Why should tech companies care about double fetch vulnerabilities?
Fintech companies are facing an increasing need to focus on cybersecurity. Whilst cyber-attacks are on the rise and necessitate the constant evolution of cyber-security solutions, very often the issues arise from known vulnerabilities within existing systems.
In this blog we’re exploring double fetch vulnerabilities.
The phrase 'double fetch bug' was first used by Fermin J. Serna in a post on the Microsoft Security and Defense Blog in October 2008, although the bug type had been known about for some time before this.
Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes.
As much of this information is spread across various sources, the whitepaper, draws the knowledge together into a single place, in order to better describe the different types of the vulnerability, how each type occurs, and the appropriate fixes.
There are two broad general types of double fetch vulnerability: those resulting from coding practices and those introduced by compiler optimization, referred to as a 'compiler introduced double fetch' below and in the whitepaper.
The two types of double fetch bug both have the same result, whereby an invariant exists involving two or more variables and one or more of these variables is modified without the invariant being enforced.
Since double fetch bugs can have varying causes, we must consider different solutions for the two different subtypes of double fetch.
- Double fetch bugs caused from accessing shared memory may be fixed by adding a check against the second fetch, eliminating the second fetch (where practical), or performing the check in a different manner.
- For compiler-introduced double fetches, the use of volatile variables is one possible solution to the double fetch problem.
In conclusion, double fetch bugs can result in privilege escalation vulnerabilities that can allow an attacker with a low privilege account to execute code with elevated privileges, although the exploitable vulnerabilities are a relatively small subset of these bugs.
To understand how to best protect yourself against these vulnerabilities, click here to access the full whitepaper from NCC.