Ready to Start Your Career?

The Spectre and Meltdown Saga Continues : VARIANT 4 - A New Vulnerability Bug for Linux Kernel

Monika Fulop's profile image

By: Monika Fulop

May 23, 2018

I have been reading daily articles regarding cyber security, as my job is to stay up to date with the current vulnerabilities that are on the rise and still ongoing.The Meltdown and Spectre incident early this year has moved all global companies towards the security mitigations that need to be done in order to overcome the exploits of the vulnerabilities that INTEL chip-sets were sadly "designed" with.Now, a new exploit that was identified by security researchers Ken Johnson and Jann Horn has been made known to the public. Read the article here.The update patch is already available as CVE-2018-3639.The bug uses the microprocessor's code itself, resulting in improper handling that allows for speculative execution of a Linux kernel memory read operation.If this vulnerability is being used by an expert hacker, it can retrieve sensitive information about the machine by a method that addresses itself of prior memory actions.For Sysadmins on how to check if you're system is protected from Spectre Variant 4 (CVE-2018-3639), check$ cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypassThis command will return one of 3 possible results:- Mitigation: Speculative Store Bypass disabled via prctl and seccomp — system is protected.- No such file or directory — system is vulnerable to the Spectre 4 variant.- Vulnerable — system does not feature updated microcode or an updated virtual machine hypervisor.The security measures that were used against the Spectre v2 type  will only protect the system from a handful of  exploits.The Speculative Store Bypass system administrators can attempt to manually set certain kernel values if the machines have not received the update yet.Compiling needs to be done in the kernel sectors with the following values turned on:Speculative Store Bypass Disable (SSBD) in the IA32_SPEC_CTRL Model-Specific Register (MSR) section of x86 processors.Further protection of support does require updated microcode for Intel processors.In Ubuntu, this is turned off by default; not all applications or services need it to operate the current OS.BUT a string that is  PR_SPEC_STORE_BYPASS  can enable developers to opt into the mitigation on a per process basis. Applications that use the seccomp (a security filter) will be opted in automatically.For Firefox and Chromium browsers, examples can contain LXD, sandboxes, and processes too.System-wide SSBD mitigation can be enabled by booting with the spec_store_bypass_disable=on boot parameter.The kernels need to be recompiled with the following value turned ON:Speculative Store Bypass Disable (SSBD)in theIA32_SPEC_CTRL Model-Specific Register (MSR) section of x86 processors. 
Schedule Demo