A new vulnerability codenamed “Foreshadow” has been discovered in Intel processors1. The vulnerability can be exploited to read data from the chip giant’s security guard extensions (SGX) technology, while variants can break protections that run on operating systems and in virtual machines in data centres.
Foreshadow is the third major vulnerability discovered in the past year and builds on research related to the Meltdown and Spectre flaws revealed earlier this year. The vulnerability affects Intel’s commonly used Core and Xeon processors.
Further research by Intel’s security team identified a number of applications of L1T1F that could impact other processors, operating systems and virtualisation software.
What are the Vulnerabilities Identified and What Devices Are Impacted?
CVE-2018-3615 (for SGX)
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
CVE-2018-3620 (for operating systems)
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
CVE-2018-3646 (for virtualization)
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Affected chips
See the following link for affected products
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
Vendor remediation
Microsoft
August patch Tuesday updates released yesterday (14-08-2018) contain the latest mitigations from Intel which should protect against two of the L1TF attacks when combined with previous Spectre and Meltdown mitigations. The third variant, Intel says, is more complicated, but may only affect certain datacentres using virtualization. Though Intel hasn’t observed these attacks being used yet, it would be a good idea to keep your PC up to date with the latest patches.
Security update KB4343899
https://support.microsoft.com/en-ie/help/4343899/windows-7-update-kb4343899
Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Serverguidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
Amazon
An updated kernel for Amazon Linux (ALAS-2018-1058) is available within the Amazon Linux repositories. As a general security best practice, Amazon recommends that customers patch their operating systems or software as relevant patches become available to address emerging side-channel issues.
Google has deployed mitigations to Google’s infrastructure, including the infrastructure that underpins Google Cloud, which prevent the creation of vulnerable page-table entries within host operating systems.2
Google Cloud mitigations against L1TF
Google Compute Engine employs host isolation features which ensure that an individual core is never concurrently shared between distinct virtual machines. This isolation also ensures that, in the case that different virtual machines are scheduled sequentially, the L1 data cache is completely flushed to ensure that no vulnerable state remains. In addition, Google have also developed and deployed infrastructure that allows them to monitor their hosts for certain classes of these attacks.
Google recommendations to protect environments against L1TF
The mitigations described above address the L1TF vulnerability for the majority of Google Cloud customers.
Customers are encouraged to update their images to prevent the possibility of indirect exploitation within their environments. This is particularly important for customers running their own multi-tenant services. For product-specific details and recommended user actions, please refer to the Product Status page.
New and emerging security vulnerabilities will always be a reality, and Google constantly works across the industry to discover and address vulnerabilities to protect our users and customers. Google Cloud customers benefit from the shared responsibility model of public clouds, meaning much of the burden of addressing new vulnerabilities is offloaded to their cloud provider
VMware
Advisory ID: VMSA-2018-0020
VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault – VMM vulnerability.
https://www.vmware.com/security/advisories/VMSA-2018-0020.html
Relevant products
VMware vCenter Server (VC)
VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (WS)
VMware Fusion Pro / Fusion (Fusion)
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault – VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3646 to this issue.
CVE-2018-3646 has two currently known attack vectors which will be referred to as “Sequential-Context” and “Concurrent-Context.”
Attack Vector Summary
Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.
Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading enabled processor core
Mitigation Summary
The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in the table below. See link https://www.vmware.com/security/advisories/VMSA-2018-0020.html
This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.
The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default.
See link https://kb.vmware.com/s/article/55806 for Workstation
See link https://kb.vmware.com/s/article/57138 for Fusion
Cisco
Advisory ID: cisco-sa-20180814-cpusidechannel
To exploit any of the vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector from which to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.
A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as the operating system or hypervisor, is patched against the vulnerabilities in question.
Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. See the Affected Products section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.
Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Citrix
Advisory ID: XSA-273
In x86 nomenclature, a Terminal Fault is a pagetable walk which aborts due to the page being not present (e.g. paged out to disk), or because of reserved bits being set.
Architecturally, such a memory access will result in a page fault exception, but some processors will speculatively compute the physical address and issue an L1D lookup. If data resides in the L1D cache, it may be forwarded to dependent instructions, and may be leaked via a side channel.
Furthermore:
* SGX protections are not applied
* EPT guest to host translations are not applied
* SMM protections are not applied
This issue is split into multiple CVEs depending on circumstance. The
CVEs which apply to Xen are:
* CVE-2018-3620 – Operating Systems and SMM
* CVE-2018-3646 – Hypervisors
Vulnerable systems
Systems running all versions of Xen are affected. Only x86 processors are vulnerable. ARM processors are not known to be affected. Only Intel Core based processors (from at least Merom onwards) are potentially affected. Other processor designs (Intel Atom/Knights range), and other manufacturers (AMD) are not known to be affected. x86 PV guests fall into the CVE-2018-3620 (OS and SMM) category. x86 HVM and PVH guests fall into the CVE-2018-3646 (Hypervisors) category. Full details of mitigation steps see link http://xenbits.xen.org/xsa/advisory-273.html
Red Hat Linux
For affected products open the link below and click on the Impact tab
https://access.redhat.com/security/vulnerabilities/L1TF
Diagnosing if your system is vulnerable
Use the detection script to determine if your system is currently vulnerable to this flaw. To verify the legitimacy of the script, you can download the detached PGP signature as well, with the signing key on our Product Security openPGP Keys page . The current version of the script is 1.2.
Remediation
For remediation steps open the link below and click on the Resolve tab.
https://access.redhat.com/security/vulnerabilities/L1TF
How Can Ward Help?
For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.
Please see links below for further reading:
1 https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault