:
2018-05-21

Published date:
2018-05-21

Severity rating: 
4.3 Medium

Industry-wide severity ratings can be found in the National Vulnerability Database


Aliases

  • Variant 3a
  • Meltdown variant

Related Content

Refined speculative execution terminology

List of Instructions Affected by Rogue System Register Read

Details on Intel's microcode update process

Overview

Rogue System Register Read (INTEL-SA-00115) is a domain-bypass transient execution attack that uses transient execution of instructions to potentially allow malicious actors to infer the values of some system register states that should not be architecturally accessible. This method was first described as Variant 3a (V3a) in the Cache Speculation Side-channels ARM* whitepaper. The set of system registers that can have their values inferred by this method is specific to each hardware implementation. Rogue System Register Read has been assigned CVE-2018-3640 with a base score of 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N.

Although these transient operations will architecturally fault or VM exit, in certain cases they may return data that is accessible to subsequent instructions in the speculative execution path. These subsequent instructions can then create a side channel to infer the system register state.

Intel’s analysis is that the majority of states exposed by the Rogue System Register Read method are not secret or sensitive, and that this method does not directly enable attacks or exposure of user data. However, the use of the rogue system register read method by an attacker may potentially result in the exposure of the physical addresses for some data structures and may also expose the linear addresses of some kernel software entry points.

Knowledge of these physical and linear addresses may enable malicious actors to determine the addresses of other kernel data and code elements, which may impact the efficacy of the Kernel Address Space Layout Randomization (KASLR) technique. KASLR, as a security defense in-depth feature, has been subject to a number of attacks in recent years; in particular by local malicious actors who can control code execution. As the rogue system register read method involves attacker-controlled code execution, a local attacker who employs rogue system register read to break KASLR may be low impact for most end users.

The list of Instructions Affected by Rogue System Register Read describes transient execution behavior that may occur on one or more existing Intel processors. Individual processors will only be affected by a subset of the issues listed in this link. These issues are addressed in future processors.

Mitigation

Malware must be running locally on a system to compromise security using the rogue system register read method.

Microcode updates help ensure that the RDMSR instruction will not speculatively return data when executed at CPL > 0 or when executed by a Virtual Machine eXtension (VMX) guest to a model-specific register (MSR) for which RDMSR is configured to cause a Virtual Machine (VM) exit.

Recent processors further restrict speculative values returned. Note that cases where the speculative value returned depends only on the instruction operands are not believed to constitute a security threat and may not be mitigated. An example of this would be a RDMSR instruction that speculatively returns the ECX value used as input. A non-system-register read example would be a divide instruction that, when it causes a divide error exception, returns data related to that divide’s inputs.
 

References

 

Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources

 

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.