Intel has revealed details of a new set of Spectre-like vulnerabilities in its Core and Xeon processors which could allow malicious attackers to steal highly sensitive information from memory on PCs or in clouds.
The flaws were found in the chip giant’s Software Guard Extensions (SGX) technology, System Management Mode (SMM) and x86 virtual machines.
Together these speculative execution side-channel flaws have been labelled L1 Terminal Fault (L1TF) bugs because they target access to a chip’s L1 data cache.
The first, CVE-2018-3615, has been dubbed “Foreshadow” by the researchers that discovered it. It affects the supposedly secure enclave of SGX, to allow “unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local-user access via side-channel analysis.” It can apparently be fixed by applying Intel’s Q2 microcode update.
The second flaw, which Intel discovered, (CVE-2018-3620) affects SMM and OS kernels and allows “unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.” Applying the aforementioned microcode and OS kernel patches is required.
Finally, CVE-2018-3646, also found by Intel, affects hypervisors and VMs. Chips that use speculative execution and address translations “may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis." It would therefore make it feasible for guest VMs on a cloud platform to steal info from other VMs.
Admins will need to apply the microcode, as well as OS and hypervisor updates.
The good news is that there are no reports of the flaws being used in real world exploits, new Cascade Lake chips are being produced to mitigate the vulnerabilities and patches are being released by Intel and industry partners.
“As long as users install the update, they’ll be fine. And in fact, the vast majority of PC owners don’t use SGX, so it’s not likely to become a major problem right now,” said Foreshadow report author Thomas Wenisch, of the SGX flaw. “The real danger lies in the future, if SGX becomes more popular and there are still large numbers of machines that haven’t been updated. That’s why this update is so important.”
An Intel spokesperson thanked the researchers for their efforts.
“L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today,” they said in a statement sent to Infosecurity. “We’ve provided more information on our web site and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected.”