Security experts discovered three new vulnerabilities affecting Intel processors that appear to be speculative execution flaws called Foreshadow. This is the code name under which has been assigned to the bugs, appearing to be yet another problem that affects general purpose hardware hardware components.
The Foreshadow Bugs Are the Latest Intel Speculative Execution Flaws
A new collection of vulnerabilities have been identified in Intel processors. They have been assigned the name Foreshadow as the identifier of the three bugs that appear to target both the Core and Xeon line of processors. The route of discovery is interesting as two groups of researchers were working on the first flaw which was reported to the vendor in January. Once the company received the notification it started working on a fix. During their own analysis two other problems were identified and addressed as part of the overall attack strategy employed by potential malicious actors.
The three vulnerabilities are collectively known as Foreshadow, the name that Intel has assigned the bugs are Terminal Fault (L1TF) flaws. They are tracked under the following security advisories — CVE-2018-3615, CVE-2018-3620 & CVE-2018-3646. They read the following description:
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
There are several dangerous effects by abuse of the Foreshadow speculative execution flaws — malicious users can extract all information that resides in the L1 processor cache. This includes various data including that written and read by the system management node (SMM), the operating system kernel or virtual machines running on cloud and desktop instances. A user process can potentially read the kernel memory which is a security rusk. Furthermore a guest virtual machine running on a cloud client can potentially read the memory belonging to the same hypervisor. This is a popular setup used in numerous production environments.
Victims of a potential Foreshadow attack have no way of knowing that they have been impacted. All three of them exploit the issues that affect the processors similar to the Spectre bugs. The security report issued by Intel themselves reads that the Foreshadow bugs are rated as a highly sophisticated attack method. Fortunately there are no reported exploits used to this date. Details about them are given in individual reports as each bug is assigned to a different software component.
- The Original Foreshadow Vulnerability — This is the first case of the bug. According to the report this is a practical attack that targets the software microarchitecture of the Software Guard Extensions (SGX) which are available in all recent Intel x86 processors. The bug works by implementing a technique the can leak plaintext data from the CPU cache. A demonstration has resulted in the extraction of the full cryptographic keys from the processor software microarchitecture.
- Foreshadow-NG (Next Generation) Bug 1 — An attack method that allows malicious actors to extract data belonging to the System Management Mode or the operating system kernel.
- Foreshadow-NG (Next Generation) Bug 2 — A similar technique that can hijack data from virtual machines running on the host system.
Intel has released microcode patches that mitigate the issue, all users should apply the updates delivered via their operating system patch bulletin. The following processors have been found to be affected:
- All SGX-enabled processors (Skylake and Kaby Lake)
- Intel Core™ i3/i5/i7/M processor (45nm and 32nm)
- 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
- Intel Core X-series Processor Family for Intel X99 and X299 platforms
- Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
- Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
- Intel® Xeon® Processor E5 v1/v2/v3/v4 Family
- Intel® Xeon® Processor E7 v1/v2/v3/v4 Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor D (1500, 2100)