Protecting Against SWAPGS Attack with Bitdefender Hypervisor Introspection

• Speculative execution-based attacks exploit CPU architecture flaws to allow attackers to leak sensitive information from privileged operating system kernel memory
• The SWAPGS Attack leverages a new speculative execution vulnerability discovered by Bitdefender security researchers
• The SWAGS Attack circumvents all existing side-channel attack mitigations and allows attackers to gain unprivileged access to kernel sensitive data
• Bitdefender Hypervisor Introspection technology mitigates the SWAPGS Attack on unpatched Windows systems running on Citrix Hypervisor or KVM hypervisor

Today, multiple industry software and hardware vendors have published security advisories for CVE-2019-1125 related to a newly discovered side-channel attack, dubbed SWAPGS Attack. The SWAPGS Attack was identified and reported by Bitdefender security researchers working on hypervisor introspection and anti-exploit technologies. This led to a coordinated disclosure process that has included several strategic industry partners.

How SWAPGS Attack Bypasses All Known Mitigations

The SWAPGS Attack is a novel side-channel attack that is abusing a poorly documented behavior of a system instruction named SWAPGS to leak sensitive kernel information whilst bypassing all known side-channel attack mitigations. Successful exploitation allows an unprivileged attacker to leak portions of the kernel memory space which are privileged, and thereby thought to be protected by Kernel Page-Table Isolation (KPTI).

This attack exposes sensitive information from the OS kernel by abusing speculative execution of SWAPGS instruction. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address. Consequently, attackers can exploit this vulnerability to search values in kernel memory (check if a given value is located at a given kernel address) or leak values from arbitrary kernel addresses.

The primary advantage of this newly described technique is that it bypasses every known mitigation implemented so far.

An in-depth analysis is publicly available in a technical whitepaper published by Bitdefender Labs. The paper fully documents the vulnerability, exploit, attack consequences, and available mitigations.

Background Information on Speculative Execution and Side Channel Attacks

In 2018, the security research community first reported a new class of cybersecurity vulnerabilities in modern CPUs. At the root, this class of vulnerabilities relies on a common feature of modern CPUs called ‘speculative execution’. Speculative execution allows the CPU to execute instructions before knowing whether the results of execution are required or not. This class of vulnerabilities can be exploited via side-channel attacks. Successful exploitation allows an unprivileged attacker to break the basic memory isolation provided by hardware to gain access to privileged data which would normally not be accessible.

The first vulnerabilities, dubbed Meltdown and Spectre, were reported by Google Project Zero security researchers as well as Graz University of Technology and other industry researchers. Since the first reports came out, research efforts focused on speculative-execution attacks have yielded a number of reported vulnerabilities: Foreshadow (reported by Intel as L1TF), ZombieLoad, and the Microarchitectural Data Sampling (MDS) attacks.

Attack mitigations for this class of vulnerabilities fall into three broad categories:

• Hardware. These are fixes included directly within hardware and apply to only generations of CPUs which were built after the architectural flaws were identified.
• Software. These are patch implementations which function entirely within software. Kernel Page Table Isolation (KPTI) is an example of a fix that protects the kernel memory in an isolated virtual address space, thus rendering several speculative side-channel attacks, such as Meltdown, ineffective;
• Microcode. These mitigations require cooperation between hardware and software. The hardware vendor supplies a microcode patch to expose new functionality (for example, the Spectre, L1TF or MDS mitigations) which are then used by the hypervisor or the operating system vendor(s) to mitigate the vulnerabilities.

Currently, all the indicated side-channels are mitigated by at least one of these three broad categories. However, the SWAPGS Attack is capable of bypassing all known side-channel attack mitigations.

SWAPGS Attack Prevention with Hypervisor Introspection

Bitdefender Hypervisor Introspection (HVI) leverages CPU virtualization features (Intel VT-x, for example) to provide new levels of protection. HVI first analyses the memory of the guest Virtual Machine (VM) to identify objects of interest. By leveraging technologies such as the Extended Page Table (EPT), HVI protects objects of interest from unauthorized access. For example, code sections may be protected against writes, while data sections may be protected against instruction execution.

Bitdefender HVI mitigates SWAPGS Attack, providing organizations with a compensating control until patches from impacted vendors are applied. Bitdefender achieves this by instrumenting each vulnerable SWAPGS instruction to insure it will not execute speculatively. This denies attackers the opportunities to leak kernel memory on vulnerable, non-patched Windows kernels. At runtime, HVI analyzes the kernel memory space of protected VMs and identifies vulnerable gadgets. The vulnerable gadgets are then serialized and become non-exploitable. The performance impact of this mitigation is negligible.

Bitdefender HVI is currently available for Citrix Hypervisor and KVM hypervisor. The following video demonstrates the SWAPGS Attack prevention at work: