Speculative Load Disordering / CVE-2021-33149

ID 730519
Updated 5/10/2022
Version Latest
Public

author-image

By

Disclosure date:
2022-05-10
Published date:
2022-05-10
Severity rating:
2.5 Low
Industry-wide severity ratings can be found in the National Vulnerability Database

Overview

Many processors may enforce constraints on the ordering of load and store operations. These constraints may sometimes be transiently violated when two or more logical processors perform concurrent accesses to shared memory. When a logical processor detects a memory ordering violation, it flushes the pipeline and restarts execution to yield a sequence of operations that satisfies the memory ordering constraints. For example, logical processor A may transiently load older data that had been overwritten concurrently by logical processor B before re-executing with the data just stored by logical processor B.

Researchers at VU Amsterdam and the Chinese Academy of Sciences have reported that there may be security implications in some theoretical scenarios where malicious actors could infer program data through a covert channel. This would only be relevant to software doing cross-logical processor communication that relies on the processor’s strong memory ordering.

An example of a potential disclosure gadget that could be used by malicious actors to reveal secret data could be a sequence of operations performed on a tagged union that is shared between two logical processors. The tag indicates whether the value in the union is a pointer or an integer. Suppose logical processor A loads the tag and then loads the value, while logical processor B concurrently stores a new tag and new value. A memory ordering violation could cause logical processor A to observe the fresh value, but a stale tag. If the fresh value is an integer but the stale tag identifies the value as a pointer, then dependent operations that execute transiently prior to the pipeline flush may use the integer as a pointer to access memory. This could permit a malicious actor to infer secret data through a covert channel. This theoretical scenario was reported to Intel, although Intel has not been provided and is not currently aware of any proposed practical attack.

Any potential gadget that might load stale data in this manner can be mitigated by inserting an LFENCE instruction after each load that might concurrently access shared memory with another logical processor that writes to the shared memory. Note that this example may also be affected by bounds check bypass (Spectre variant 1) unless the code specifically addresses that issue (for example, by having an LFENCE between the conditional branch for the tag check and the usage of the value as a pointer). 

Intel is assigning CVE-2021-33149 to allow developers to track any potential issues, with CVSS Score 2.5 Low (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). At the time of writing, Intel is not currently aware of any situations in which mitigations or other software changes would be necessary beyond those already present in software.