Intel has been having a very rough 2018. After the revelation of the Spectre and Meltdown flaws at the beginning of the year, Intel and its partners have been fighting a seemingly uphill battle in trying to patch flaws that could leave very sensitive parts of the computer exposed to people with bad intentions. Now, Intel themselves have disclosed three speculative execution flaws in their Core and Xeon series of processors. The new flaw is dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, and includes three vulnerabilities impacting Intel’s processors.
The three Foreshadow vulnerabilities have been divided into two variants; Foreshadow and Foreshadow: Next Generation. Foreshadow targets the Intel Software Guard Extension enclaves, designed specifically to prevent disclosure and modification of select code and user data. While SGX enclaves were designed to be impervious to Spectre and Meltdown, it appears that through the Foreshadow flaw, an attacker could gain access to data residing in L1 cache.
The Foreshadow Next Generation flaw has two vulnerabilities that specifically targets virtualised environments being used by large cloud computing platforms like those of Amazon and Microsoft. These flaws also allow access to data residing in the L1 cache but are a little more serious. Through the Foreshadow NG attack, malicious parties can also gain access to data residing on other virtual machines, as long as they’re running on the same third-party cloud platform.
Security researchers held off on disclosing the Spectre and Meltdown flaws for well over the industry norm of 60 days in order to let Intel patch the problems. The Foreshadow flaw was announced by Intel, Microsoft, Red Hat and a group of academic researchers in a coordinated manner. While a patch for the new flaws is yet to be issued, Intel says that they have not yet come across any reported case in the real world where the new flaws have been used to compromise systems. While a software patch for Foreshadow will be just a band-aid, a real fix will only be implemented when the new Cascade Lake chips are released later this year. Additionally, the new chips which are impervious to speculative execution flaws would need to replace all the current vulnerable processors.