CVE-2019-1125, "SWAPGS Attack": a new speculative execution side-channel attack
Security researchers at Bitdefender disclosed a new way of exploiting a flaw in Intel chips.
Speculative execution attacks
As Spectre, Meltdown and other similar attacks, the SWAPGS attack takes advantage of speculative execution, a functionality that seeks to speed-up the CPU by "guessing" which instructions might come next: however, the discarded instructions can leave traces in the system’s caches, that can be observed by attackers and can provides information such as passwords, encryption keys, tokens, access credentials, or pointers or addresses that would allow them to perform privilege escalation.
The SWAPGS attack
This new attack (in effect, a variant of the Spectre V1 attack) takes advantage of SWAPGS, a system instruction that is used by the operating system to switch between two Model Specific Registers:
In x86-64 mode, only the FS and GS registers participate in a limited form of segmentation; only their base addresses are used to calculate effective addresses. Due in part to the requirement for per-CPU data, as well as the design of AMD's SYSCALL/SYSRET instructions in long mode, the GS register often holds a base address to a structure containing per-CPU data.
To facilitate using GS to store kernel data (its 'original' intention was to be used in conjunction with SYSCALL/SYSRET), a 'SWAPGS' instruction is present in long mode, which swaps the values in the KernelGSBase and GSBase Model Specific Registers. Since the processor will use the value in the GSBase MSR as the base address of GS, KernelGSBase allows the kernel to 'save' another base address.
The typical use of SWAPGS is to keep the 'user' GS (which likely has a base address of 0) in the GSBase MSR, and the address of the kernel's per-CPU structure in KernelGSBase. Upon entry to Ring 0 (through a system call, software interrupt, or some other method), the kernel will use SWAPGS so accessing
[GS:0]will get the pointer to the kernel data. Upon leaving Ring 0, SWAPGS will be called again, to switch GS back to the 'user' GS.
The researchers discovered a way to manipulate this instruction to leak out information that should be available to the operating system only and releases a whitepaper with more technical information about it, here some highlights:
- It affects all Intel CPUs that support speculative execution of the SWAPGS instruction, so basically anything from Intel Ivy Bridge (introduced 2012) until latest processors series available on the market
- Both home users and enterprise users are impacted by this vulnerability
- This type of flaw can generally be mitigated via hardware fixes, microcode updates or software patches.
During speculative execution, after loading the GS or FS segment registers with an invalid segment selector (for example, in Ring-3 with a selector that points to a Data (or Code or Task) segment with DPL 0, or with an segment selector pointing outside GDT limit), and then subsequently using that segment in further speculatively executed memory-accessing instructions, Intel® CPUs use the previously stored segment base address of the segment register to compute the linear address used for memory addressing.
In addition, a value written speculatively to the base of a segment register survives instruction retirement and can be retrieved at a later time, by loading an invalid segment descriptor into that segment register. This behavior creates the opportunity for a microarchitectural side-channel that can be used, in some cases, to retrieve general purpose register values across different security domains.
Is there a fix?
The flaw is found in the architecture of Intel chips, but luckily the fix is not to replace the CPU: this time can be fixed with a simple software patch.
Anyone who has already applied Microsoft’s July 2019 patch bundle should already be protected, and other vender already released a patch (or will release soon).
So, update, update, update!