Three new serious 'L1TF' vulnerabilities discovered in Intel processors

Spread the love

Intel has announced that three new serious vulnerabilities have been detected in its processors, allowing unauthorized access to data in the L1 cache. The vulnerabilities are named L1 Terminal Fault, or L1TF.

Intel announces the existence of the L1TF vulnerabilities in a announcement and has put a page online with information about the measures taken taken . All technical details about the new side channel attacks has been published by Intel in a white paper about L1TF . The vulnerabilities are both in consumer processors and in Xeon server processors.
The first two variants relate to the Intel Software Guard Extensions and the System Management Mode. According to Intel, both can be solved with microcode and software updates and have already been released. The changes to the microcode were made earlier this year and the updates for operating systems were released on Tuesday

CVE Name Ernst Score
CVE-2018-3615 L1 Terminal Fault -SGX High 7.9
CVE-2018-3620 L1 Terminal Fault-OS / SMM High 7.1
CVE-2018-3646 L1 Terminal Fault -VMM High 7.1

The third L1TF variant relates to virtual machines and although mitigations were also released, Intel states that, depending on the situation, ‘further measures’ needed. A possible measure is, for example, disabling HyperTreading in environments where it can not be guaranteed that all virtual machines are equipped with control systems with patched kernels.
Intel claims that the security measures taken have little effect on performance and shows benchmarks of different scenarios for and after passing the patches. Also Red Hat has presented figures and shows that disabling HyperTreading can have a major negative impact on performance.
The first vulnerability, CVE-2018-3615, has been discovered by researchers at universities, including that of KU Leuven. They present the attack under the denominator Foreshadow and have set up a website with a paper and demonstration videos. The KU Leuven researchers shared their findings with Intel on 3 January 2018. Intel security researchers then found the other two related vulnerabilities themselves.
The publication of the new vulnerabilities was coordinated by the security researchers, Intel and software companies. On Tuesday evening, various parties have put their analyzes online. Microsoft describes L1TF on its Technet blog and Oracle put information online about which of its products have been affected. Also Red Hat describes the vulnerabilities. According to Intel, there are no known cases of misuse of the leaks.

You might also like