- Joined
- Oct 9, 2007
- Messages
- 47,538 (7.46/day)
- Location
- Hyderabad, India
System Name | RBMK-1000 |
---|---|
Processor | AMD Ryzen 7 5700G |
Motherboard | ASUS ROG Strix B450-E Gaming |
Cooling | DeepCool Gammax L240 V2 |
Memory | 2x 8GB G.Skill Sniper X |
Video Card(s) | Palit GeForce RTX 2080 SUPER GameRock |
Storage | Western Digital Black NVMe 512GB |
Display(s) | BenQ 1440p 60 Hz 27-inch |
Case | Corsair Carbide 100R |
Audio Device(s) | ASUS SupremeFX S1220A |
Power Supply | Cooler Master MWE Gold 650W |
Mouse | ASUS ROG Strix Impact |
Keyboard | Gamdias Hermes E2 |
Software | Windows 11 Pro |
A new series of CPU vulnerabilities affecting Intel processors emerged from the company's security bounty-hunter program, which are an exploitation of the L1 terminal fault. The vulnerability affects Intel processors that support SGX (Software Guard Extensions). A multinational group of researchers from KU Leuven University, Technion - Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 chronicled the vulnerability. The exploit involves interpreting and deriving data from timing the L1 cache. You'll recall that NetSpectre was a similar timing-based bit derivation exploit, what's being measured here instead, is how the L1 cache SRAM refreshes itself to different patterns of bits, and transcribing them to bits and bytes on the other end. We imagine a mitigation to this bug would be to randomize the L1$ timers.
Intel these days is releasing CPU microcode updates faster than King updates Candy Crush with new offline banner ads. The company was sure to have a mitigation for this vulnerability ready before disclosing it to the public. The company, in a statement, said that it's working tireless to get customers to install the updates. The three variants of the L1 Timing Fault vulnerability are chronicled in CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646.
Intel's briefs for each of the three vulnerabilities follows:
Image courtesy Byte Notes
View at TechPowerUp Main Site
Intel these days is releasing CPU microcode updates faster than King updates Candy Crush with new offline banner ads. The company was sure to have a mitigation for this vulnerability ready before disclosing it to the public. The company, in a statement, said that it's working tireless to get customers to install the updates. The three variants of the L1 Timing Fault vulnerability are chronicled in CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646.

Intel's briefs for each of the three vulnerabilities follows:
- L1 Terminal Fault-SGX (CVE-2018-3615)-Systems with microprocessors utilizing speculative execution and Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.
- L1 Terminal Fault-OS/ SMM (CVE-2018-3620)-Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.
- L1 Terminal Fault-VMM (CVE-2018-3646)-Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis
Image courtesy Byte Notes
View at TechPowerUp Main Site