The Broadband Guide
SG
search advanced

Intel reveals three new L1TF chip vulnerabilities

2018-08-20 07:51 by

 

Intel disclosed three chip vulnerabilities that could allow malicious software access to sensitive computer memory data, according to a company blog post on Tuesday.

Academics and private sector researchers identified new "speculative execution side-channel method" vulnerabilities affecting Intel CPUs. Vulnerabilities are referred to as L1TF (L1 Terminal Fault), but they were initially named "Foreshadow" and "Foreshadow-NG" by the researchers who discovered them. The L1TF method affects select microprocessor products supporting Intel Software Guard Extensions (Intel SGX). Further research by Intel's security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.

Foreshadow is the original attack [CVE-2018-3615] designed to extract Intel SGX data residing in the L1 cache.
Foreshadow-NG are two variations of the original attack that can also extract information belonging to the System Management Mode (SMM) or operating system kernel (CVE-2018-3620], or data belonging to virtual machines running in that OS virtual machine momitor (VMM) [CVE-2018-3646]. 

According to researchers, only Intel CPUs are affected by the L1TF/Foreshadow flaws.

According to emails from Intel spokesperson to Bleeping computer, "L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting August 15." Furthermore, Intel "continues to encourage everyone to keep their systems up to date, as it is one of the best ways to stay protected," the spokesman adds.

According to Intel, applying Intel microcode updates and OS patches will mitigate the L1TF/Foreshadow vulnerability in full, without a performance hit.


Read more at Intel Newsroom blogpost. The list of affected CPUs is available on Intel's official security advisory.

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About