Security Alert
Jonathan Crowe
Aug 2018

A Clear Guide to L1TF and Foreshadow, the Latest Intel CPU Flaws

what-is-foreshadow

This week, Intel disclosed more CPU vulnerabilities that can be exploited to steal sensitive information from workstations and virtual machines. Here's everything you need to know.

Key Details

  • What's happening?

    On August 14, Intel disclosed information on three variants of a new vulnerability referred to as L1 Terminal Fault (L1TF). The first variant (CVE-2018-3615) was discovered by researchers who have dubbed it "Foreshadow"

  • What is L1TF/Foreshadow?

    L1TF is another method of exploiting modern CPUs' use of speculative execution, similar to Meltdown and Spectre.  Specifically, it refers to the ability of attackers to read memory held inside the L1 cache, which can include:

    • Data placed in secure enclaves by Intel's Software Guard Extensions (SGX) feature (CVE-2018-3615 aka Foreshadow)
    • The operating system's kernel or System Management Mode (SMM) memory (CVE-2018-3620)
    • Data from hypervisors/Virtual Machine Monitors (VMMs) or other virtual machines running on the same hardware (CVE-2018-3646)
  • What processors are vulnerable?

    SGX-enabled Intel Core and Xeon processors (Skylake and Kaby Lake). Intel Atom family processors with SGX support do not appear to be affected. AMD and ARM chips don't appear to be affected, either.

  • What are the dangers associated with this vulnerability?

    Successfully exploiting these vulnerabilities can help attackers bypass protective barriers and read privileged memory they otherwise wouldn't have access to, including data stored on a physical machine or data stored on virtual machines in a multi-tenant cloud environment. 

  • How bad is this, really?

    As has been the case with the other speculative-execution-related  flaws documented this year, there are practical limitations and complexities that make successfully pulling off an attack like this in the real world difficult (one important pre-requisite is gaining code execution on target machines). No PoC has been shared publicly and currently there's no evidence of Foreshadow or the other L1TF variants being used by attackers in the wild. The patches and mitigations provided by Intel, operating systems, hypervisor vendors, and cloud hosting platforms are helping to drastically reduce the potential attack surface.

  • What are mitigations?

    Fixes include a mix of OS patches and microcode updates. Microsoft included mitigations in its August 2018 patches, Linux kernel patches are on the way, and Intel says L1TF is partially addressed by microcode updates released earlier this year. Each of the big three cloud providers (AWS, Microsoft Azure, and Google Cloud) have also deployed mitigations and so has VMwareXen, and Hyper-V. There are a few scenarios that may require additional action, including when organizations are using Windows Server systems, virtualization technology, or features that rely on Virtualization Based Security (VBS). More info on those scenarios below.  

  • Is there performance impact? According to Intel, there is "no meaningful performance impact" for the majority of PC clients, non-virtualized environments, or virtualized environments where it can be confirmed that all VMs have been updated. For a subset of environments where it can't be confirmed that all VMs have been updated, there is some performance impact should customers decide to follow the recommendation to turn off Hyper-threading (HT). More details from Intel here.
  • What's the bottom line? As was the case with Meltdown and Specter, these flaws have potentially wide-ranging and long-lasting consequences, but for the majority of organizations it's unlikely they pose an imminent threat. For most IT pros, this ultimately shouldn't mean much for your day-to-day (especially if you operate in a non-virtualized environment). The immediate takeaway is don't panic, just read the vendor advisories and patch.

Find out how Barkly can provide you with additional peace of mind during the patching process.
Learn how

Security websites and news feeds are being overrun with headlines like "Son of Spectre" and "Move Over Meltdown," announcing the disclosure of L1 Terminal Fault (L1TF) — another serious flaw affecting Intel chips. One particular variant of the flaw, "Foreshadow," even has its own website and logo.  

As was the case with Meltdown and Spectre earlier this year, there's a lot of information to digest and a lot of different vendors issuing patches and fixes. To help you sort through it all, here's a guide that answers the most immediate questions. 

L1TF / Foreshadow FAQ


What is L1 Terminal Fault (L1TF)?

Short answer: Another hardware vulnerability related to modern CPUs' use of speculative execution, the same feature designed to boost processor performance that Meltdown and Spectre were shown to be capable of abusing. With L1TF, researchers have demonstrated they can exploit speculative execution to read sensitive data previously thought to be protected and off-limits to these types of attacks.  

Longer answer: Specifically, L1TF refers to the ability of attackers to read memory held inside the L1 cache, a form of memory storage similar to RAM but built into the actual Intel CPU, itself. It's designed to temporarily hold information that the processor will most likely call on next. Unfortunately, that information can include data from a variety of privileged sources that are supposed to remain cordoned off from unauthorized access, so what attackers can essentially do is use L1TF to open some extremely private and well-guarded doors that would otherwise stay closed. 

There are actually three distinct L1TF vulnerabilities that have been issued their own CVEs. Each covers a different attack scenario targeting data from different sources:

  • L1 Terminal Fault - SGX (aka Foreshadow) - CVE-2018-3615
    Targets privileged data cordoned off by Intel's Software Guard Extensions (SGX) feature. This was the initial vulnerability that researchers brought to Intel's attention and that prompted Intel's discovery of the two additional vulnerabilities described below. Providing attackers the ability to read SGX-protected data is a big deal because the job of the feature is to provide so-called secure enclaves that protect data even if the rest of a system is compromised. Up to this point, it had been considered one of the few remaining barriers left standing following the disclosure of Meltdown and Spectre.

    Mitigation: Intel microcode (previously released) and operating system updates.

  • L1 Terminal Fault - OS/SMM - CVE-2018-3620
    Targets privileged operating system data including kernel or System Management Mode (SMM) memory. Because the kernel has access to data stored by other running processes, that data is at risk, too.

    Mitigation: Operating system updates. 

  • L1 Terminal Fault - VMM - CVE-2018-3646
    Allows an attacker with code execution on one virtual machine to read data from another virtual machine utilizing the same CPU or from the hypervisor/Virtual Machine Monitor (VMM). This vulnerability poses the biggest risk to cloud hosting providers and organizations that use virtualization software. 

    Mitigation: Intel microcode (previously released), operating system, cloud hosting provider, and hypervisor vendor updates. In some scenarios, mitigation may also include disabling Hyper-threading (HT), which may impact performance. 


Three-minute video answer:
For an even better explanation of L1TF, watch this video from Red Hat.

For a more technical deep dive, see these write-ups:

Is Foreshadow the same as L1TF?

Short answer: Not exactly. Foreshadow is a specific variant of L1TF vulnerability that enables attackers to read data protected by Intel's SGX feature, specifically. It's been assigned CVE-2018-3615. 

Because you asked: Foreshadow is the name given to CVE-2018-3615 by the researchers who discovered it (they even made a Foreshadow website and logo). After they brought the issue to Intel, the company identified the other two variants, which were assigned CVE-2018-3620 and CVE-2018-3646. Intel refers to the three vulnerabilities collectively as L1TF, and other vendors appear to be taking the company's lead. Despite the website and logo, few vendors are referring to CVE-2018-3615 as Foreshadow. The researchers responsible for the name aren't ready to give up the ghost yet, though — they're continuing to push "Foreshadow" and are referring to the two additional variants as "Foreshadow-NG." 

 

How is L1TF different from Meltdown and Spectre?

Short answer: Like Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753), it also relies on abusing speculative execution, but the main difference is it does that to read data held inside the L1 cache.

Longer answer: For a detailed explanation of how L1TF works and its similarities and differences from Meltdown in particular, see this video featuring Red Hat's Jon Masters

Side note: As it turns out, the mitigations Microsoft released for Meltdown also play an important role in protecting Microsoft customers from L1TF-OS/SMM (CVE-2018-3620). Protection for Meltdown is disabled by default on Windows Server, however, so to obtain protection for CVE-2018-3620 customers need to make sure the following modifications have been made to the registry:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f


What does L1TF affect?

  • L1 Terminal Fault - OS/SMM - CVE-2018-3620
    Affects operating systems running on the following Intel Core and Xeon processors:
    • Intel Core™ i3/i5/i7/M processor (45nm and 32nm)
    • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
    • Intel Core X-series Processor Family for Intel X99 and X299 platforms
    • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
    • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
    • Intel® Xeon® Processor E5 v1/v2/v3/v4 Family
    • Intel® Xeon® Processor E7 v1/v2/v3/v4 Family
    • Intel® Xeon® Processor Scalable Family
    • Intel® Xeon® Processor D (1500, 2100)

  • L1 Terminal Fault - VMM - CVE-2018-3646
    Affects VMs and hypervisors/VMMs running on the Intel Core and Xeon processors listed above.

Note: AMD and ARM chips do not appear to be affected.

How can L1TF be leveraged in an attack?

There are three primary attack scenarios involving L1TF:

  1. An attacker with local access can attempt to leverage L1TF to read data on the physical system. Example: An attacker on a local system can attempt to extract credentials from a running process they would normally not have access to or control. 

  2. An attacker with access to a virtual machine can leverage the position of that VM to read data from neighboring VMs utilizing the same shared CPU. Example: An attacker could log into a cloud-hosted VM (think AWS, Azure, Google Cloud, etc.) and attempt to extract sensitive information (API keys, HTTPS keys, passwords, etc.) from running applications on neighboring VMs that are hosted on the same server.

  3. A scenario combining both of the scenarios above.


What mitigations and patches are available?

Mitigations for protecting SGX enclaves (CVE-2018-3615) and operating systems / SMMs (CVE-2018-3620) are relatively straightforward. In most cases they don't require any additional action (we'll explain the exceptions below). Protecting VMs and VMMs (CVE-2018-3646) is where things get a little tricky...

Mitigations for L1 Terminal Fault - SGX (aka Foreshadow) - CVE-2018-3615 

  • Intel released microcode that "modifies some operations to implicitly remove data from the L1D during certain privilege transitions. It also provides a method by which software can explicitly flush the L1D." These microcode changes are available via BIOS updates provided by system manufacturers and software vendors. See Intel's guidance advisory here.

Mitigations for L1 Terminal Fault - OS/SMM - CVE-2018-3620

Mitigations for L1 Terminal Fault - VMM - CVE-2018-3646

1) On the Start menu, type MSINFO32 (note: the System Information window opens).
2) In the Find what box, type security.
3) In the right pane, locate the two rows that are selected in the screen shot, and check the Value column to see whether Virtualization-based Security is enabled and which virtualized-based security services are running.

vbs-features

Source: Microsoft

In an attempt to walk customers through the complexities that Hyper-V and VBS features can introduce, Microsoft has provided the following flow chart:

l1tf-microsoft-server-flow-chart

Source: Microsoft

How worried should we be about L1TF?

Short answer: Should these flaws be taken seriously? Yes. Should you be concerned about an imminent attack? No. 

Longer answer: As with Meltdown and Spectre, L1TF is a flaw with wide-ranging and long-lasting implications. The fact it can be used to circumvent trust boundaries and give attackers access to the most privileged data on a system makes it a serious threat. That it can also be used to break the isolation between virtual machines makes it an even bigger concern for cloud hosting providers (who have already deployed mitigations) and organizations that rely on virtualization environments. 

That said, there are non-trivial limitations and challenges involved with successfully utilizing L1TF in the real world that make widespread use of it unlikely. There are reasons why, eight months after disclosure, we've yet to see Meltdown or Spectre attacks in the wild. These types of attacks are difficult to pull off, and, for attackers, there's no lack of easier, more practical options. If they can execute code (a requirement for launching L1TF attacks), they can already access RAM directly.

In addition, coordinated disclosure between researchers and affected parties (Intel, operating systems, hypervisor vendors, cloud hosting platforms) resulted in the creation of patches and mitigations that, in most cases, have already been rolled out. Because it's a hardware vulnerability, ultimately the only true fix is is new CPUs, but in the meantime these efforts are helping to drastically reduce the potential attack surface.

Finally, to confirm — no proof of concept (PoC) for exploiting L1TF has been shared publicly, and currently there's no evidence of Foreshadow or the other L1TF variants being used by attackers in the wild.

What's the big, immediate takeaway?

This isn't anything to panic about. For the majority of organizations this shouldn't be a huge, urgent issue or a disruptive event. The best course of action is to read the advisories from your vendors and take your time testing and rolling out patches.  

How Barkly can help you stay protected while you patch

While mitigating L1TF ultimately comes down to patching, Barkly can provide some additional peace of mind during that process.

That's because in order for attackers to take advantage of vulnerabilities like L1TF they generally have to rely on any number of common exploit techniques that Barkly can block. After all, knowing L1TF can theoretically give you access to privileged memory is one thing, actually applying that capability and getting practical use out of it in a real-world attack scenario is another. 

Barkly's Endpoint Protection Platform is uniquely designed can help you reduce your organization's risk by preventing attackers from gaining initial access and code execution on your systems in the first place, and by blocking a wide variety of illegitimate attempts to elevate privileges and bypass the barriers between kernel and user space, as well. 

A good case in point is the "Total Meltdown" bug disclosed by Microsoft in April. While Barkly didn't mitigate the vulnerability directly, once a PoC was published we were able to confirm Barkly blocked it by preventing the attack from utilizing token stealing, a popular technique attackers rely on to gain privilege escalation. As a result, Barkly customers were able to take their time and deploy patches more thoughtfully knowing they were protected from immediate attacks attempting to use the PoC. 

See what other threats Barkly can protect you from and find out how it can make managing endpoint security a whole lot easier. Learn more.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical point of view.

lock-white.png

Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.