Intel reveals three new L1TF chip vulnerabilities2018-08-20 07:51 by Philip
Intel disclosed three chip vulnerabilities that could allow malicious software access to sensitive computer memory data, according to a company blog post on Tuesday.
Academics and private sector researchers identified new "speculative execution side-channel method" vulnerabilities affecting Intel CPUs. Vulnerabilities are referred to as L1TF (L1 Terminal Fault), but they were initially named "Foreshadow" and "Foreshadow-NG" by the researchers who discovered them. The L1TF method affects select microprocessor products supporting Intel Software Guard Extensions (Intel SGX). Further research by Intel's security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.
Foreshadow is the original attack [CVE-2018-3615] designed to extract Intel SGX data residing in the L1 cache.
According to researchers, only Intel CPUs are affected by the L1TF/Foreshadow flaws.
According to emails from Intel spokesperson to Bleeping computer, "L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting August 15." Furthermore, Intel "continues to encourage everyone to keep their systems up to date, as it is one of the best ways to stay protected," the spokesman adds.
According to Intel, applying Intel microcode updates and OS patches will mitigate the L1TF/Foreshadow vulnerability in full, without a performance hit.