New Spectre Attack Recovers Data From a CPU’s Protected SMM Mode


Security researchers from Eclypsium have detailed yesterday a new variation of the Spectre attack that can recover data stored inside a secure CPU area named the System Management Mode (SMM).

For those unfamiliar with CPU design, the SMM is a special x86 processor mode that not even highly-privileged software such as kernels or hypervisors cannot access or interrupt.
What is the SMM and what’s it good for

Every time code is sent to the SMM, the operating system is suspended and the CPU uses parts of the UEFI/BIOS firmware to execute various commands with elevated privileges and with access to all the data and hardware.

During these “interrupts,” as they are known, the SMM suspends the operating system and runs firmware-specific code that handles power management, system hardware control, or proprietary OEM code —in other words keeping the hardware running smoothly while the software runs on top.

Because of its critical role in keeping the hardware alive and its deep connections to all areas of the computer, software applications of any kind are not allowed to interact with the SMM, for both maintenance and security reasons.

But the SMM mode was designed and released into production in the early 90s, and not that many protections were included from the get-go.

On Intel CPUs, access to the SMM is protected by a special type of range registers known as System Management Range Register (SMRR).
Researchers alter Spectre attack to access SMM memory

In research published on Thursday, the Eclypsium team has modified one of the public proof-of-concept codes released for the Spectre variant 1 (CVE-2017-5753) vulnerability to bypass the SMRR protection mechanism and access data stored inside the System Management RAM (SMRAM) —the area of the physical memory where SMM stores and runs its working data.

“These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory,” the Eclypsium team says.

“This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM,” researchers said.

Furthermore, since the attack was successful at revealing SMRAM and SMM data, the Eclypsium team also believes it could be used to reveal other type of info stored inside the physical memory, not just the one related to SMM.
Original Spectre patches will protect users

While their experimental attack was crafted to work around the Spectre variant 1 vulnerability, researchers said that using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.

Researchers said they’ve notified Intel of their new Spectre attack variation in March. Intel says that the original patches for the Spectre variant 1 and variant 2 should be enough to block the attack chain discovered by the Eclypsium team.

The Eclypsium report provides a deeper technical dive into the research team’s attack. Eclypsium is headed by Yuriy Bulygin, the former head of Intel’s Advanced Threat Research team at Intel Security and microprocessor security analysis team at Intel Corporation. He is also the creator of the CHIPSEC open-source security framework.

This is also not the first variation of the original Spectre vulnerability. Other Spectre-related attacks include SgxSpectre, BranchScope, and SpectrePrime.

May 18, 2018