Three new Spectre-style flaws revealed that affect Intel chips

New bugs mark the third critical vulnerability to exploit speculative execution

Foreshadow CPU vulnerability logo showing a lock with a broken shadow

Intel has disclosed three new security flaws affecting its processors, which exploit speculative executions and side-channel memory in a similar way to Meltdown and Spectre.

The three new flaws are all variants of one vulnerability, which has been dubbed 'Foreshadow' by the security researchers who discovered it and is referred to by Intel as L1 Terminal Fault (L1TF).

Advertisement - Article continues below

CVE-2018-3615 affects Software Guard Extensions (SGX), CVE-2018-3620 relates to system memory managers (SMM) and operating systems, and CVE-2018-3620 affects virtual machines and hypervisors.

"When a program attempts to access data in memory, the logical memory address is translated to a physical address by the hardware," Intel's white paper on the issue said. "Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault."

"Once the fault is triggered, there is a gap before resolution where the processor will use speculative execution to try to load data. During this time, the processor could speculatively access the level 1 data cache (L1D), potentially allowing side-channel methods to infer information that would otherwise be protected."

All classes of Intel's CPUs are affected, from desktop chips all the way up to high-performance server components. Critically, Foreshadow also affects the servers on which multi-tenant cloud services are hosted, meaning that customers of cloud providers are also at risk.

Advertisement - Article continues below
Advertisement - Article continues below

Like Meltdown and Spectre before it, Foreshadow exploits a feature of processors known as speculative execution, which relates to the page tables of a processor's physical memory. Page tables define which areas of RAM are dedicated to which currently-running processes or applications.

In theory, when an application requests to access this area of RAM, the processor should consult the page tables to identify whether or not the request is valid. However, in order to speed up performance, modern processors will execute the request based on the data that is stored in its L1 cache memory before the validity of the request can be confirmed in the page table.

Hackers can exploit this by using malware running on the same physical CPU core to mark certain entries in the page table as invalid and then reading the data that is speculatively fetched from the L1 cache - which can include passwords, encryption keys and assorted personal data.

Advertisement - Article continues below

Because this flaw also affects servers which use virtualisation, cloud services are also at risk. If a malicious VM is running on the same physical CPU core as another customer's VM, this technique can be exploited to steal information from that VM.

The microcode patches that Intel released earlier in the year to address Meltdown and Spectre, combined with operating system and hypervisor patches, will be used to address all three vulnerabilities. The big three cloud providers - AWS, Microsoft Azure and Google Cloud - have also put measures in place to mitigate the impact of Foreshadow, but Red Hat has warned that one of the recommended mitigation measures - disabling hyper-threading - can have a notable impact on performance and availability, with losses in the region of 30% and 50%, respectively.

The forthcoming generation of Intel processors, starting with the upcoming 'Cascade Lake' Xeon Scalable processors, will also address Meltdown, Spectre and Foreshadow at the hardware level.

Intel has stated that it is "not aware of reports that any of these methods have been used in real-world exploits", but reminded customers to adhere to best practices and apply all available patches.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020