{"id":35636,"date":"2018-01-03T17:32:31","date_gmt":"2018-01-03T16:32:31","guid":{"rendered":"http:\/\/www.planet3dnow.de\/cms\/?p=35636"},"modified":"2018-01-03T17:49:53","modified_gmt":"2018-01-03T16:49:53","slug":"massive-sicherheitsluecke-in-intel-cpus-der-letzten-jahre","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/35636-massive-sicherheitsluecke-in-intel-cpus-der-letzten-jahre\/","title":{"rendered":"Massive Sicherheitsl\u00fccke in Intel-CPUs der letzten Jahre"},"content":{"rendered":"<p>Bereits in den letz\u00adten Wochen muss\u00adte Intel Nega\u00adtiv\u00adschlag\u00adzei\u00adlen wegen <a href=\"http:\/\/www.planet3dnow.de\/cms\/35130-erste-bios-updates-fuer-intel-me-sicherheitsluecke\/\">Sicher\u00adheits\u00adl\u00fc\u00adcken im Manage\u00adment Engi\u00adne Inter\u00adface<\/a> \u00fcber sich erge\u00adhen las\u00adsen. Doch gestern hat <a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/\" rel=\"noopener\" target=\"_blank\">The Regis\u00adter<\/a> eine Wel\u00adle an Nach\u00adrich\u00adten ange\u00adsto\u00ad\u00dfen, die weit \u00fcber die MEI-Pro\u00adble\u00adma\u00adtik hin\u00adaus\u00adrei\u00adchen. In Intel-Pro\u00adzes\u00adso\u00adren mit Sup\u00adport f\u00fcr x86-64 befin\u00addet sich offen\u00adbar eine gra\u00advie\u00adren\u00adde Sicher\u00adheits\u00adl\u00fc\u00adcke, die es Angrei\u00adfern erlaubt, auf pro\u00adzess\u00adfrem\u00adde Spei\u00adcher\u00adbe\u00adrei\u00adche zuzu\u00adgrei\u00adfen. Da es sich dem Ver\u00adneh\u00admen nach um einen Hard\u00adware-Bug han\u00addeln soll, der nicht mit einem Micro\u00adcode-Update gefixt wer\u00adden kann, ist die Bedro\u00adhungs\u00adsi\u00adtua\u00adti\u00adon poten\u00adzi\u00adell erheb\u00adlich, schlie\u00df\u00adlich ste\u00adcken in der \u00fcber\u00adwie\u00adgen\u00adden Mehr\u00adzahl der x86-64-Sys\u00adte\u00adme Intel-Pro\u00adzes\u00adso\u00adren. Der Bug ist unab\u00adh\u00e4n\u00adgig vom Betriebs\u00adsys\u00adtem \u2013 Win\u00addows, Linux und MacOS sind betroffen.<\/p>\n<p><\/p><center>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Post\u00adgreS\u00adQL <span class=\"caps\">SELECT<\/span> 1 with the <span class=\"caps\">KPTI<\/span> work\u00adaround for Intel <span class=\"caps\">CPU<\/span> vul\u00adnerabi\u00adli\u00adty <a href=\"https:\/\/t.co\/N9gSvML2Fo\">https:\/\/t.co\/N9gSvML2Fo<\/a><\/p>\n<p>Best case: 17% slow\u00addown<br>Worst case:&nbsp;23%<\/p>\n<p>\u2014 The Regis\u00adter (@TheRegister) <a href=\"https:\/\/twitter.com\/TheRegister\/status\/948342806367518720?ref_src=twsrc%5Etfw\">2. Janu\u00adar&nbsp;2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p><\/center>\n<p>AMD-Pro\u00adzes\u00adso\u00adren sind laut <a href=\"https:\/\/lkml.org\/lkml\/2017\/12\/27\/2\" rel=\"noopener\" target=\"_blank\">Aus\u00adsa\u00adge eines AMD-Ent\u00adwick\u00adlers<\/a> nicht betroffen:<\/p>\n<blockquote><p><span class=\"caps\">AMD<\/span> pro\u00adces\u00adsors are not sub\u00adject to the types of attacks that the ker\u00adnel page table iso\u00adla\u00adti\u00adon fea\u00adture pro\u00adtects against.  The <span class=\"caps\">AMD<\/span> micro\u00adar\u00adchi\u00adtec\u00adtu\u00adre does not allow memo\u00adry refe\u00adren\u00adces, inclu\u00adding spe\u00adcu\u00adla\u00adti\u00adve refe\u00adren\u00adces, that access hig\u00adher pri\u00advi\u00adle\u00adged data when run\u00adning in a les\u00adser pri\u00advi\u00adle\u00adged mode when that access would result in a page&nbsp;fault.<\/p><\/blockquote>\n<p>Indi\u00adrekt betrifft der Bug weit mehr als die PC-Nut\u00adzer mit Intel-Pro\u00adzes\u00adso\u00adren, schlie\u00df\u00adlich ste\u00adcken auch in den meis\u00adten Cloud-Ser\u00advern Intel-Pro\u00adzes\u00adso\u00adren, auf denen Smart\u00adphone-Nut\u00adzer ihre Kon\u00adten hin\u00adter\u00adle\u00adgen, eben\u00adso wie in den Cloud-Com\u00adpu\u00adting-Diens\u00adten bei Ama\u00adzon, Micro\u00adsoft (Azu\u00adre) und ver\u00adgleich\u00adba\u00adren Ange\u00adbo\u00adten. Auch die meis\u00adten Fir\u00admen\u00adser\u00adver d\u00fcrf\u00adten von Intel Xeon-Pro\u00adzes\u00adso\u00adren befeu\u00adert&nbsp;sein.<\/p>\n<p>Bekannt ist der Bug anschei\u00adnend schon l\u00e4n\u00adger, da die Linux Ker\u00adnel-Ent\u00adwick\u00adler eben\u00adso wie die Fast-Ring-Ent\u00adwick\u00adler bei Micro\u00adsoft bereits einen Patch parat haben. Bei Micro\u00adsoft ist der Patch anschei\u00adnend seit 19. Dezem\u00adber im Fast-Ring ab Ver\u00adsi\u00adon 17035 aktiv. Bei Linux ist der <a href=\"https:\/\/lwn.net\/SubscriberLink\/741878\/78d70a9fed62f496\/\" rel=\"noopener\" target=\"_blank\">(K)PTI-Fix<\/a> ab Linux-Ker\u00adnel 4.14.11 aktiv, aller\u00addings wird der Fix hier auch bei AMD-Pro\u00adzes\u00adso\u00adren akti\u00adviert. Ab 4.14.12 soll er kor\u00adrek\u00adter\u00adwei\u00adse nur bei Intel-Pro\u00adzes\u00adso\u00adren akti\u00adviert wer\u00adden, denn der Fix kos\u00adtet ein wenig Leis\u00adtung, da der <span class=\"caps\">TLB<\/span> (Trans\u00adla\u00adti\u00adon-Loo\u00adka\u00ads\u00adi\u00adde-Buf\u00adfer) nicht mehr so effi\u00adzi\u00adent arbei\u00adten kann; je nach Workload wer\u00adden mal 7 Pro\u00adzent, mal 25 Pro\u00adzent Leis\u00adtungs\u00adein\u00adbu\u00ad\u00dfe ver\u00admel\u00addet. Neben dem Workload an sich ist der Grad der Leis\u00adtungs\u00adein\u00adbu\u00ad\u00dfe offen\u00adbar auch davon abh\u00e4n\u00adgig, ob der Pro\u00adzes\u00adsor den <span class=\"caps\">TLB<\/span> lee\u00adren muss bei einem Wech\u00adsel der Page\u00adta\u00adble oder nicht. Neue\u00adre Intel-Pro\u00adzes\u00adso\u00adren <a href=\"https:\/\/lwn.net\/Articles\/738975\/\" rel=\"noopener\" target=\"_blank\">m\u00fcs\u00adsen das dank pro\u00adcess-con\u00adtext iden\u00adti\u00adfiers (PCIDs) nicht<\/a>, \u00e4lte\u00adre wie San\u00addy Bridge schon.<\/p>\n<p><\/p><center>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Win\u00addows 17035 Ker\u00adnel <span class=\"caps\">ASLR<\/span>\/<span class=\"caps\">VA<\/span> Iso\u00adla\u00adti\u00adon In Prac\u00adti\u00adce (like Linux <span class=\"caps\">KAISER<\/span>). First screen\u00adshot shows how NtCrea\u00adteFi\u00adle is not map\u00adped in the ker\u00adnel regi\u00adon of the user <span class=\"caps\">CR3<\/span>. Second screen\u00adshot shows how a \u2019shadow\u2019 ker\u00adnel trap hand\u00adler, is (has to be). <a href=\"https:\/\/t.co\/7PriLIJHe1\">pic.twitter.com\/7PriLIJHe1<\/a><\/p>\n<p>\u2014 Alex Iones\u00adcu (@aionescu) <a href=\"https:\/\/twitter.com\/aionescu\/status\/930412525111296000?ref_src=twsrc%5Etfw\">14. Novem\u00adber&nbsp;2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p><\/center>\n<p>Da <span class=\"caps\">AMD<\/span> von dem Bug nicht betrof\u00adfen ist, obwohl x86-64 sei\u00adner\u00adzeit von <span class=\"caps\">AMD<\/span> ent\u00adwi\u00adckelt wor\u00adden war, l\u00e4sst dar\u00adauf schlie\u00ad\u00dfen, dass der Feh\u00adler nicht im Befehls\u00adsatz an sich steckt, son\u00addern in der spe\u00adzi\u00adel\u00adlen Imple\u00admen\u00adtie\u00adrung durch&nbsp;Intel.<\/p>\n<p><strong>Quel\u00adlen:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/02\/intel_cpu_design_flaw\/\" rel=\"noopener\" target=\"_blank\"><span class=\"quo\">\u2018<\/span>Ker\u00adnel memo\u00adry lea\u00adking\u2019 Intel pro\u00adces\u00adsor design flaw forces Linux, Win\u00addows redesign<\/a><\/li>\n<li><a href=\"https:\/\/www.computerbase.de\/2018-01\/intel-cpu-pti-sicherheitsluecke\/\" rel=\"noopener\" target=\"_blank\">Intel: Details und Bench\u00admarks zur Sicher\u00adheits\u00adl\u00fc\u00adcke in allen&nbsp;CPUs<\/a><\/li>\n<li><a href=\"https:\/\/www.heise.de\/security\/meldung\/Massive-Luecke-in-Intel-CPUs-erfordert-umfassende-Patches-3931562.html\" rel=\"noopener\" target=\"_blank\">Mas\u00adsi\u00adve L\u00fccke in Intel-CPUs erfor\u00addert umfas\u00adsen\u00adde Patches<\/a><\/li>\n<li><a href=\"http:\/\/www.planet3dnow.de\/cgi-bin\/newspub\/viewnews.cgi?category=1&amp;id=1088503188\"><span class=\"caps\">AMD64<\/span> und <span class=\"caps\">EM64T<\/span> nicht wirk\u00adlich kompatibel<\/a><\/li>\n<li><a href=\"http:\/\/www.planet3dnow.de\/vbulletin\/showthread.php?t=429271\">Link\u00adsamm\u00adlung in erat\u00adtes User-News<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In Intel-Pro\u00adzes\u00adso\u00adren mit Sup\u00adport f\u00fcr x86-64 befin\u00addet sich offen\u00adbar eine gra\u00advie\u00adren\u00adde Sicher\u00adheits\u00adl\u00fc\u00adcke, die es Angrei\u00adfern erlaubt, auf pro\u00adzess\u00adfrem\u00adde Spei\u00adcher\u00adbe\u00adrei\u00adche zuzu\u00adgrei\u00adfen. Da es sich dem Ver\u00adneh\u00admen nach um einen Hard\u00adware-Bug han\u00addeln soll, der nicht mit einem Micro\u00adcode-Update gefixt wer\u00adden kann, ist die Bedro\u00adhungs\u00adsi\u00adtua\u00adti\u00adon poten\u00adzi\u00adell erheb\u00adlich, schlie\u00df\u00adlich ste\u00adcken in der \u00fcber\u00adwie\u00adgen\u00adden Mehr\u00adzahl der x86-64-Sys\u00adte\u00adme Intel-Pro\u00adzes\u00adso\u00adren. Der Bug ist unab\u00adh\u00e4n\u00adgig vom Betriebs\u00adsys\u00adtem. (\u2026) <a class=\"moretag\" href=\"https:\/\/www.planet3dnow.de\/cms\/35636-massive-sicherheitsluecke-in-intel-cpus-der-letzten-jahre\/\">Wei\u00adter\u00adle\u00adsen&nbsp;\u00bb<\/a><\/p>\n","protected":false},"author":2,"featured_media":6269,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[12],"tags":[1004,1416,1415,1417,1414],"class_list":["post-35636","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aktuelles","tag-intel","tag-kpti","tag-pti","tag-tlb","tag-x86-64","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/35636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=35636"}],"version-history":[{"count":12,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/35636\/revisions"}],"predecessor-version":[{"id":35645,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/35636\/revisions\/35645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media\/6269"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=35636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=35636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=35636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}