Foreshadow Attacks

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords.

Impact

The three vulnerabilities have been presented in two categories:

Foreshadow:

Foreshadow targets SGX[2] (Software Guard Extensions) which is a new feature in Intel CPUs that allow computers to protect users’ data even if the entire system is compromised by the attacker. This type attack demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory, as well as extracting the machine’s private attestation key.[3] The vulnerability is explained in CVE-2018-3615.

Foreshadow – Next Generation (NG):

This variant contains two vulnerabilities which target virtualization environments.

Operating systems and System Management Mode (SMM) — CVE-2018-3620
Virtualization software and Virtual Machine Monitors (VMM) — CVE-2018-3646

These flaws also disclose sensitive information residing in the L1 data cache. This includes the information stored in other virtual machines running on the same third-party Cloud, with local user access or guest OS privilege via a terminal page fault and side-channel analysis. In some cases, Foreshadow-NG[4] could bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre.

Affected Platforms

The following Intel-based platforms are potentially impacted by these issues:

Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors **
7th generation Intel® Core™ processors **
8th generation Intel® Core™ processors **
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor D (1500, 2100)

Mitigation and Prevention Strategies

Intel has released an advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html which also patches. Microsoft and Oracle have also released advisories and patches. Our customers are advised to apply these new patches as soon as possible.

For questions or comments regarding this report, please contact Wapack Labs at 603-606-1246, or feedback@wapacklabs.com