This week, Intel disclosed more CPU vulnerabilities that can be exploited to steal sensitive information from workstations and virtual machines. Here's everything you need to know.
On August 14, Intel disclosed information on three variants of a new vulnerability referred to as L1 Terminal Fault (L1TF). The first variant (CVE-2018-3615) was discovered by researchers who have dubbed it "Foreshadow".
L1TF is another method of exploiting modern CPUs' use of speculative execution, similar to Meltdown and Spectre. Specifically, it refers to the ability of attackers to read memory held inside the L1 cache, which can include:
SGX-enabled Intel Core and Xeon processors (Skylake and Kaby Lake). Intel Atom family processors with SGX support do not appear to be affected. AMD and ARM chips don't appear to be affected, either.
Successfully exploiting these vulnerabilities can help attackers bypass protective barriers and read privileged memory they otherwise wouldn't have access to, including data stored on a physical machine or data stored on virtual machines in a multi-tenant cloud environment.
As has been the case with the other speculative-execution-related flaws documented this year, there are practical limitations and complexities that make successfully pulling off an attack like this in the real world difficult (one important pre-requisite is gaining code execution on target machines). No PoC has been shared publicly and currently there's no evidence of Foreshadow or the other L1TF variants being used by attackers in the wild. The patches and mitigations provided by Intel, operating systems, hypervisor vendors, and cloud hosting platforms are helping to drastically reduce the potential attack surface.
Fixes include a mix of OS patches and microcode updates. Microsoft included mitigations in its August 2018 patches, Linux kernel patches are on the way, and Intel says L1TF is partially addressed by microcode updates released earlier this year. Each of the big three cloud providers (AWS, Microsoft Azure, and Google Cloud) have also deployed mitigations and so has VMware, Xen, and Hyper-V. There are a few scenarios that may require additional action, including when organizations are using Windows Server systems, virtualization technology, or features that rely on Virtualization Based Security (VBS). More info on those scenarios below.
Get the latest security news, tips, and trends straight to your inbox.