UPDATE
Three new speculative execution design flaws in Intel CPUs were disclosed today, this time impacting Intel’s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.
The three vulnerabilities would allow attacks on Intel Core and Xeon processors – similar to the Spectre and Meltdown flaws discovered earlier in January – and allow an attacker to steal sensitive information stored inside personal computers or third-party clouds.
Two groups of researchers discovered one of the flaws (CVE-2018-3615), which they dubbed Foreshadow, and in January reported it to Intel. Following their discovery, detailed in a report today, Intel found two closely related variants (CVE-2018-3620 and CVE-2018-3646). The vendor collectively refers to the three as L1 Terminal Fault (L1TF) flaws.
“L1TF is a speculative-execution side-channel cache-timing vulnerability,” Intel said in a release. “In this regard, it is similar to previously reported variants. There are three varieties of L1TF that have been identified. Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.”
Intel said it has not found any evidence that the flaws have been exploited in the wild.
These vulnerabilities derive from a process called speculative execution in processors. It’s is used in microprocessors so that memory can read before the addresses of all prior memory writes are known; an attacker with local user access can use a side-channel analysis to gain unauthorized disclosure of information. Other Spectre-class flaws have been discovered over the past half year since Spectre and the related Meltdown vulnerability were found, including side-channel variants 1, 2, 3, 3a, and 4.
The three flaws (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) are rated “high” in severity by Intel. Each attack can be exploited in a different environment to expose information residing in the L1 cache.
Flaw Details
The first vulnerability, CVE-2018-3615, a.k.a. Foreshadow, has a CVSS Base Score of 7.9 and attacks Intel SGX enclaves technology, Intel’s technology for application developers seeking to protect select code and data from disclosure; this gives bad actors the ability to extract any data protected via SGX secure memory.
“Systems with microprocessors utilizing speculative execution and Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local-user access via side-channel analysis,” Intel noted.
The second flaw, CVE-2018-3620, has a CVSS Base Score of 7.1 and can be exploited to attack the OS kernel and SMM mode (an operating mode of x86 central processor units) running on Intel processors. That means malicious applications may be able to infer the values of data in the operating system memory, or data from other applications; and malicious software running outside of SMM may be able to infer values of data in SMM memory.
The third flaw, CVE-2018-3646, has a CVSS Base Score of 7.1 and enables bad actors to attack virtual machines (VM), via virtualization software and Virtual Machine Monitors (VMMs) running on Intel processors. A malicious guest VM could infer the values of data in the VMM’s memory.
“Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis,” Intel said.
Similar to Spectre and Meltdown, these attacks require the attacker to have the ability to run malicious code on the targeted systems. Therefore, the flaws are not directly exploitable against servers which do not allow the execution of untrusted code.
In terms of the complexity of launching an attack, “this depends on the situation,” Yuval Yarom, one of the researchers who discovered Foreshadow, told Threatpost. “The attacks are quite sophisticated and require deep technical knowledge and some experience. However, once successfully launched, the results may be quite devastating.”
Foreshadow is Intel-exclusive because SGX is only supported in Intel processors, Yarom added. He said researchers have not tested Foreshadow-NG on AMD or ARM processors.
AMD for its part said its processors are not susceptible to these new speculative execution attack variants: “We are advising customers running AMD EPYC processors in their data centers, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms,” an AMD spokesperson told Threatpost.
Foreshadow was discovered by two teams: Researchers from imec-DistriNet and KU Leuven; and a group of researchers from Technion, University of Michigan, the University of Adelaide and CSIRO’s Data61.
Mitigations
Intel has released new microcode for many processors affected by L1TF. The microcode modifies some operations to implicitly remove data from the L1D during certain privilege transitions, the silicon giant said.
There’s a caveat however: While these microcode updates provide important mitigations during enclave entry and exit, updated microcode by itself is not sufficient to protect against L1TF, Intel noted. Deploying OS and VMM updates is also required for full mitigation.
“I will address the mitigation question right up front: Microcode updates (MCUs) we released earlier this year are an important component of the mitigation strategy for all three applications of L1TF,” said Leslie Culbertson, executive vice president and general manager of product assurance and security at Intel, in a post today. “When coupled with corresponding updates to operating system and hypervisor software released starting today by our industry partners and the open-source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.”
Microsoft and Oracle on Tuesday also released security advisories and updates for L1TF.
Going forward, L1TF will also be addressed by changes Intel is in the process of making at the hardware level, which will appear in future CPUs, Culbertson said: “As we announced in March, these changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.”
This post was updated on August 15 at 4 p.m. with a statement from AMD.