Intel releases updates for 'Foreshadow' CPU flaws

by Mark Tyson on 15 August 2018, 09:31

Tags: Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qadwi3

Add to My Vault: x

Intel has released details and mitigation information for what it calls the L1 Terminal Fault, but which most media outlets have dubbed the 'Foreshadow' CPU flaws. These flaws are similar in nature to the Spectre and Meltdown security holes which were uncovered early this year and affected billions of computer processors. Happily, security researchers gave Intel the heads-up months ago so it has had time to work on microcode patches and with OS/cloud vendors like Microsoft, Google, and Amazon.

The L1 Terminal Fault (L1TF) is a speculative execution side-channel method of attacking a processor. Ironically it affects modern Intel processors which come with Intel Software Guard Extensions (Intel SGX). To exploit L1TF a method might target access to the L1 data cache which will store information on what a processor core is most likely to do next, explains Intel.

A hacker could run a program on one thread to spy on L1 cache information from another thread/process

If you are interested in more technical explanations and guidance with regard to L1TF then Intel has prepared an advisory and guidance document for IT professionals. This describes the three L1TF variants and lists the potentially affected products. The first two variants were patched in a microcode released as part of INTEL-SA-00115 in May/June this year, though it wasn't mentioned at the time. The third variant, affecting Hypervisor software, as used in virtualisation, has only just to get patches delivered, with rollout starting yesterday.

Many enterprises such as data centres commonly use virtualisation technology and it is "advisable that customers or partners take additional steps to protect their systems". In some cases "performance or resource utilisation on some specific workloads may be affected," which could be bad news for the organisations affected as it will increase costs.

Looking to the not-too-distant future (Q4 2018), Intel will release the next-generation Intel Xeon Scalable processors (code-named Cascade Lake) with silicon level mitigations for not just Spectre and Meltdown but for L1TF too.

AMD CPUs are not affected by L1TF.



HEXUS Forums :: 21 Comments

Login with Forum Account

Don't have an account? Register today!
Well…the spectre and meltdown flaw opened a can of worms!
AMD CPUs are not affected by L1TF.
is what I take away from this. Once again Intel is hit the hardest (or rather, singularly). Really shows how they've played fast and loose with processor security over the years …despite all their promises.
Tabbykatze
Well…the spectre and meltdown flaw opened a can of worms!

Interesting that this was discovered before Meltdown/Spectre were made public, I haven't heard whether the researchers knew about Meltdown before they started looking at this, would be interesting to know.
DanceswithUnix
Interesting that this was discovered before Meltdown/Spectre were made public, I haven't heard whether the researchers knew about Meltdown before they started looking at this, would be interesting to know.

Did they know about these before Spectre/Meltdown?
Does anyone know of a catalogue of flaws that you can check, by cpu, to see if its affected by and if/when a fix is available (I know, this is restricted by mobo peeps also)?

Keeping track of all these flaws is getting ridiculous.