Security experts from Eclypsium have devised a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode (SMM) (aka called ring -2).
The SMM is an operating mode of x86 CPUs in which all normal execution, including the operating system, is suspended.
When a code is sent to the SMM, the operating system is suspended and a portion of the UEFI/BIOS firmware executes various commands with elevated privileges and with access to all the data and hardware.
“The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.” reads Wikipedia.
The SMM mode was first released with the Intel 386SL in the early 90s, Intel CPUs implements a memory protection mechanism known as a range register to protect sensitive contents of memory regions such as SMM memory.
SMM memory on Intel CPUs is protected by a special type of range registers known as System Management Range Register (SMRR).
Eclypsium experts based their study on a public proof-of-concept code for the Spectre variant 1 (CVE-2017-5753) vulnerability to bypass the SMRR mechanism and access to the content of the System Management RAM (SMRAM) that contains the SMM and where the SMM working data is executed.
“Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg. hypervisor, operating system, or application).” states the report published by Eclypsium.
“These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory. This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM,”
The experts ported the PoC code to a kernel driver and demonstrated it works from the kernel privilege level. Then they run they exploit code from the kernel privilege level against protected memory.
“The kernel-level PoC exploit provides access to different hardware interfaces, which gives attackers better control over the system hardware and access to different hardware interfaces such as physical memory, IO, PCI, and MMIO interfaces. It also provides access to interfaces at a higher privilege level, such as software SMI.” explained the researchers.
“Next, we integrated the PoC exploit into CHIPSEC in order to quickly expand our tests. In our first experiment, we tried to read protected SMRAM memory. We mapped the physical addresses of SMRAM into the virtual address space and then used the SMRAM addresses as the target of our exploit.”
The experts believe that it is possible to obtain the same result by using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.
Eclypsium reported the new attack technique to Intel in March. Intel replied that the security updates released for the Spectre variant 1 and variant 2 should be enough to mitigate this new attack.
(Security Affairs – Spectre, hacking)