[German]Since a few hours details about the next vulnerabilities in Intel CPUs from the Next Generation Spectre series are public. Details on the Foreshadow (aka L1 Terminal Fault) vulnerability and the other L1 Terminal Fault variants were published on Usenix Security ’18, as well as in announcements from Intel and Google.
Intel released a statement about L1 Terminal Fault
Intel released some hours ago some information with industry partners about the recently identified speculative side channel method (vulnerability) called L1 Terminal Fault (L1TF). This vulnerability affects selected microprocessor products that support Intel® Software Guard Extensions (Intel® SGX).
(Source: Pexels Fancycrave CC0 License)
The vulnerability was first reported to Intel by researchers at KU Leuven University*, Technion – Israel Institute of Technology*, University of Michigan*, University of Adelaide* and Data61*1. Further research by the Intel security team identified two related applications of L1TF with the potential to affect other microprocessors, operating systems and virtualization software.
All three variants of L1TF are speculative execution side-channel cache timing vulnerabilities. They are similar to the previously reported Spectre variants. These require special attack methods that target access to the L1 data cache. This is a small memory pool within each processor core that stores information about what the processor core will do next.
The microcode updates released by Intel in early 2018 offer system software a way to clear this shared cache. Intel created the video above, which L1TF is supposed to explain.
Intel sees low risks with patched bare-metal systems
The processor manufacturer writes: “Once the systems are updated, we expect the risk to be low for consumers and businesses using non-virtualized operating systems. These include most installed data centers and the vast majority of PC clients. In these cases, we did not see any significant impact on performance due to the benchmarks we performed on our test systems.”
Virtualization environments are more critical
However, there are scenarios where traditional virtualization technology is used, especially in the data center. According to Intel, it may be advisable for customers or partners to take additional measures to protect their systems. This is primarily for protection against situations where the IT administrator or cloud provider cannot guarantee that all virtualized operating systems have been updated.
These actions can include enabling certain hypervisor kernel planning functions or not using hyper-threading in certain scenarios. In these special cases, performance or resource utilization can be affected for certain workloads and may vary accordingly.
Intel has developed a method with industry partners to detect L1TF-based exploits during system operation. Intel has provided some of its partners with this evaluation opportunity and hopes to expand this offering over time. For more information on L1TF, including detailed instructions for IT professionals, please refer to the Security Center Notes. Intel has also produced a vulnerability whitepaper and offers FAQs on this security page.
Google’s vulnerability information
The Google Project Zero was also involved in the investigation of the Next Generation Spectre vulnerabilities. This document tells you that the vulnerabilities have been assigned the following:
- CVE-2018-3615 (for SGX, Software Guard Extension)
- CVE-2018-3620 (for Betriebssysteme and SMM, Hyperthreading)
- CVE-2018-3646 (for Virtualisierung)
The direct exploitation of these vulnerabilities requires control of hardware resources, which can only be accessed by controlling the underlying physical or virtual processors at the operating system level. Unpatched operating systems can also allow indirect exploitation, depending on their handling of operations that manipulate memory allocations.
In the document, Google explains the L1TF vulnerability and outlines what Google has done in its cloud solutions to mitigate this vulnerability..
Windows- and Linux patches
Microsoft released on August 14, 2018 updates for Windows to close these vulnerabilities (see my blog posts Patchday: Updates for Windows 7/8.1/Server (August 14, 2018) and Patchday Windows 10-Updates (August 14, 2018)). Linux kernel and Linux distributions also offer protection against Foreshadow/L1TF vulnerabilities. A list of affected Intel products may be obtained from the links of the tweet below.
— Catalin Cimpanu (@campuscodi) 14. August 2018
Wired has also published an article with an overview about that vulnerabilities.