Blog Information regarding Foreshadow, the Intel L1 Terminal Fault vulnerability

Information regarding Foreshadow, the Intel L1 Terminal Fault vulnerability

Foreshadow

Intel recently shared information about a newly identified vulnerability in their processors. It concerns a speculative execution side-channel method that Intel calls L1 Terminal Fault or L1TF for short. The vulnerability was discovered by two independent groups of researchers who have titled it Foreshadow.

L1TF aka Foreshadow

The Foreshadow vulnerability (CVE-2018-3615) is an exploit on the speculative execution on Intel processors. It can allow attackers to access sensitive information stored in the Level 1 CPU cache and affects most Intel processors. While investigating the cause of the Foreshadow, Intel identified two related attacks (CVE-2018-3620 & CVE-2018-3646) now called Foreshadow Next Generation.

At the moment, no known public exploits exist. However, the Foreshadow-NG could potentially be used to read information from the L1 in a public cloud. This may include data from the operating system, kernel, hypervisor or the neighbouring virtual machine. VMs sharing the same physical CPU core also share the L1 cache which leaves them vulnerable to the attack. Fortunately, there is no way to make targeted attacks against specific data or virtual machine as guest servers have no way to choose which physical CPU core they use.

Due to the nature of the vulnerability, it has been categorised as high severity. Mitigation against the attack vectors will require upgrades to the system microcode. Intel has released some updates to address the issue but the earlier updates made for Meltdown and Spectre are not effective against the L1TF.

Mitigating the vulnerability

When the issue was first announced, we began immediately testing and validating the updates in preparations for deployment. As the Foreshadow-NG (CVE-2018-3646) is a risk especially to virtualized environments such as cloud service providers, we are auditing and updating all affected infrastructure. We expect to be able to perform the upgrades without any major disruptions to your cloud servers.

Likewise to the Spectre and Meltdown vulnerabilities, users should also upgrade the operating systems on their cloud servers as the fixes become available from their vendors.
We are upgrading our public templates to make sure all future deployments are secure.

The updates to mitigate the vulnerability are expected to affect performance or resource utilisation in some specific workloads. As Intel is working with their industry partners to provide multiple solutions to address the problem, the final impact on performance is not yet clear. Regardless of the approach to fix the vulnerability, we are focused on minimising performance loss while thoroughly securing the systems.

Should you have any further questions, please don’t hesitate to contact our support staff.

More information:

Leave a Reply

Your email address will not be published. Required fields are marked *

Locations

Helsinki (HQ)

In the capital city of Finland, you will find our headquarters, and our first data centre. This is where we handle most of our development and innovation.

London

London was our second office to open, and a important step in introducing UpCloud to the world. Here our amazing staff can help you with both sales and support, in addition to host tons of interesting meetups.

Seattle

Seattle is our 4th and latest office to be opened, and our way to reach out across the pond to our many users in the Americas.

Singapore

Singapore was our 3rd office to be opened, and enjoys one of most engaged and fastest growing user bases we have ever seen.