Three new Speculative Execution Side Channel Attacks found on Intel processors

Three new Speculative Execution Side Channel Attacks found on Intel processors

Three new Speculative Execution Side Channel Attacks found on Intel processors

Three new Spectre/Meltdown-like Speculative Execution faults have been found in Intel processors, opening them up to potential side channel attacks. These attacks are defined by the CVE numbers CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 and make up a new vulnerability category known as L1 Terminal Fault (L1TF) and Foreshadow. 

To simplify things, these faults allow attackers to read the information on a processor’s L1 cache, a small pool of memory that is only accessible by the processing core (and its associated threads for SMT enabled CPUs). Accessing this normally restricted information can allow attackers to potentially steal information such as passwords and encryption keys, with the scary thing being that this attack can be conducted from one virtual machine to another within a virtualised server environment. 

Thankfully, these issues can be addressed by a combination of firmware, software and Hypervisor updates, with Microsoft reporting that their software updates have a negligible” performance impact in a blog post called “Hyper-V HyperClear Mitigation for L1 Terminal Fault“, which goes into a lot of detail regarding Microsoft’s fixes and other potential mitigations. 

AMD has released a statement which states that the company believes that their “processors are not susceptible to the new speculative execution attack variants called Foreshadow or Foreshadow-NG due to our hardware paging architecture protections”. AMD also recommends that their datacenter users do not implement Foreshadow-related mitigations on their platforms. 

The best way to avoid these new speculative execution vulnerabilities to make sure that your system’s OS and firmware are up to date, though the primary risks of these speculative execution attacks are to users of virtualisation. Below is a video from Intel that explains Foreshadow and potential mitigations.  

L1TF adds three new vulnerabilities to a growing list of Speculative Execution attacks, many of which are exclusive to Intel processors. Thankfully, no known malware uses speculative execution-style attacks, as there are much easier ways to hack systems. The L1 cache inside most modern processors is tiny, making it extremely difficult for attackers to get data of any value or quantity. Stealing data Kilobytes at a time is a slow process. 

You can join the discussion on Intel’s latest Speculative Execution faults on the OC3D Forums.Â