Three new serious 'L1TF' vulnerabilities discovered in Intel processors
Intel has announced that three new serious vulnerabilities have been detected in its processors, allowing unauthorized access to data in the L1 cache. The vulnerabilities are named L1 Terminal Fault, or L1TF.
The first two variants relate to the Intel Software Guard Extensions and the System Management Mode. According to Intel, both can be solved with microcode and software updates and have already been released. The changes to the microcode were made earlier this year and the updates for operating systems were released on Tuesday
CVE | Name | Ernst | Score |
---|---|---|---|
CVE-2018-3615 | L1 Terminal Fault -SGX | High | 7.9 |
CVE-2018-3620 | L1 Terminal Fault-OS / SMM | High | 7.1 |
CVE-2018-3646 | L1 Terminal Fault -VMM | High | 7.1 |
The third L1TF variant relates to virtual machines and although mitigations were also released, Intel states that, depending on the situation, ‘further measures’ needed. A possible measure is, for example, disabling HyperTreading in environments where it can not be guaranteed that all virtual machines are equipped with control systems with patched kernels.
Intel claims that the security measures taken have little effect on performance and shows benchmarks of different scenarios for and after passing the patches. Also Red Hat has presented figures and shows that disabling HyperTreading can have a major negative impact on performance.
The first vulnerability, CVE-2018-3615, has been discovered by researchers at universities, including that of KU Leuven. They present the attack under the denominator Foreshadow and have set up a website with a paper and demonstration videos. The KU Leuven researchers shared their findings with Intel on 3 January 2018. Intel security researchers then found the other two related vulnerabilities themselves.
The publication of the new vulnerabilities was coordinated by the security researchers, Intel and software companies. On Tuesday evening, various parties have put their analyzes online. Microsoft describes L1TF on its Technet blog and Oracle put information online about which of its products have been affected. Also Red Hat describes the vulnerabilities. According to Intel, there are no known cases of misuse of the leaks.