Uncategorized

Yuriy working on new HIPSEC Spectre test

Nice to see some recent CHIPSEC activity, given all the recent related CVEs…
…But this is not from the CHIPSEC team, it is from ex-CHIPSEC team member Yuriy of Eclypsium.

Added new module checking for Spectre variant 2
The module checks if system is affected by Speculative Execution Side Channel vulnerabilities. Specifically, the module verifies that the system supports hardware mitigations for Branch Target Injection a.k.a. Spectre Variant 2 (CVE-2017-5715)

See source comments for more info.

https://github.com/c7zero/chipsec/commit/b11bce8a0ed19cbe1d6319ef9928a297b9308840

 

Standard
Uncategorized

Bleeping Computer on OEM status of Meltdown/Spectre

Bleeping Computer has a nice list of OEMs and their Spectre/Meltdown update status:

https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

 

Standard
Uncategorized

a bit more on Spectre and Meltdown

https://developer.arm.com/support/security-update

https://www.op-tee.org/security-advisories/

https://newsroom.intel.com/

https://ami.com/en/news/press-releases/american-megatrends-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities/

https://kb.vmware.com/s/article/52345

Standard
Uncategorized

more on Spectre/Meltdown

https://www.amd.com/en/corporate/speculative-execution?sf178974629=1

https://blogs.technet.microsoft.com/surface/2018/01/10/updates-for-surface-devices-09-january-2018/

https://news.hitb.org/content/intel-says-patches-can-cause-reboot-problems-old-chips

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre

http://nymag.com/selectall/2018/01/why-it-took-22-years-to-discover-fundamental-chip-flaw.html

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

Standard
Uncategorized

more on Spectre and Meltdown

https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom
https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

 

Standard
Uncategorized

more on Meltdown and Spectre

http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://marc.info/?l=openbsd-tech&m=151521435721902&w=2

https://github.com/marcan/speculation-bugs/blob/master/README.md

https://github.com/raphaelsc/Am-I-affected-by-Meltdown

Standard
Uncategorized

more on Meltdown and Spectre

We’re seeing browser and OS updates. The Microsoft Surface is the only firmware update I’ve seen so far…

 

Behind the scenes of a bug collision

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://support.apple.com/en-us/HT208394

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://lwn.net/Articles/741878/

https://lkml.org/lkml/2018/1/4/602

https://sourceforge.net/p/genode/mailman/message/36178974/

 

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

https://erc.europa.eu/news/Cybersecurity-ERC-grantee-behind-discovery-of-major-hardware-bugs

https://forums.opensuse.org/showthread.php/528926-security-announce-openSUSE-SU-2018-0026-1-important-Security-update-for-kernel-firmware?s=9b3628026a7a7d45c7c4e77b68a62da6&p=2850099#post2850099

 

Standard