Boffins in America, the Netherlands, and Switzerland have devised a Spectre-style attack on modern processors that can defeat defenses that are supposed to stop malicious software from hijacking a computer’s operating system. The end result is exploit code able to bypass a crucial protection mechanism and take over a device to hand over root access.
That’s a lot to unpack so we’ll start from the top. Let’s say you find a security vulnerability, such as a buffer overflow, in the kernel of an OS like Linux. Your aim is to use this programming flaw to execute code within the kernel so that you can take over the whole machine or device. One way to do this, and sidestep things like stack cookies and the prevention of data execution, is to use return-orientated programming (ROP). This involves chaining together snippets of instruction sequences in the kernel to form an ad-hoc program that does whatever you want: hand control of the machine to you, for example.
To thwart ROP-based exploits, a defense called Address Space Layout Randomization (ASLR) was devised some years back that, as the name suggests, randomizes the locations of an application or operating system kernel’s code and libraries in memory. That makes it difficult to write working ROP exploits as the snippets of code they need aren’t in their expected locations; they are randomly placed during boot. Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel’s layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator.
Enter Spectre. This is the family of vulnerabilities that can be exploited by malware or a rogue user to obtain secret, privileged information – such as passwords and keys – by taking advantage of speculative execution, which is when a processor performs an operation before it’s needed and either retains or tosses the result, depending on the processor instructions ultimately executed.
What the team say they’ve done is designed a Spectre-style technique that can silently speculatively probe memory to determine the location of the kernel’s parts without triggering a crash. And that makes a blind return-oriented programming (BROP) attack possible, bypassing any ASLR in the way.
The technique, dubbed BlindSide, is explained in a paper [PDF] by Enes Göktaş and Georgios Portokalidis (Stevens Institute of Technology), Herbert Bos and Cristiano Giuffrida (Vrije Universiteit Amsterdam), and Kaveh Razavi (ETH Zürich). Scheduled to be presented at the ACM Conference on Computer and Communications Security (CCS) 2020, it involves memory-corruption-based speculative control-flow hijacking.
“Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects,” the paper stated. “Such primitives can repeatedly probe victim memory and break strong randomization schemes without crashes and bypass all deployed mitigations against Spectre-like attacks.”
The basic memory write vulnerability in this case was a heap buffer overflow patched some time ago in the Linux kernel (CVE-2017-7308). But the boffins insist other vulnerabilities that provide access to a write primitive, such as CVE-2017-1000112, CVE-2017-7294, and CVE-2018-5332, would work too. So to be clear: you need to find an unpatched hole in the kernel, get some kind of code execution on the machine in question, and then deploy the BROP technique with an exploit to gain root privileges.
The boffins show that they can break KASLR (Kernel ASLR) to run an ROP exploit; leak the root password hash; and undo fine-grained randomization (FGR) and kernel execute-only memory (XoM) protections to access the entire kernel text and perform an ROP exploit.
A video of one such attack shows that the technique takes a few minutes, but does manage to elevate the user to root privileges:
The computer scientists confirmed their technique on Linux kernel version 4.8.0 compiled with gcc and all mitigations enabled on a machine with an Intel Xeon E3-1270 v6 processor clocked at 3.80GHz with 16GB of RAM.
They also did so on Linux kernel version 5.3.0-40-generic with all the mitigations (e.g., Retpoline) enabled on an Intel i7-8565U chip (Whiskey Lake) with the microcode update for the IBPB, IBRS and STIBP mitigations. What’s more, the technique worked on Intel Xeon E3-1505M v5, Xeon E3-1270 v6 and Core i9-9900K CPUs (Skylake, Kaby Lake, and Coffee Lake) and on AMD Ryzen 7 2700X and Ryzen 7 3700X CPUs (Zen+ and Zen2).
“Overall, our results confirm speculative probing is effective on a modern Linux system on different microarchitectures, hardened with the latest mitigations,” the paper stated.
Potential mitigations involve preventing, detecting, and hindering speculative probing, but none of these approaches, the authors suggest, can deal with the issue very well. Intel and AMD did not immediately respond to requests for comment.