show image

Foreshadow: Intel’s latest vulnerability bears a close resemblance to Meltdown and Spectre

An international coalition of researchers has identified a new Intel security flaw bearing a close resemblance to the Spectre and Meltdown vulnerabilities revealed earlier this year.

Intel said it was not aware of any reports that the flaw, dubbed Foreshadow, had been used in real-world exploits, but called on customers to take steps to protect their systems.

The vulnerability, referred to as L1 Terminal Fault (L1TF) by Intel, affects Intel microprocessors used in a range of systems. It has three varieties and, like Spectre and Meltdown, relies on a flaw in speculative execution side channel cache timing.

“When a program attempts to access data in memory, the logical memory address is translated to a physical address by the hardware,” an Intel statement explains. “Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault.”

“Once the fault is triggered, there is a gap before resolution where the processor will use speculative execution to try to load data,” the statement continues. “During this time, the processor could speculatively access the level 1 data cache (L1D), potentially allowing side-channel methods to infer information that would otherwise be protected.”

The US Computer Emergency Readiness Team warned that attackers could use Foreshadow to obtain sensitive information. The three varieties of the vulnerability affect operating systems and system management modes, Intel Software Guard Extensions, and virtual machine management software respectively. The latter is used by cloud computing platforms, although the biggest cloud providers have all taken steps to mitigate the vulnerability.

“L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today,” an Intel spokesperson said.

“We’ve provided more information on our web site and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue.”

The flaws are likely to reignite the debate over whether cloud services or on-premises databases are more secure. Ken Spinner, VP of field engineering at Varonis – a security vendor, said that in this case cloud providers of virtual servers are more susceptible “because that’s the most likely place you’d have one physical server housing dozens of virtual machines run by different companies”.

“If the vulnerability could be successfully exploited, attackers could hit the jackpot,” he added. “However, a data centre could hold literally hundreds of thousands of servers and potentially millions of VMs. Hackers would be conducting an unfocused attack, rather than focusing on exploiting a target organisation. It would be a shot in the dark.”