Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

Intel ID:  INTEL-SA-00088
Product family:  Systems with Speculative Execution
Impact of vulnerability Information Disclosure
Severity rating Important
Original release:  Jan 03, 2018
Last revised:  Feb 20, 2018
Summary: 

Updated Recommendations Section  2/20/2018 

Today a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

Intel is committed to product and customer security and to responsible disclosure. We worked closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively.

For facts about these new exploits, and steps you can take to help protect your systems and information please visit: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html.

Description: 

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 

  • 8.2 High CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Affected products: 

  • For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.

  • Intel® Core™ i3 processor (45nm and 32nm)
  • Intel® Core™ i5 processor (45nm and 32nm)
  • Intel® Core™ i7 processor (45nm and 32nm)
  • Intel® Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel® Core™ processors
  • 3rd generation Intel® Core™ processors
  • 4th generation Intel® Core™ processors
  • 5th generation Intel® Core™ processors
  • 6th generation Intel® Core™ processors
  • 7th generation Intel® Core™ processors
  • 8th generation Intel® Core™ processors
  • Intel® Core™ X-series Processor Family for Intel® X99 platforms
  • Intel® Core™ X-series Processor Family for Intel® X299 platforms
  • Intel® Xeon® processor 3400 series
  • Intel® Xeon® processor 3600 series
  • Intel® Xeon® processor 5500 series
  • Intel® Xeon® processor 5600 series
  • Intel® Xeon® processor 6500 series
  • Intel® Xeon® processor 7500 series
  • Intel® Xeon® Processor E3 Family
  • Intel® Xeon® Processor E3 v2 Family
  • Intel® Xeon® Processor E3 v3 Family
  • Intel® Xeon® Processor E3 v4 Family
  • Intel® Xeon® Processor E3 v5 Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor E5 Family
  • Intel® Xeon® Processor E5 v2 Family
  • Intel® Xeon® Processor E5 v3 Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E7 Family
  • Intel® Xeon® Processor E7 v2 Family
  • Intel® Xeon® Processor E7 v3 Family
  • Intel® Xeon® Processor E7 v4 Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
  • Intel® Atom™ Processor C Series
  • Intel® Atom™ Processor E Series
  • Intel® Atom™ Processor A Series
  • Intel® Atom™ Processor x3 Series
  • Intel® Atom™ Processor Z Series
  • Intel® Celeron® Processor J Series
  • Intel® Celeron® Processor N Series
  • Intel® Pentium® Processor J Series
  • Intel® Pentium® Processor N Series

 

Recommendations: 

Updated 2/20/2018

We have now released new production microcode updates to our OEM customers and partners for Kaby Lake, Coffee Lake, and additional Skylake-based platforms. As before, these updates address the reboot issues last discussed here, and represent the breadth of our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. They also include our recently announced Intel® Xeon® Scalable and Intel® Xeon® D processors for datacenter systems.  We continue to release beta microcode updates for other affected products so that customers and partners have the opportunity to conduct extensive testing before we move them into production.

Pending the continued release of updated production microcode, our guidance for customers and partners remains largely unchanged:

  • We continue to recommend that OEMs, Cloud service providers, system manufacturers, software vendors, and end users stop deployment of previously released versions of certain microcode updates addressing variant 2 (CVE-2017-5715) , as they may introduce higher than expected reboots and other unpredictable system behavior.
  • We also continue to ask that our industry partners focus efforts on evaluating the beta microcode updates.
  • For those concerned about system stability while we finalize these updated solutions, earlier this week we advised that we were working with our OEM partners to provide BIOS updates using previous versions of microcode not exhibiting these issues, but that also removed the mitigations for ‘Spectre’ variant 2 (CVE 2017-5715)
  • Microsoft also provided two resources for users to disable original microcode updates on platforms exhibiting unpredictable behavior:
    1. For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 - client and server
    2. For advanced users– refer to the following Knowledge Base (KB) articles
      1. KB4073119: IT Pro Guidance
      2. KB4072698: Server Guidance
  • Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system.

We continue to believe it is important for OEMs and our customers to follow this guidance for all of the affected platforms. As before, please be assured we are working quickly to address these issues.

Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software updates that can help protect systems from these methods. End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical.

For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

Please check with your system vendor or equipment manufacturer for more information regarding your system.

Other variants of this side-channel analysis are being addressed by Operating System and Software Vendors. For more details see:

Acknowledgements: 

Intel would like to thank Jann Horn with Google Project Zero for his original report and for working with the industry on coordinated disclosure.

Intel would also like to thank the following researchers for working with us on coordinated disclosure.

  • Moritz Lipp, Michael Schwarz, Daniel Gruss, Stefan Mangard from Graz University of Technology
  • Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland, Mike Hamburg from Rambus, Cryptography Research Division and Yuval Yarom from  University of Adelaide and Data61.
  • Thomas Prescher and Werner Haas from Cyberus Technology, Germany

Revision history: 

Revision
Date
Description
1.0
03-January-2018
Initial Release
1.1
03-January-2018
Update Links
1.2
05-January-2018
Update
1.3
09-January-2018
Update
1.4
10-January-2018
New Link
1.5
17-January-2018
Status update
1.6
22-January-2018
Status Update
1.7
27-January-2018
Rec Update
1.8
2-February-2018
Rec Update
1.9
20-February-2018
Rec Update

CVE Name:  CVE-2017-5715

Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.



Reporting a security issue

If you have information about a security issue or vulnerability with an Intel product, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

For issues related to Intel managed open source projects, please visit http://www.01.org/security.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

  • A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

  • Vulnerability handling guidelines

  • Need product support?
    The secure@intel.com e-mail address should only be used for reporting security issues.

    If you...
  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches

  • Please visit Support & Downloads.