Three new Spectre-style flaws revealed that affect Intel chips

New bugs mark the third critical vulnerability to exploit speculative execution

Foreshadow CPU vulnerability logo showing a lock with a broken shadow

Intel has disclosed three new security flaws affecting its processors, which exploit speculative executions and side-channel memory in a similar way to Meltdown and Spectre.

The three new flaws are all variants of one vulnerability, which has been dubbed 'Foreshadow' by the security researchers who discovered it and is referred to by Intel as L1 Terminal Fault (L1TF).

CVE-2018-3615 affects Software Guard Extensions (SGX), CVE-2018-3620 relates to system memory managers (SMM) and operating systems, and CVE-2018-3620 affects virtual machines and hypervisors.

"When a program attempts to access data in memory, the logical memory address is translated to a physical address by the hardware," Intel's white paper on the issue said. "Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault."

Advertisement - Article continues below
Advertisement - Article continues below

"Once the fault is triggered, there is a gap before resolution where the processor will use speculative execution to try to load data. During this time, the processor could speculatively access the level 1 data cache (L1D), potentially allowing side-channel methods to infer information that would otherwise be protected."

All classes of Intel's CPUs are affected, from desktop chips all the way up to high-performance server components. Critically, Foreshadow also affects the servers on which multi-tenant cloud services are hosted, meaning that customers of cloud providers are also at risk.

Like Meltdown and Spectre before it, Foreshadow exploits a feature of processors known as speculative execution, which relates to the page tables of a processor's physical memory. Page tables define which areas of RAM are dedicated to which currently-running processes or applications.

In theory, when an application requests to access this area of RAM, the processor should consult the page tables to identify whether or not the request is valid. However, in order to speed up performance, modern processors will execute the request based on the data that is stored in its L1 cache memory before the validity of the request can be confirmed in the page table.

Hackers can exploit this by using malware running on the same physical CPU core to mark certain entries in the page table as invalid and then reading the data that is speculatively fetched from the L1 cache - which can include passwords, encryption keys and assorted personal data.

Because this flaw also affects servers which use virtualisation, cloud services are also at risk. If a malicious VM is running on the same physical CPU core as another customer's VM, this technique can be exploited to steal information from that VM.

Advertisement - Article continues below

The microcode patches that Intel released earlier in the year to address Meltdown and Spectre, combined with operating system and hypervisor patches, will be used to address all three vulnerabilities. The big three cloud providers - AWS, Microsoft Azure and Google Cloud - have also put measures in place to mitigate the impact of Foreshadow, but Red Hat has warned that one of the recommended mitigation measures - disabling hyper-threading - can have a notable impact on performance and availability, with losses in the region of 30% and 50%, respectively.

The forthcoming generation of Intel processors, starting with the upcoming 'Cascade Lake' Xeon Scalable processors, will also address Meltdown, Spectre and Foreshadow at the hardware level.

Intel has stated that it is "not aware of reports that any of these methods have been used in real-world exploits", but reminded customers to adhere to best practices and apply all available patches.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020