Multiple new speculative execution side channel issues were recently disclosed by both Intel and AMD. These issues were described in security bulletins available here:
- AMD CPU Branch Type Confusion | AMD
- Return Stack Buffer Underflow / CVE-2022-29901, CVE-2022-28693 /… (intel.com)
These hardware vulnerabilities are officially referred to as CVE-2022-23825 (Branch Type Confusion), CVE-2022-29900 (RETbleed), CVE-2022-29901 (Return Stack Buffer Underflow (RSBA)) and CVE-2022-28693 (Return Stack Buffer Underflow (RRSBA)).
In many ways, these issues are very similar to the Spectre (variant 2) side channel attack which was disclosed in early 2018. Since that time, Microsoft’s core virtualization engineering team has been working hard at developing and optimizing our hypervisor’s comprehensive and highly efficient side channel mitigation, HyperClear.
When I last provided an update in 2019, I indicated that only minor changes were required to protect our customers from a large set of hardware vulnerabilities that could lead to disclosure of private data from microarchitectural buffers within an Intel CPU. I’m happy to share that once again, no significant HyperClear updates were needed to mitigate these new vulnerabilities and help protect our customers.
As described in the first two HyperClear blog posts, our side channel mitigation technique relies on 3 main components to ensure strong inter-VM isolation:
- Core Scheduler: to avoid sharing of a CPU core’s private buffers and other resources
- Virtual-Processor Address Space Isolation: to avoid speculative access to another virtual machine’s memory or another virtual CPU core’s private state
- Sensitive Data Scrubbing: to avoid leaving private data anywhere in hypervisor memory other than within a virtual processor’s private address space so that this data cannot be speculatively accessed in the future
Once again, the Hyper-V HyperClear architecture has proven to be a readily extensible design that helps provide strong isolation boundaries against a variety of speculative execution side channel attacks with negligible impact on performance.