New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs

Security researchers have uncovered a new way to exploit the speculative execution feature of Intel CPUs to bypass memory security barriers and leak protected information.

The vulnerability, known as Foreshadow or L1 Terminal Fault (L1TF), has three variants. The original variant was discovered by a team of researchers from KU Leuven University, Technion – Israel Institute of Technology, University of Michigan, University of Adelaide and Data61, and affects the Software Guard eXtensions (SGX) feature of Intel CPUs.

SGX is a trusted execution environment with hardware-enforced confidentiality and integrity guarantees. It is present in 6th generation (Skylake) and later Intel CPUs and is used by programs to set up secure enclaves where they can execute sensitive code or store secrets.

Like Spectre and Meltdown, Foreshadow abuses speculative execution, a performance-enhancing feature of modern CPUs. However, it allows attackers to read SGX-protected memory, which was not possible with Spectre.

The the new attack was reported to Intel in January, not long after Spectre and Meltdown were announced. Since then, the company’s security team has uncovered two other variants that affect additional microprocessors, operating systems and hypervisors. These are known as Foreshadow-NG (New Generation) or CVE-2018-3620 and CVE-2018-3646.

“Foreshadow-NG can be used for extracting any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System’s (OS) Kernel, or other Virtual Machines (VMs) running on third-party clouds,” researchers said on a website dedicated to the attack.

This means that user processes could potentially read memory protected by the OS kernel, guest operating systems that run inside virtual machines could read the memory of other guest VMs or of the hypervisor itself, or a malicious operating system could read memory protected by the SMM.

The original Foreshadow attack against SGX (CVE-2018-3615) is mitigated through CPU microcode updates that Intel has already released, while the Foreshadow-NG variants are mitigated for most users through operating system and hypervisor updates, some of which were released Aug. 14.

“There is a portion of the market – specifically a subset of those running traditional virtualization technology, and primarily in the data center – where it may be advisable that customers or partners take additional steps to protect their systems,” Leslie Culbertson, Intel’s executive vice president and general manager of Product Assurance and Security, said in a blog post. “This is principally to safeguard against situations where the IT administrator or cloud provider cannot guarantee that all virtualized operating systems have been updated.”

The actions that IT administrators must take in such a situation is to enable core scheduling in the hypervisor, if such a feature is available, or to disable the CPU’s hyper-threading function.

Hyper-threading allows hypervisors to use a single physical CPU core as multiple virtual CPUs for different virtual machines. This means those virtual CPUs will share the same L1 data cache, a small pool of memory designed to store information about what a physical processor core is likely to do next.

Intel has studied the performance impact of the Foreshadow mitigations on various desktop and data center tasks and has concluded that for most PC clients the impact will be non-existent or minimal. In environments where it cannot be guaranteed that all virtualized guest operating systems have been updated, some data center workloads might incur a more significant performance impact, especially on database operations such as postgreSQL.

These are the latest in a long string of architectural vulnerabilities in CPUs that have been found and disclosed since Spectre and Meltdown. Last week at the Black Hat USA security conference, researcher Ben Gras from VU Amsterdam presented the details of another CPU vulnerability called TLBleed that abuses hyper-threading and the translation lookaside buffer (TLB) to leak secrets such as encryption keys.

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin