Linux kernel mitigations released for new Intel CPU issues

Mainline Linux kernel received mitigations for TSX Asynchronous Abort (TAA), JCC Erratum and iITLB Multihit (NX) - No eXcuses.

"TSX Asynchronous Abort" (TAA) is a new ZombieLoad side-channel attack variant focused on Intel processors with TSX (Transactional Synchronization Extensions). This variant was actually discovered as part of ZombieLoad (announced back in May) but faced an extended embargo. TAA can allow leaking of data across processes, privilege boundaries and Hyper Threading. With Hyper Threading disabled, TAA can still leak data from protected domains.

The mitigation for ZombieLoad TAA released today (11.12) exposes /sys/devices/system/cpu/vulnerabilities/tsx_async_abort for reporting the mitigation status plus a new tsx_async_abort kernel parameter. With the TAA mitigation, the system will clear CPU buffers on ring transitions.

Ref.: https://seclists.org/oss-sec/2019/q4/67

The "Jump Conditional Code" (JCC) erratum, made public today (11.12) by Intel, is a bug that can happen when jump instructions cross cache lines and affects Skylake through Cascade Lake processors. Intel's mitigations document for Jump Conditional Code Erratum states that the mitigation/workaround will impact performance by 0-4% excluding outliers, which means that even higher performance downsides in specific workloads.

The "iITLB Multihit (NX) - No eXcuses" is known since last year (CVE-2018-12207). This issue occurs for some Intel CPUs causing a machine check error and possible unrecoverable CPU lockup stemming from page size changes. This has implications in the VM space for being able to cause a denial of service attack by a malicious guest. The workaround for this vulnerability is KVM marking huge pages in the extended page tables as non-executable (NX).

The mitigation released today exposes /sys/devices/system/cpu/vulnerabilities/itlb_multihit for reporting status and a new kvm.nx_huge_pages parameter.

Ref.: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/Documentation/admin-guide/hw-vuln/multihit.rst?id=eb094f06963bb0fd8134c6a9b805d4ad0002a7d4

That's it, more patches and more performance penalties.

BF/CM - Buyer Beware. Conduct your own due diligence on the sustainability of the deals presented here as well as the provider's track record.

Thanked by poisson uptime tgl mikho

Comments

Sign In or Register to comment.