Information regarding Foreshadow, the Intel L1 Terminal Fault vulnerability

Intel recently shared information about a newly identified vulnerability in their processors. It concerns a speculative execution side-channel method that Intel calls L1 Terminal Fault or L1TF for short. The vulnerability was discovered by two independent groups of researchers who have titled it Foreshadow.

L1TF aka Foreshadow

The Foreshadow vulnerability (CVE-2018-3615) is an exploit on the speculative execution on Intel processors. It can allow attackers to access sensitive information stored in the Level 1 CPU cache and affects most Intel processors. While investigating the cause of the Foreshadow, Intel identified two related attacks (CVE-2018-3620 & CVE-2018-3646) now called Foreshadow Next Generation. At the moment, no known public exploits exist. However, the Foreshadow-NG could potentially be used to read information from the L1 in a public cloud. This may include data from the operating system, kernel, hypervisor or the neighbouring virtual machine. VMs sharing the same physical CPU core also share the L1 cache which leaves them vulnerable to the attack. Fortunately, there is no way to make targeted attacks against specific data or virtual machine as guest servers have no way to choose which physical CPU core they use. Due to the nature of the vulnerability, it has been categorised as high severity. Mitigation against the attack vectors will require upgrades to the system microcode. Intel has released some updates to address the issue but the earlier updates made for Meltdown and Spectre are not effective against the L1TF.

Mitigating the vulnerability

When the issue was first announced, we began immediately testing and validating the updates in preparations for deployment. As the Foreshadow-NG (CVE-2018-3646) is a risk especially to virtualized environments such as cloud service providers, we are auditing and updating all affected infrastructure. We expect to be able to perform the upgrades without any major disruptions to your cloud servers. Likewise to the Spectre and Meltdown vulnerabilities, users should also upgrade the operating systems on their cloud servers as the fixes become available from their vendors. We are upgrading our public templates to make sure all future deployments are secure. The updates to mitigate the vulnerability are expected to affect performance or resource utilisation in some specific workloads. As Intel is working with their industry partners to provide multiple solutions to address the problem, the final impact on performance is not yet clear. Regardless of the approach to fix the vulnerability, we are focused on minimising performance loss while thoroughly securing the systems. Should you have any further questions, please don’t hesitate to contact our support staff.

More information:

• https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/
• https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
• https://blog.ubuntu.com/2018/08/14/ubuntu-updates-for-l1-terminal-fault-vulnerabilities