After the infamous Spectre and Meltdown flaws, once again, Intel CPUs were again threatened by two critical vulnerabilities that allowed hackers to steal data. Together, these vulnerabilities induce speculative execution attack – named Foreshadow – on Intel chips. After the discovery of the flaws, Intel has rolled out patches for them.
Foreshadow – Critical Security Vulnerabilities Threatening Intel CPUs
Intel has recently rolled out patches for a new Spectre style vulnerability triggering speculative execution side-channel attacks on Intel chips. Two different groups of researchers discovered the vulnerability, named ‘Foreshadow’ (CVE-2018-3615), in January who reported about it to Intel. Like Spectre and Meltdown, Foreshadow also targets the central processing units. But, it appears more significant owing to its robust action that attacks Intel’s Software Guard Extensions (SGX) – a component immune to Meltdown and Spectre.
Researchers have described the vulnerabilities in a separate paper. Intel describes the Foreshadow vulnerability as below.
“Systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.”
Regarding what is SGX, Intel explains,
“This Intel technology is for application developers who are seeking to protect select code and data from disclosure or modification. Intel® SGX makes such protections possible through the use of enclaves, which are protected areas of execution in memory.”
Intel Discovers Two Related Variants
After the researchers reported Foreshadow to Intel, Intel began investigations over the flaw and found two more related variants, CVE-2018-3620 and CVE-2018-3646. The researchers call these variants as Foreshadow-NG. Whereas, Intel collectively named all three vulnerabilities as L1 Terminal Fault (L1TF). Describing the impact of these two vulnerabilities, Intel states,
“Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software.”
The researchers explained further about Foreshadow-NG flaws that these flaws pose a risk to the cloud infrastructure as well since they can read the data stored on virtual machines on the third-party cloud. These virtual machines form an important component of popular cloud systems such as Microsoft Azure and Amazon’s AWS.
Moreover, these flaws can even bypass previous countermeasures to combat speculative execution attacks, including Spectre and Meltdown.
Intel confirms that Foreshadow affects all core processors that have SGX enabled (Skylake and Kaby Lake), and that Foreshadow specifically targets Intel processors only.
No Real-World Exploitations Yet
The good news about these two vulnerabilities is that Intel successfully patched L1TF before an attacker could exploit it. Intel confirms about it in its blog,
“We are not aware of reports that any of these methods have been used in real-world exploits.”
Besides, Intel is in the process of releasing patches for the vulnerabilities that should entirely mitigate these L1TF attacks.
Oddly, the number of Intel CPU vulnerabilities reported this year seems continuously increasing. Besides Spectre and Meltdown, TLBleed and Lazy FP State Restore have also posed threat to Intel CPUs. Now, the L1TF flaws simply add more to the count.
Let us know your thoughts in the comments section.