 A logo created for the vulnerability, featuring a lock with a shadow | |
| CVE identifier(s) | CVE-2018-3615 (Foreshadow), CVE-2018-3620 and CVE-2018-3646 (Foreshadow-NG) |
|---|---|
| Date discovered | January 2018; 7 years ago (2018-01) |
| Affected hardware | ModernIntel processors |
| Website | foreshadowattack |
Foreshadow, known asL1 Terminal Fault (L1TF) byIntel,[1][2] is avulnerability that affects modernmicroprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018.[18] The vulnerability is aspeculative execution attack onIntel processors that may result in the disclosure of sensitive information stored inpersonal computers andthird-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615) targets data fromSGX enclaves; and the second version (next-generation/Foreshadow-NG)[19] (CVE-2018-3620 and CVE-2018-3646) targetsvirtual machines (VMs),hypervisors (VMM),operating systems (OS)kernel memory, andSystem Management Mode (SMM) memory.[1] A listing of affected Intel hardware has been posted.[11][12]
Foreshadow is similar to theSpectre security vulnerabilities discovered earlier to affectIntel andAMD chips, and theMeltdown vulnerability that also affected Intel.[7] AMD products are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel]Core processors built over the last seven years".[3]
Foreshadow may be very difficult to exploit.[3][7] As of 15 August 2018, there seems to be no evidence of any serious hacking involving the Foreshadow vulnerabilities.[3][7] Nevertheless, applying software patches may help alleviate some concern, although the balance between security and performance may be a worthy consideration.[6] Companies performingcloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10] The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generationIntel Xeon Scalable processors (code-namedCascade Lake),[20][21] as well as new client processors expected to launch later this year [2018]."[6]
On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, entitled "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution"[22] at aUSENIX security conference.[9][22]
Two groups of researchers discovered the security vulnerabilities independently: a Belgian team (including Raoul Strackx, Jo Van Bulck, Frank Piessens) from imec-DistriNet,KU Leuven reported it to Intel on 3 January 2018;[23] a second team fromTechnion – Israel Institute of Technology (Marina Minkin, Mark Silberstein),University of Adelaide (Yuval Yarom), andUniversity of Michigan (Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch) reported it on 23 January 2018.[1][4] The vulnerabilities were first disclosed to the public on 14 August 2018.[1][4]
The Foreshadow vulnerability is aspeculative execution attack onIntel processors that may result in the disclosure of sensitive information stored inpersonal computers andthird-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615 [attacks SGX]) targets data fromSGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-2018-3620 [attacks the OS Kernel and SMM mode] andCVE-2018-3646 [attacks virtual machines]) targetsvirtual machines (VMs),hypervisors (VMM),operating systems (OS)kernel memory, andSystem Management Mode (SMM) memory.[1] Intel considers the entire class ofspeculative execution side channel vulnerabilities as "L1 Terminal Fault" (L1TF).[1]
For Foreshadow, the sensitive data of interest is the encrypted data in anSGX enclave. Usually, an attempt to read enclave memory from outside the enclave is made, speculative execution is permitted to modify the cache based on the data that was read, and then the processor is allowed to block the speculation when it detects that the protected-enclave memory is involved and reading is not permitted. Speculative execution can use sensitive data in a level 1 cache before the processor notices a lack of permission.[4] The Foreshadow attacks are stealthy, and leave few traces of the attack event afterwards in a computer's logs.[5]
On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication,[22] at aUSENIX security conference.[9][22]
Foreshadow is similar to theSpectre security vulnerabilities discovered earlier to affectIntel andAMD chips, and theMeltdown vulnerability that affected Intel.[7] AMD products, according to AMD, are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]
Intel notes that the Foreshadow flaws could produce the following:[6]
According to one of the discoverers of the computer flaws: "... theSGX security hole can lead to a "Complete collapse of the SGX ecosystem."[6]
A partial listing of affected Intel hardware has been posted, and is described below.[11][12] (Note: a more detailed - and updated - listing of affected products is on theofficial Intel website.[11])
Foreshadow may be very difficult to exploit,[3][7] and there seems to be no evidence to date (15 August 2018) of any serious hacking involving the Foreshadow vulnerabilities.[3][7]
Applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration.[6][24] Companies performingcloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10]
The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generationIntel Xeon Scalable processors (code-namedCascade Lake),[20][21] as well as new client processors expected to launch later this year [2018]."[6]
