Scary New Intel Flaw Could Slow Down the Internet
In a masterpiece of coordinated disclosure, Intel, Microsoft, Red Hat and a group of academic researchers yesterday (Aug. 14) simultaneously notified the world of three more serious Intel CPU flaws that may have an impact on computing for years to come.
Like the Spectre and Meltdown vulnerabilities, the L1TF/Foreshadow flaws involve speculative execution, a process in which modern CPUs get ahead of themselves by guessing or, well, foreshadowing what their next steps are going to be.
The good news is that most consumer and workplace machines are affected by only one or two of these flaws, and that firmware and operating-system updates already provided by hardware and software vendors (most significantly by Microsoft yesterday) will largely mitigate all three. What you need to do is to keep your operating systems patched and to implement your hardware vendor's firmware updates.
The bad news is that cloud servers, which provide the backend for many smartphone apps and smart-home devices, are heavily impacted by the third flaw, and the fix may slow down response times among thousands of internet-based services.
Furthermore, all these mitigations to existing chips are really just Band-Aids. Intel says that the new Cascade Lake chips due out by Christmas will be immune to speculative-execution attacks, but the problems won't really be behind us until all currently affected Intel CPUS are phased out and replaced by a new generation.
The L1TF/Foreshadow flaws were privately disclosed to Intel in early January, just after Spectre and Meltdown were publicly revealed, by researchers at the Katholieke Universiteit Leuven in Belgium, and then again a few weeks later by a combined team from the University of Michigan, Israel's Technion Israel Institute of Technology, the University of Adelaide and the Australian government's Data61 research group.
After this story was first published, Intel reached out to us with this statement: "L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today."
How the Flaws Work
All three flaws involve unauthorized access to the L1 cache, a small bit of memory built into modern CPUs to rapidly access data. The CPUs keep track of what's where in the L1 cache by using page tables, and, to save time and get ahead in the CPU speed race, they guess where certain bits of data are in the page table without really knowing for sure, and act upon that hunch. If the hunch is wrong (and they usually aren't), then the data is declared a "terminal fault" and discarded.
This flaw makes it possible for a malicious process running in user space to view the terminal-fault data just before it's thrown out. If it waits long enough, the malicious process can built up enough discarded information to recreate much of what's in the L1 cache.
There are several YouTube videos bouncing around explaining it all, but Red Hat's three-minute video (there's a longer one that runs nearly 11 minutes) perhaps sums this up best.
The first flaw, which is the "proper" L1TF/Foreshadow flaw and has been given the reference name CVE-2018-3615, affects Intel's Software Guard Extensions (SGX), a feature in all Skylake, Kaby Lake and Coffee Lake processors — basically all Intel CPUs released since mid-2015 — that creates virtual secure enclaves in running memory.
SGX walls off certain processes from the rest of the operating system so that malware infections, even those running with high privileges, can't reach them. It's used for applications and processes that require heavy security, although developing for SGX is time-consuming and there don't seem to be many consumer applications that take advantage of it.
An attacker could leverage this flaw to abuse speculative execution by following the threads leading to SGX processes, and then replicating the SGX enclave elsewhere in memory. Despite the fact that SGX processes are encrypted, they must be decrypted before they can be used by the L1 CPU memory cache, and it's at that moment that the first L1TF vulnerability exposes them.
The second flaw, CVE-2018-3620 or Foreshadow-NG part 1, affects operating systems directly by reading information from their kernels, and not just Windows, but macOS and the various flavors of Linux as well. It affects pretty much all Intel Core and Xeon processors released since about 2008.
As noted already, Microsoft has released several Windows mitigations, and the major Linux distributions have also made patches available. As is its wont, Apple is staying mum for now, but it's a good bet that the company is already on the case.
The third flaw, CVE-2018-3646 or Foreshadow-NG part 2, is perhaps the most significant and affects virtual machines (VMs), which are independent instances of operating systems running on the same computer.
You can run nested virtual machines on personal computers, such as by running a Windows virtual machine inside macOS or Linux. On a server, virtual machines generally run in parallel and are governed by a puppet-master program called a hypervisor. The line is kind of fuzzy between the two, as Parallels on Mac and VMWare desktop software are technically hypervisors.
Intel implies that only hypervisor-governed VMs on servers are vulnerable, while Microsoft hints that some consumer machines might be.
Because virtual machines on a single machine must share the hardware, this third flaw makes it possible for a process running in one VM to access memory used by a different VM. That's a no-no, as it means that malware on the first VM could steal information from the other. Even worse, the flaw makes it possible for malicious processes to get into the hypervisor's page tables.
You wouldn't want your Slack discussion chats to end up in someone else's Netflix account, but because both companies use Amazon's AWS cloud servers, that's theoretically what could happen. (Amazon reached out to us after this story was first published to clarify that AWS servers were patched against these flaws before their public disclosure.)
Intel's mitigation for the third flaw clears out the L1 memory cache when switching between VMs and prevents the creation of malicious page tables. But it may also require turning off a speed-boosting process known as hyperthreading, which creates two virtual processor cores out of a single physical one.
When to Expect a Fix
The real fix will come with Intel's Cascade Lake, due to ship at the end of 2018, which will supposedly have architectures that will prevent exploitation based on the Meltdown, Spectre and L1TF/Foreshadow families of vulnerabilities. But given the rate at which new speculative-execution bugs are being revealed, we're not holding our breaths.
Image: ForeshadowAttack.eu/Public domain