As you have undoubtedly heard, Google Project Zero (and other collaborators) released information about two vulnerabilities in modern processors: Meltdown and Spectre. This article is a brief overview of these bugs, the security risks in the cloud as we understand them, and the next steps.
Disclaimer: This is a simplified take on these very complex bugs, and isn’t intended to be a complete analysis. The academic papers on the bugs are available here.
What is Meltdown and Spectre?
These are two vulnerabilities in modern processors. Meltdown impacts Intel CPUs since the Pentium II, and Spectre impacts those Intel chips, plus AMD and ARM chips. The bugs enable an attacker to bypass memory protection, allowing access to memory that shouldn’t be accessible to the attacker. In both cases, the bugs are caused by CPU optimizations that have unintended side-effects.
What’s the Difference Between Meltdown and Spectre?
Meltdown uses a flaw in out-of-order execution optimizations in Intel CPUs to enable access to all kernel-mapped memory from a user-space process. In most cases, *all* physical memory is mapped into kernel space, and as such, Meltdown effectively allows any user-space process to access all of the physical memory on the machine.
Spectre uses a side-channel and timing attacks in predictive branching and speculative execution that allow an attacker to trick a process into accessing arbitrary memory locations, and revealing such data to an attacker.
How Does this Impact AWS Users?
While we know from the various announcements that Meltdown can escape virtual machine sandboxes in certain circumstances (particularly, in Xen paravirtual environments), AWS immediately patched their entire EC2 fleet against the hypervisor vulnerabilities.
Given this, the virtual machine sandbox is secure. Regardless of any OS-patches, other instances on the same physical hardware as your instances cannot access any data inside your instances, and the isolation between virtual machines remains completely intact.
The remaining exposure for Meltdown is primarily in the form of local exploits inside the virtual machine. While this is important, it is not as significant as the virtual machine sandbox escape, or as a remote exploit. Assuming that all of the applications running on the instance are trusted, then there’s less immediate concern. That said, Meltdown is fixed with a recent kernel update which enables KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed), which patches even the local exploit path.
Spectre is an entirely new class of vulnerability. We expect to see more patches in the coming weeks or months as more is learned about the attack vectors enabled by Spectre. For now, the primary focus is on software that executes untrusted code and sandboxed code (notably: web browsers).
What’s Next: AWS Meltdown & Spectre Patches
Onica’s team of security experts can help you apply emergency patches for Meltdown. We’ve worked with numerous companies in highly regulated markets, including medical and financial industries. We’ll identify security risks and take steps to ensure compliance across multiple mandates.
Contact us for a comprehensive security assessment to uncover vulnerabilities and security threats in your AWS environment.