Three new Spectre-style flaws revealed that affect Intel chips

New bugs mark the third critical vulnerability to exploit speculative execution

Foreshadow CPU vulnerability logo showing a lock with a broken shadow

Intel has disclosed three new security flaws affecting its processors, which exploit speculative executions and side-channel memory in a similar way to Meltdown and Spectre.

The three new flaws are all variants of one vulnerability, which has been dubbed 'Foreshadow' by the security researchers who discovered it and is referred to by Intel as L1 Terminal Fault (L1TF).

CVE-2018-3615 affects Software Guard Extensions (SGX), CVE-2018-3620 relates to system memory managers (SMM) and operating systems, and CVE-2018-3620 affects virtual machines and hypervisors.

"When a program attempts to access data in memory, the logical memory address is translated to a physical address by the hardware," Intel's white paper on the issue said. "Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault."

"Once the fault is triggered, there is a gap before resolution where the processor will use speculative execution to try to load data. During this time, the processor could speculatively access the level 1 data cache (L1D), potentially allowing side-channel methods to infer information that would otherwise be protected."

All classes of Intel's CPUs are affected, from desktop chips all the way up to high-performance server components. Critically, Foreshadow also affects the servers on which multi-tenant cloud services are hosted, meaning that customers of cloud providers are also at risk.

Like Meltdown and Spectre before it, Foreshadow exploits a feature of processors known as speculative execution, which relates to the page tables of a processor's physical memory. Page tables define which areas of RAM are dedicated to which currently-running processes or applications.

In theory, when an application requests to access this area of RAM, the processor should consult the page tables to identify whether or not the request is valid. However, in order to speed up performance, modern processors will execute the request based on the data that is stored in its L1 cache memory before the validity of the request can be confirmed in the page table.

Hackers can exploit this by using malware running on the same physical CPU core to mark certain entries in the page table as invalid and then reading the data that is speculatively fetched from the L1 cache - which can include passwords, encryption keys and assorted personal data.

Because this flaw also affects servers which use virtualisation, cloud services are also at risk. If a malicious VM is running on the same physical CPU core as another customer's VM, this technique can be exploited to steal information from that VM.

The microcode patches that Intel released earlier in the year to address Meltdown and Spectre, combined with operating system and hypervisor patches, will be used to address all three vulnerabilities. The big three cloud providers - AWS, Microsoft Azure and Google Cloud - have also put measures in place to mitigate the impact of Foreshadow, but Red Hat has warned that one of the recommended mitigation measures - disabling hyper-threading - can have a notable impact on performance and availability, with losses in the region of 30% and 50%, respectively.

The forthcoming generation of Intel processors, starting with the upcoming 'Cascade Lake' Xeon Scalable processors, will also address Meltdown, Spectre and Foreshadow at the hardware level.

Intel has stated that it is "not aware of reports that any of these methods have been used in real-world exploits", but reminded customers to adhere to best practices and apply all available patches.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021