Responding to the recent ZombieLand 2 TSX Vulnerabilities

====================
[TL DR]
====================
These vulnerabilities can only be exploited by attackers who have already compromised a system. Practice standard security precautions and install updates from hardware vendors and for your software (links provided below) when they become available. Resolution for vendors that offer cloud computing will have a more involved decision making process to consider (see below).

Early last week, security researchers disclosed security researchers disclosed further vulnerabilities within Intel’s processors.

How severe are these vulnerabilities?
These vulnerabilities ca be classed as medium severity. An attacker must already have compromised your system in order to exploit these vulnerabilities. This most recent set of vulnerabilities collectively known as ZombieLoad 2 or Transactional Synchronization Extensions (TSX) Asynchronous Abort affect Intel processors produced in the last approx. 2.5 years (August 2017 onwards).

For full technical details of these vulnerabilities, please see this page from Intel and this page from the security researchers. In summary these vulnerabilities according to the researchers allow “a malicious program to exploit internal CPU buffers to get hold of secrets currently processed by other running programs” leading to “these secrets such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys” being used by other running programs.

Of particular note are the performance implications for protecting virtual machines. If your organisation is running potentially untrusted code within virtual machines, protecting that environment will incur a performance penalty. You may need to carry out a risk assessment to determine if enabling these performance reducing mitigations outweigh the risk of putting your virtual machines at risk. Nested virtual machines will be most affected by the performance penalty.

How can I protect my organisation and myself from these vulnerabilities?
These most recent vulnerabilities can be mitigated by updating the firmware (defined) of your system. This is sometimes referred to as the UEFI / BIOS (defined) of your system.

They will be made available separately by the manufacturer of your motherboard of your system for servers, desktops and laptops or the motherboard (defined) manufacturer for any custom-built systems you may have. You will have to determine from the updates those vendors issue if they are available for the products that you own.

In addition, operating system vendors and virtualisation software vendors have made patches available (links provided below).

Thank you.

====================

HP Enterprise:
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us

Fedora (referring to the Xen virtual machine (see also below):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

Red Hat:
https://access.redhat.com/articles/11258

https://access.redhat.com/errata/RHSA-2019:3838

https://access.redhat.com/errata/RHSA-2019:3839

https://access.redhat.com/errata/RHSA-2019:3840

https://access.redhat.com/errata/RHSA-2019:3841

https://access.redhat.com/errata/RHSA-2019:3842

https://access.redhat.com/errata/RHSA-2019:3843

https://access.redhat.com/errata/RHSA-2019:3844

SUSE:
https://www.suse.com/support/update/announcement/2019/suse-su-201914217-1/

https://www.suse.com/support/update/announcement/2019/suse-su-201914218-1/

Ubuntu:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915

Microsoft:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135

Xen:
https://xenbits.xen.org/xsa/advisory-305.html

Performance impact to Xen:
https://xenbits.xen.org/xsa/advisory-297.html

VMware:
Security advisory:
https://www.vmware.com/security/advisories/VMSA-2019-0020.html

Further information:
https://kb.vmware.com/s/article/59139

VMware Performance Impact Statement addressing mitigations for Machine Check Exception on Page Size Change (MCEPSC) CVE-2018-12207:
https://kb.vmware.com/s/article/76050

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.