top of page
Search
freenheaxenu1988

RAMBleed Vulnerability



The SPOILER vulnerability is a micro-architectural leakage which allows an attacker to determine virtual-to-physical page mappings in unprivileged user space processes. It leverages the data dependency of speculative load and store operations in the memory order buffer and uses rdtscp and mfence instructions to measure the timing discrepancies that reveal memory layout. This allows a detection of ranges of contiguous physical memory pages which makes Rowhammer much more effective and easier; just seconds of an attack instead of weeks.




RAMBleed vulnerability




The SPOILER vulnerability is specific to Intel CPUs and manifests itself starting from the 1st generation of Intel Core processors. This vulnerability is different and separate from the Spectre vulnerabilities. It can be potentially exploited by malicious JavaScript code executed by a web browser or untrusted code running on a system.


A vulnerability named RAMBleed CVE-2019-0174 was discovered in contemporary industry wide DRAM memory implementations which allows an unprivileged attacker to read out certain memory belonging to other processes by levaraging the Rowhammer bit-flipping effect. The data read may otherwise be inaccessible and could include potentially secret information. RAMBleed is a side channel read vulnerability as the Rowhammer-induced bit-flips allow attackers to deduce values of bits in the memory belonging to other processes. Surrounding victim data pages with carefully constructed attacker pages on which hammering is performed can allow data dependent bit flips to be induced in one of the attacker controlled pages and allow data to be reconstructed.


Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.


Dubbed RAMBleed, the attack is based on the Rowhammer vulnerability and can be used to break the safe-storage promise of random access memory (RAM) modules; even those that integrate error-correcting code (ECC) mechanism.


While vulnerability CVE-2019-11091 has received a CVSS Base Score of 3.8, the other vulnerabilities have all been rated with a CVSS Base Score of 6.5. As a result of the flaw in the architecture of these processors, an attacker who can execute malicious code locally on an affected system can compromise the confidentiality of data previously handled on the same thread or compromise the confidentiality of data from other hyperthreads on the same processor as the thread where the malicious code executes. As a result, MDS vulnerabilities are not directly exploitable against servers that do not allow the execution of untrusted code.


Oracle has just released Security Alert CVE-2019-2725. This Security Alert was released in response to a recently-disclosed vulnerability affecting Oracle WebLogic Server. This vulnerability affects a number of versions of Oracle WebLogic Server and has received a CVSS Base Score of 9.8. WebLogic Server customers should refer to the Security Alert Advisory for information on affected versions and how to obtain the required patches.


Please note that vulnerability CVE-2019-2725 has been associated in press reports with vulnerabilities CVE-2018-2628, CVE-2018-2893, and CVE-2017-10271. These vulnerabilities were addressed in patches released in previous Critical Patch Update releases.


Oracle just released Security Alert CVE-2018-11776. This vulnerability affects Apache Struts 2, a component used in a number of Oracle product distributions. It has received a CVSS Base Score of 9.8. The Security Alert advisory provides a list of affected Oracle products, their statuses, and information about available patches.


Oracle has determined that Oracle Intel x86 Servers are not impacted by vulnerability CVE-2018-3615 because the processors in use with these systems do not make use of Intel Software Guard Extensions (SGX).


Oracle has determined that Oracle Solaris on x86 is not affected by vulnerabilities CVE-2018-3615 and CVE-2018-3620 regardless of the underlying Intel processor on these systems. It is however affected by vulnerability CVE-2018-3646 when using Kernel Zones. The necessary patches will be provided at a later date.


Bare metal instances in Oracle Cloud Infrastructure (OCI) Compute offer full control of a physical server and require no additional Oracle code to run. By design, the bare metal instances are isolated from other customer instances on the OCI network whether they be virtual machines or bare metal. However, for customers running their own virtualization stack on bare metal instances, the L1TF vulnerability could allow a virtual machine to access privileged information from the underlying hypervisor or other VMs on the same bare metal instance. These customers should review the Intel recommendations about vulnerabilities CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 and make changes to their configurations as they deem appropriate.


Oracle just released Security Alert CVE-2018-3110. This vulnerability affects the Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows. It has received a CVSS Base Score of 9.9, and it is not remotely exploitable without authentication. Vulnerability CVE-2018-3110 also affects Oracle Database version 12.1.0.2 on Windows as well as Oracle Database on Linux and Unix; however, patches for those versions and platforms were included in the July 2018 Critical Patch Update.


The vulnerability, tracked as CVE-2021-42114 with a severity of 9 out of 10, means that pretty much any shared workload on physical hardware is potentially susceptible to a rowhammer attack, even if the device in question relies on a memory defense known as Target Row Refresh (TRR).


Well-known security software developer Bitdefender found a new bypass attack, Swapgs on Intel processors which can bypass Spectre and Meltdown defenses. Attackers can use the speculative execution technology used by Intel to increase privilege and obtain confidential and sensitive data stored in memory or cache. The new security vulnerability can actually bypass all current Spectre and Meltdown series vulnerability microcode updates. However, this vulnerability was discovered by Bitdefender last year and was submitted to Intel. Until recently, Intel released a new microcode to fix it.


Since the publication of the Spectre and Meltdown series of vulnerabilities, researchers have carefully analyzed the speculative execution capabilities of modern processors, especially the functional bypass attack. Bitdefender researchers worked with Intel for several years and then publicly disclosed the vulnerability, while Bitdefender also worked with Microsoft to develop a mitigation update. Other software and hardware developers in the ecosystem are also involved, such as the current Red Hat team has indicated that it needs to make updates to continue mitigation. Bitdefender has released detailed research white papers, including detailed disclosure time, the research behind the attack, and attack demo videos. 2ff7e9595c


0 views0 comments

Recent Posts

See All

Comments


bottom of page