Bitdefender researchers have identified and demonstrated a new side-channel attack. This new attack bypasses all known mitigation mechanisms implemented in response to Spectre and Meltdown. According to the report, all Intel CPUs that support SWAPGS and WRGSBASE instructions are vulnerable to this new attack.
What this means is that basically anything from Intel Ivy Bridge to the latest processor series are vulnerable. Any device running an Intel Ivy Bridge or newer CPU: desktops, laptops, servers, etc.
This functionality has the CPU making educated guesses about instructions that may be required before it determines whether the instructions are, in fact, required. This speculative execution may leave traces in cache that attackers can use to leak privileged, kernel memory.
This attack takes advantage of a combination of Intel speculative execution of a specific instruction (SWAPGS) and use of that instruction by Windows operating systems within what is known as a gadget.
As the reports reads, addressing these vulnerabilities is extremely challenging. Since they lie deep within the structure and operation of modern CPUs, completely removing the vulnerabilities involves either replacing hardware or disabling functionality that greatly enhances performance. Likewise, creating mitigation mechanisms is highly complex and can hamper performance gains achieved by speculative-execution features. For example, completely eliminating the possibility of side-channel attacks against the speculative-execution functionality of Intel CPUs would require a complete disabling of hyperthreading, which would seriously degrade performance.
On the other hand, AMD has stated that its CPUs are safe from the SWAPGS attack.
As the red team stated:
“AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks. AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”
So yeah, this is another security vulnerability that affects solely Intel’s CPUs.
Kudos to our reader Metal Messiah for bringing this to our attention!