Posted on

VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. When a program attempts to access data in memory,the logical memory address is translated to a physical address by the hardware. Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault. Once the fault is triggered,there is a gap before resolution where the processor will use speculative execution to try to load data. During this time,the processor could speculatively access the level 1 data cache,potentially allowing side-channel methods to infer information that would otherwise be protected. More information about L1 terminal fault can be found here. CWE-208:Information Exposure Through Timing Discrepancy CVE-2018-3615 – L1 Terminal Fault(L1TF)SGX – also known as Foreshadow or Foreshadow-SGX Systems with microprocessors utilizing speculative execution and Intel software guard extensions(Intel SGX)may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis. An unprivileged attacker can execute transient instructions,and once the processor determines that it should not have speculatively executed them,the changes are discarded and a page fault is issued. After the OS catches the fault,the user-level exception handler is called and the user can measure the secret enclave byte and use this to find the secret index in the CPU cache. CVE-2018-3620 – L1 Terminal Fault(L1TF)OS/SMM – also known as Foreshadow-OS Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis. When the OS kernel decides to swap virtual memory,it may leave metadata in a page table after unmapping a virtual page that could point to a valid physical address that contains sensitive data. After the kernel clears this data,it produces a terminal fault while dereferencing the unmapped page. Even with the terminal fault,the L1 data cache still sends the unauthorized data on to the transient out-of-order execution in case the metadata present represents a cached physical address. The information that could be read by an attacker can include information from the operating system’s kernel(OS)and the System Management Mode(SMM). CVE-2018-3646 – L1 Terminal Fault(L1TF)VMM – also known as Foreshadow-VMM Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. Since a guest VM has control over the first address mapping,they can trigger terminal faults that allow them to transiently read any cached physical memory on the system,including memory from other VMs. Unlike L1TF OS/SMM,an attacker exploiting the virtual machine can control physical addresses used to access the L1 cache during transient instructions and even point to guest physical memory.

What are your thoughts?