Posted on 17.8.2018

Information regarding Foreshadow, the Intel L1 Terminal Fault vulnerability


Intel recently shared information about a newly identified vulnerability in their processors. It concerns a speculative execution side-channel method that Intel calls L1 Terminal Fault or L1TF for short. The vulnerability was discovered by two independent groups of researchers who have titled it Foreshadow.

L1TF aka Foreshadow

The Foreshadow vulnerability (CVE-2018-3615) is an exploit on the speculative execution on Intel processors. It can allow attackers to access sensitive information stored in the Level 1 CPU cache and affects most Intel processors. While investigating the cause of the Foreshadow, Intel identified two related attacks (CVE-2018-3620 & CVE-2018-3646) now called Foreshadow Next Generation.

At the moment, no known public exploits exist. However, the Foreshadow-NG could potentially be used to read information from the L1 in a public cloud. This may include data from the operating system, kernel, hypervisor or the neighbouring virtual machine. VMs sharing the same physical CPU core also share the L1 cache which leaves them vulnerable to the attack. Fortunately, there is no way to make targeted attacks against specific data or virtual machine as guest servers have no way to choose which physical CPU core they use.

Due to the nature of the vulnerability, it has been categorised as high severity. Mitigation against the attack vectors will require upgrades to the system microcode. Intel has released some updates to address the issue but the earlier updates made for Meltdown and Spectre are not effective against the L1TF.

Mitigating the vulnerability

When the issue was first announced, we began immediately testing and validating the updates in preparations for deployment. As the Foreshadow-NG (CVE-2018-3646) is a risk especially to virtualized environments such as cloud service providers, we are auditing and updating all affected infrastructure. We expect to be able to perform the upgrades without any major disruptions to your cloud servers.

Likewise to the Spectre and Meltdown vulnerabilities, users should also upgrade the operating systems on their cloud servers as the fixes become available from their vendors.
We are upgrading our public templates to make sure all future deployments are secure.

The updates to mitigate the vulnerability are expected to affect performance or resource utilisation in some specific workloads. As Intel is working with their industry partners to provide multiple solutions to address the problem, the final impact on performance is not yet clear. Regardless of the approach to fix the vulnerability, we are focused on minimising performance loss while thoroughly securing the systems.

Should you have any further questions, please don’t hesitate to contact our support staff.

More information:

Janne Ruostemaa


Leave a Reply

Your email address will not be published. Required fields are marked *

New Intel CPU vulnerability GDS/Downfall

On August 8, 2023, Intel published a new security vulnerability that exploits Gather Data Sampling (GDS). Named Downfall by its discoverer, it impacts multiple generations of Intel processors used in both personal and cloud computers. Downfall is a transient execution side-channel vulnerability that targets a critical weakness found in many modern Intel processor models. Following the […]


The discovery and mitigation of AMD Zen CPU vulnerability aka Zenbleed

Yesterday, on the 24th of July 2023, Google Project Zero published their findings of a new flaw in AMD’s Zen 2 processors. The vulnerability titled ‘Zenbleed’ affects the entire Zen 2 product stack, from AMD’s EPYC data center processors to the Ryzen 3000 CPUs. It can be exploited to steal sensitive data stored in the […]


Information regarding the Intel CPU vulnerabilities (Meltdown)

Intel CPU vulnerabilities uncovered Yesterday, on January 3rd, 2018, Intel confirmed information regarding independent research findings that have uncovered security vulnerabilities in their processors. Further research has shown that this affects all modern processors, including models used by UpCloud and other cloud service providers. The CPU vulnerabilities may allow an attacker to escape the confinement […]


Back to top