siosios
01-11-2024, 07:43 AM
This is the release announcement for IPFire 2.27 - Core Update 178 which is a release that addresses the latest vulnerabilities in Intel and AMD processors called Downfall, Inception and Phantom as well as a bug in Hyper-V which caused IPFire to freeze at boot.
Before we start talking about the changes in detail, we would like to ask for your support. We put a lot of effort into building and testing this update and could not do any of this without you. Please, if you can, donate to the project (https://www.ipfire.org/donate) helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!
Intel
Downfall (https://downfall.page/media/downfall.pdf) attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40982), enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
AMD
Inception (https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf) (CVE-2023-20569 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-20569)) is a novel transient execution attack that leaks arbitrary data on all AMD Zen CPUs in the presence of all previously deployed software- and hardware mitigations. As in the movie of the same name, Inception plants an “idea” in the CPU while it is in a sense “dreaming”, to make it take wrong actions based on supposedly self conceived experiences. Using this approach, Inception hijacks the transient control-flow of return instructions on all AMD Zen CPUs.
Phantom (https://comsec.ethz.ch/wp-content/files/phantom_micro23.pdf) (CVE-2022-23825 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23825)) enables an attacker to create a transient window at arbitrary instructions. Suddenly, a seemingly harmless XOR instruction can behave like a call instruction, and allow the attacker to create a transient window.
Hyper-VDue to a bug in Hyper-V, the IPFire Kernel in Core Update 177 was unable to boot. This has been fixed in a workaround.
How is IPFire affected?IPFire is not directly affected by any of these attacks as the firewall never executes untrusted code. All programs on IPFire come from our package management system which signs all updates. However, it might be possible for an attacker to inject any code remotely by some undiscovered vulnerability and using these CPU vulnerabilities might allow the attacker to create more damage. Therefore, we recommend to install this update as soon as possible and to reboot your firewall.
We recommend to install this update as soon as possible and reboot your IPFire system.
More... (https://www.ipfire.org/blog/ipfire-2-27-core-update-178-released)
Before we start talking about the changes in detail, we would like to ask for your support. We put a lot of effort into building and testing this update and could not do any of this without you. Please, if you can, donate to the project (https://www.ipfire.org/donate) helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!
Intel
Downfall (https://downfall.page/media/downfall.pdf) attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40982), enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
AMD
Inception (https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf) (CVE-2023-20569 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-20569)) is a novel transient execution attack that leaks arbitrary data on all AMD Zen CPUs in the presence of all previously deployed software- and hardware mitigations. As in the movie of the same name, Inception plants an “idea” in the CPU while it is in a sense “dreaming”, to make it take wrong actions based on supposedly self conceived experiences. Using this approach, Inception hijacks the transient control-flow of return instructions on all AMD Zen CPUs.
Phantom (https://comsec.ethz.ch/wp-content/files/phantom_micro23.pdf) (CVE-2022-23825 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23825)) enables an attacker to create a transient window at arbitrary instructions. Suddenly, a seemingly harmless XOR instruction can behave like a call instruction, and allow the attacker to create a transient window.
Hyper-VDue to a bug in Hyper-V, the IPFire Kernel in Core Update 177 was unable to boot. This has been fixed in a workaround.
How is IPFire affected?IPFire is not directly affected by any of these attacks as the firewall never executes untrusted code. All programs on IPFire come from our package management system which signs all updates. However, it might be possible for an attacker to inject any code remotely by some undiscovered vulnerability and using these CPU vulnerabilities might allow the attacker to create more damage. Therefore, we recommend to install this update as soon as possible and to reboot your firewall.
We recommend to install this update as soon as possible and reboot your IPFire system.
More... (https://www.ipfire.org/blog/ipfire-2-27-core-update-178-released)