Foreshadow (security vulnerability)
Foreshadow (security vulnerability)
Foreshadow (known as L1 Terminal Fault (L1TF) by Intel)[1][2] is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018.[18] The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615 [32] ) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG [33] ) (CVE-2018-3620 [34] and CVE-2018-3646 [35] ) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory.[1] A listing of affected Intel hardware has been posted.[11][12]
Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that also affected Intel.[7] However, AMD products, according to AMD, are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]
Foreshadow may be very difficult to exploit,[3][7] and there seems to be no evidence to date (15 August 2018) of any serious hacking involving the Foreshadow vulnerabilities.[3][7] Nevertheless, applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration.[6] Companies performing cloud computing may see a significant decrease in their overall computing power; individuals, however, may not likely see any performance impact, according to researchers.[10] The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake),[19][20] as well as new client processors expected to launch later this year [2018]."[6]
History
Two groups of researchers discovered the security vulnerabilities independently: a Belgian team (including Jo Van Bulck, Frank Piessens, Raoul Strackx) from imec-DistriNet, KU Leuven reported it to Intel on 3 January 2018; a second team from Technion – Israel Institute of Technology (Marina Minkin, Mark Silberstein), University of Adelaide (Yuval Yarom), and University of Michigan (Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch) reported it on 23 January 2018.[1][4] The vulnerabilities were first disclosed to the public on 14 August 2018.[1][4]
Mechanism
The Foreshadow vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615 [36] [attacks SGX]) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-2018-3620 [37] [attacks the OS Kernel and SMM mode] and CVE-2018-3646 [38] [attacks virtual machines]) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory.[1] Intel considers the entire class of speculative execution side channel vulnerabilities as "L1 Terminal Fault" (L1TF).[1]
For Foreshadow, the sensitive data of interest is the encrypted data in an SGX enclave. Usually, an attempt to read enclave memory from outside the enclave is made, speculative execution is permitted to modify the cache based on the data that was read, and then the processor is allowed to block the speculation when it detects that the protected-enclave memory is involved and reading is not permitted. However, "... if the sensitive data is in level 1 cache, speculative execution can use it before the processor determines that there's no permission to use it."[4] The Foreshadow attacks are stealthy, and leave few traces of the attack event afterwards in a computer's logs.[5]
Impact
Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that affected Intel.[7] AMD products, according to AMD, are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]
Intel notes that the Foreshadow flaws could produce the following:[6]
Malicious applications, which may be able to infer data in the operating system memory, or data from other applications.
A malicious guest virtual machine (VM) may infer data in the VM's memory, or data in the memory of other guest VMs.
Malicious software running outside of SMM may infer data in SMM memory.
Malicious software running outside of an Intel SGX enclave or within an enclave may infer data from within another Intel SGX enclave.
According to one of the discoverers of the computer flaws: "... the SGX security hole can lead to a "Complete collapse of the SGX ecosystem."[6]
Intel Core i3/i5/i7/M processor (45 nm and 32 nm)
2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
Intel Core X-series processor family for Intel X99 and X299 platforms
Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
Intel Xeon Processor E5 v1/v2/v3/v4 family
Intel Xeon Processor E7 v1/v2/v3/v4 family
Intel Xeon Processor Scalable family
Intel Xeon Processor D (1500, 2100)
Mitigation
Applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration.[6][22] Companies performing cloud computing may see a significant decrease in their overall computing power; individuals, however, may not likely see any performance impact, according to researchers.[10]
See also
BlueKeep (security vulnerability)
Hardware security bug
Microarchitectural Data Sampling
TLBleed, similar security vulnerability
Transient execution CPU vulnerabilities