Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Foreshadow: New Speculative Execution Flaws Found in Intel CPUs

Researchers and several major tech companies on Tuesday disclosed the details of three new speculative execution side-channel vulnerabilities affecting Intel processors.

Researchers and several major tech companies on Tuesday disclosed the details of three new speculative execution side-channel vulnerabilities affecting Intel processors.

The flaws, tracked as Foreshadow and L1 Terminal Fault (L1TF), were discovered independently by two research teams, who reported their findings to Intel in January, shortly after the existence of the notorious Spectre and Meltdown vulnerabilities was made public.

There are three Foreshadow vulnerabilities: CVE-2018-3615, which impacts Intel’s Software Guard Extensions (SGX); CVE-2018-3620, which impacts operating systems and System Management Mode (SMM); and CVE-2018-3646, which affects virtualization software and Virtual Machine Monitors (VMM).Foreshadow: New speculative execution vulnerability in Intel processors

“Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next,” Intel said.

Researchers initially discovered the SGX vulnerability and Intel identified the two other issues while analyzing the cause of Foreshadow.

“While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key. Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem,” researchers said.

“[Foreshadow-NG] attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System’s Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre,” they explained.

The security holes impact Intel’s Core and Xeon processors. According to the company, the patches released for these vulnerabilities don’t have a significant impact on performance, either on PC clients or data center workloads.

There is no indication that these vulnerabilities have been exploited for malicious purposes. Impacted tech companies have released patches and mitigations, which should prevent attacks when combined with the software and microcode updates released in response to Meltdown and Spectre.

Advertisement. Scroll to continue reading.

AMD says its products are not impacted by Foreshadow or Foreshadow-NG due to the company’s “hardware paging architecture protections.”

“We are advising customers running AMD EPYC™ processors in their data centers, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms,” AMD told SecurityWeek in an emailed statement.

Advisories and blog posts containing technical details on Foreshadow have been published by Microsoft, Cisco, Oracle, VMware, Linux kernel developers, the Xen Project, Red Hat, SUSE and others. The researchers who discovered Foreshadow have also set up a dedicated website where users can get more information.

Videos describing the vulnerabilities are available from the researchers who found Foreshadow and Red Hat:

Related: Tech Firms Coordinate Disclosure of New Meltdown, Spectre Flaws

Related: Oracle Patches New Spectre, Meltdown Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.