MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading

Hyper-Threading, Intel's implementation of symmetric multithreading (SMT) can be exploited using the newly-disclosed MDS vulnerabilities, like Fallout and ZombieLoad.

Learn how to manage unsandboxed plugins on your Chromebook Tired of Chrome OS asking you if you want to allow an unsandboxed plugin to run? Jack Wallen shows you how to blacklist and whitelist URLs and Domains.

Google is releasing an update to Chrome OS 74 disabling Hyper-Threading, Intel's implementation of symmetric multithreading (SMT), following the public disclosure of the Microarchitectural Data Sampling (MDS) vulnerability class, including attacks such as Fallout and Zombieload.

MDS vulnerabilities can be leveraged by attackers to read potentially sensitive data, including "website contents as well as passwords, credit card numbers, or cookies," according to Chromium security documentation. "The vulnerabilities can also be exploited to read host memory from inside a virtual machine, or for an Android App to read privileged process memory (e.g. keymaster)."

Chrome OS 74 disables SMT by default, though additional mitigations are planned for Chrome OS 75. "The decision to disable or enable Hyper-Threading is a security versus performance tradeoff. With Hyper-Threading disabled, Intel CPUs may experience reduced performance, which varies depending on the workload. But, with Hyper-Threading enabled, users could execute code, such as by visiting a website or running an Android app, that exploits MDS to read sensitive memory contents," the documentation states.

SEE: Deploying containers: Six critical concepts (free PDF) (TechRepublic)

Though a minority of Chrome OS devices are powered by Arm processors, most Chromebooks are powered by Intel CPUs. Google identified 77 devices affected by the vulnerability, including Chromebooks manufactured by Acer, Dell, HP, Lenovo, Samsung, and Toshiba, as well as Google's own Pixelbook and Pixel Slate devices.

Users concerned about the loss of performance can disable the security measure by navigating to chrome://flags#scheduler-configuration and selecting the "performance" setting, which enables SMT. It can be enabled again by selecting the "conservative" setting. Enterprise deployment of Chrome OS devices can set this policy using the "SchedulerConfiguration" policy.

Of note, Apple has also introduced the ability to disable SMT on Mac OS, though it remains enabled by default, with the company noting that "Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks."

The use of SMT has long been a security quandary, with the 2018 vulnerabilities TLBleed and PortSmash relying on SMT to access protected data. Like MDS vulnerabilities, and all (except one) Meltdown vulnerability, these are exploitable on Intel CPUs, though have not been demonstrated on AMD systems. In 2017, it was discovered that SMT operation on Skylake and Kaby Lake processors was broken from the factory, though this was patched in microcode.

Anecdotally, a vulnerability discovered in 2005 foreshadowed modern problems with SMT, finding that it "allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses."

For more, check out Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown on TechRepublic.

Also see

chrome.jpg
Image: CNET