Foreshadow logo

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.

All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

These flaws target data processed during speculative execution that is stored inside a processor's L1 cache —the fastest memory in a computer and closest to the processor, also shared by CPU cores.

Vulnerabilities referred to as L1TF or Foreshadow

The three issues are referred to as L1 Terminal Fault (or L1TF) by the general tech industry, but they were initially named "Foreshadow" and "Foreshadow-NG" by the researchers who discovered them.

They are as follows:

Foreshadow -  the original attack [CVE-2018-3615] designed to extract Intel SGX data residing in the L1 cache, detailed in this research paper here.
Foreshadow-NG - two variations of the original Foreshadow attack that can extract data residing in the CPU's L1 cache, including information belonging to the System Management Mode (SMM) or operating system kernel [CVE-2018-3620], or data belonging virtual machines running on a host OS' Virtual Machine Monitor (VMM) [CVE-2018-3646]. Both Foreshadow-NG variations are detailed in this research paper here.

Alternative names include:

L1 Terminal Fault – SGX >>> aka CVE-2018-3615, aka Foreshadow
L1 Terminal Fault – OS/SMM >>> aka CVE-2018-3620, aka Foreshadow-NG
L1 Terminal Fault – VMM >>> aka CVE-2018-3646, aka Foreshadow-NG

Only Intel CPUs are affected

According to the research team behind the L1TF/Foreshadow flaws, only Intel CPUs are affected. Researchers contacted Intel earlier this year and worked with the company, OS makers, and cloud hosting providers to prepare mitigations and updates.

"L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today," an Intel spokesperson told Bleeping Computer via email today.

"We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected," the spokesperson added. "We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue."

Both the research team, Intel, and Red Hat have published YouTube videos explaining how the L1TF/Foreshadow vulnerabilities work under the hood.

A video also shows the research team using the Foreshadow attack to retrieve data from a secure Intel SGX enclave.

Patches available. No performance hit.

According to Intel, applying Intel microcode updates and OS patches for CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 should mitigate L1TF/Foreshadow attacks in full.

Intel also said that unlike the case of Spectre where updates took a big bite out of the performance of Intel CPUs "there has been no meaningful performance impact observed as a result of [L1TF] mitigations applied."

Intel has published a blog post about L1TF/Foreshadow, an FAQ page, and a security guidance page. The list of affected CPUs is available on Intel's official security advisory.

Microsoft, Oracle, and Red Hat have also published blog posts about the L1TF/Foreshadow flaws, along with information about patches. Fixes have also arrived in Cisco products, the Linux kernel and via the Microsoft August 2018 Patch Tuesday. Security guidance pages have also been published by the three main cloud computing providers —Amazon Web Services, Google Cloud, and Microsoft Azure.

The team behind the research have also created a dedicated website explaining to explain the impact of the L1TF/Foreshadow vulnerabilities.

Related Articles:

New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed

New NetSpectre Attack Can Steal CPU Secrets via Network Connections

Researchers Detail New CPU Side-Channel Attack Named SpectreRSB

Academics Announce New Protections Against Spectre and Rowhammer Attacks

Windows 10 KB4100347 Intel CPU Update Causing Boot Issues & Pushed to AMD Users