New "L1 Terminal Fault" Security Vulnerability Affects Intel Processors, Mitigation Out

[btarunr]

A new series of CPU vulnerabilities affecting Intel processors emerged from the company's security bounty-hunter program, which are an exploitation of the L1 terminal fault. The vulnerability affects Intel processors that support SGX (Software Guard Extensions). A multinational group of researchers from KU Leuven University, Technion - Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 chronicled the vulnerability. The exploit involves interpreting and deriving data from timing the L1 cache. You'll recall that NetSpectre was a similar timing-based bit derivation exploit, what's being measured here instead, is how the L1 cache SRAM refreshes itself to different patterns of bits, and transcribing them to bits and bytes on the other end. We imagine a mitigation to this bug would be to randomize the L1$ timers.

Intel these days is releasing CPU microcode updates faster than King updates Candy Crush with new offline banner ads. The company was sure to have a mitigation for this vulnerability ready before disclosing it to the public. The company, in a statement, said that it's working tireless to get customers to install the updates. The three variants of the L1 Timing Fault vulnerability are chronicled in CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646.



Intel's briefs for each of the three vulnerabilities follows:

• L1 Terminal Fault-SGX (CVE-2018-3615)-Systems with microprocessors utilizing speculative execution and Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.
• L1 Terminal Fault-OS/ SMM (CVE-2018-3620)-Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.
• L1 Terminal Fault-VMM (CVE-2018-3646)-Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis

Intel setup a micro-site dedicated to this class of vulnerabilities, which not only gives you technical information, but also mitigation.

Image courtesy Byte Notes

View at TechPowerUp Main Site

 

[chaosmassive]

one after another, Intel just wont get a break these days....

 

[Hugis]

So skylake and above are affected.
Is that right?

 

[DeathtoGnomes]

poor poor Intel, seems like its attracting bugs instead of repelling them.

 

[TheTechGuy1337]

You guys act like Intel or any company has all the answers. They don't. One group does not know everything. Be it Intel or AMD or any other company out there. There will be security holes somewhere. That is the price of having a device that can connect to the internet or can communicate to someone remotely. None of this information gets leaked to the public without that specific company knowing about it before hand. They already have a fix for it. IT professionals only care about a solution to the problem. If there isn't one, then we need to have a conversation, but if they have already patched the issue. No complaints from me.

 

[stimpy88]

one after another, Intel just wont get a break these days....

This is what happens when you sit on the same architecture for too many years without giving a crap about spending money on it or improving it...

 

[Nuckles56]

Intel these days is releasing CPU microcode updates faster than King updates Candy Crush with new offline banner ads.

I may have laughed a bit more than I should at that

 

[metalfiber]

Intel wants these vulnerabilities found out, after all it is a bounty hunter program. If your gonna blame anybody, blame the hackers going after us not Intel trying to protect us.

 

[Prince Valiant]

You guys act like Intel or any company has all the answers. They don't. One group does not know everything. Be it Intel or AMD or any other company out there. There will be security holes somewhere. That is the price of having a device that can connect to the internet or can communicate to someone remotely. None of this information gets leaked to the public without that specific company knowing about it before hand. They already have a fix for it. IT professionals only care about a solution to the problem. If there isn't one, then we need to have a conversation, but if they have already patched the issue. No complaints from me.

Some of these have affected performance and Intel hasn't been speedy about pushing fixes across the board.

 

[HTC]

Apparently, here's another problem with speculative execution: https://foreshadowattack.eu/

Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.

Who reported this vulnerability?

Foreshadow was independently and concurrently discovered by two teams:

• Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven).
• Marina Minkin, Mark Silberstein (Technion), Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch (University of Michigan), Yuval Yarom (University of Adelaide and CSIRO's Data61).
• The KU Leuven authors discovered the vulnerability, independently developed the attack, and first notified Intel on January 3, 2018. Their work was done independently from and concurrently to other recent x86 speculative execution vulnerabilities, notably Meltdown and Spectre.
• The authors from Technion, University of Michigan, the University of Adelaide and CSIRO's Data61 independently discovered and reported the vulnerability and associated attack to Intel during the embargo period on January 23, 2018.

Regarding AMD's exposure to this specific issue:

8/14/18
As in the case with Meltdown, we believe our processors are not susceptible to the new speculative execution attack variants called Foreshadow or Foreshadow-NG due to our hardware paging architecture protections. We are advising customers running AMD EPYC™ processors in their datacenters, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms.

 

[TheTechGuy1337]

Some of these have affected performance and Intel hasn't been speedy about pushing fixes across the board.

Besides performance loss on synthetic benchmarks. Give me a real world example of performance loss to the average daily usage of users? I manage over 1,000 devices at my workplace and some of those pc's are 10 years old. The older ones didn't even receive security updates. They are too far past their prime for Intel to care about them. All of our newer equipment has the latest updates. Guess how many people complained about performance drops? This is including our development teams that require high end machines to do their daily task. Not a single person. I could care less if someone loses 3 fps in a game. Only people pushing their machines or have extremely low end machines would ever see an issue. And when I say low end. I'm talking single core processors.

 

[HD64G]

So, Intel is faster partly due to their zero interest for security when designing cpus and now that their products are found vulnerable in many fronts and are getting slower month by month as being patched, they try to compensate somehow for their bad security strategy by giving away bounties that are priced 1/1000000 of their yearly revenue from selling those and that is still commendable to some people. Keep getting milked then, as another intel cpu is coming soon on sale.

 

[HTC]

So, Intel is faster partly due to their zero interest for security when designing cpus and now that their products are found vulnerable in many fronts and are getting slower month by month as being patched, they try to compensate somehow for their bad security strategy by giving away bounties that are priced 1/1000000 of their yearly revenue from selling those and that is still commendable to some people. Keep getting milked then, as another intel cpu is coming soon on sale.

To be fair, AMD is also affected, mainly by spectre variant attacks. While most of these attacks don't hit the general user much, it leaves big companies subject to performance losses due to mitigations and those losses are adding up.

That said, BOTH companies need to address these issues, on a hardware level, as soon as possible.

 

[TheTechGuy1337]

To be fair, AMD is also affected, mainly by spectre variant attacks. While most of these attacks don't hit the general user much, it leaves big companies subject to performance losses due to mitigations and those losses are adding up.

That said, BOTH companies need to address these issues, on a hardware level, as soon as possible.

Finally, someone that understands both sides of the fence. All tech companies will have security issues eventually. Why? Because of innovation. There is no perfect solution. This is why things get patched on the daily. Humans are not perfect. There is no one company to rule them all. We keep fixing an item until it is as good as it can be. It is up to the buyers and community to hold these companies accountable for their products. As long as we do that, then everyone gets the benefits.

 

[JoniISkandar]

Finally, someone that understands both sides of the fence. All tech companies will have security issues eventually. Why? Because of innovation. There is no perfect solution. This is why things get patched on the daily. Humans are not perfect. There is no one company to rule them all. We keep fixing an item until it is as good as it can be. It is up to the buyers and community to hold these companies accountable for their products. As long as we do that, then everyone gets the benefits.

take example of drag race,, intel is same people trying to push very high speed Bike with minimum security concern.

same as intel avoid 7 generation of their Core series Architecture flaw, the bug is on Hardware based, AMD is on different animal, not the same, Ryzen is newly fresh Architecture unlike Core series which is from more than decade ago,, as anything report AMD is very minimal impact compare to Intel, that cant be FIXED by software, they making patch for this, is same when your car tire broken and just add temporary patch before actual HARDWARE level fix applied aka replacing the architecture

 

[chaosmassive]

We are advising customers running AMD EPYC™ processors in their datacenters, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms

wow that sneaky marketing there, gotta use it for ads whatever exposures you get

 

[John Naylor]

I'm still waiting for the news of the 1st horror story of "look what happened to me " with regard to any of these flaws.

 

[Jism]

wow that sneaky marketing there, gotta use it for ads whatever exposures you get

Because it's proberly unnecessary to apply a patch for the TR/RY platform, that is the message. And if you do it might cost you performance while it's not needed.

AMD has the better product, period.

 

[TheTechGuy1337]

take example of drag race,, intel is same people trying to push very high speed Bike with minimum security concern.

same as intel avoid 7 generation of their Core series Architecture flaw, the bug is on Hardware based, AMD is on different animal, not the same, Ryzen is newly fresh Architecture unlike Core series which is from more than decade ago,, as anything report AMD is very minimal impact compare to Intel, that cant be FIXED by software, they making patch for this, is same when your car tire broken and just add temporary patch before actual HARDWARE level fix applied aka replacing the architecture

You are making assumptions when it comes to Intel and AMD security practices. Both sides are going to have flaws. It can be both software and hardware based problems. Technology is only as good as the creator. You think just because AMD is running a new architecture that it makes it more secure? Really now? Spectre affected both Intel and AMD chips across the board if we are cherry picking examples. That applied to Ryzen too. There will be more security holes in the future for both companies. It just takes one person to find it. They find it....we patch it. Saying that either company is better than the other at security is flawed. All things become vulnerable with time. There will always be some new leak, some new bug, or some hole as long as people exist. We learn from our mistakes. One problem at a time.

 

[HTC]

Because it's proberly unnecessary to apply a patch for the TR/RY platform, that is the message. And if you do it might cost you performance while it's not needed.

AMD has the better product, period.

Incorrect: AMD has the better implementation of speculative execution but, as evidenced by the spectre variants, AMD's approach has issues as well.

I'm not sure if, @ least on server products (since these are the most affected) the speculative execution portion shouldn't be outright removed, from both camps: it's problem after problem after problem, and all the mitigations for the various issues combined have a serious impact on performance and i'm not sure if it's impact is greater than the performance benefits speculative execution brings.

 

[TheGuruStud]

Besides performance loss on synthetic benchmarks. Give me a real world example of performance loss to the average daily usage of users? I manage over 1,000 devices at my workplace and some of those pc's are 10 years old. The older ones didn't even receive security updates. They are too far past their prime for Intel to care about them. All of our newer equipment has the latest updates. Guess how many people complained about performance drops? This is including our development teams that require high end machines to do their daily task. Not a single person. I could care less if someone loses 3 fps in a game. Only people pushing their machines or have extremely low end machines would ever see an issue. And when I say low end. I'm talking single core processors.

No one cares about consumer. Consumers are idiots and have the luck to purchase left over dies. Enterprise.... Where do you think all the ram/flash is going? Again, we get the scraps.

~25% is huge hit in VMs (and who know how much more now). In fact, just got word...a huge fortune 500 is going AMD from this circus of intel flaws.

 

[R-T-B]

I'm still waiting for the news of the 1st horror story of "look what happened to me " with regard to any of these flaws.

Talk to datacenter admins.

In fact, just got word...a huge fortune 500 is going AMD from this circus of intel flaws.

You know, I'm pretty sure if that were true for a second you wouldn't be withholding the name...

 

[hat]

~25% is huge hit in VMs (and who know how much more now). In fact, just got word...a huge fortune 500 is going AMD from this circus of intel flaws.

Until somebody blows AMD wide open... This stuff never sends to end.

 

[Jism]

Incorrect: AMD has the better implementation of speculative execution but, as evidenced by the spectre variants, AMD's approach has issues as well.

Yes, but did that impact AMD worse on performance compared to Intel?

I dont think so. And how many micro-code updates did Intel CPU's had by now. As written above consumers dont really get much out of those updates which could tamper performance, but on large (DC) scale a 5 up to 15% hit is considered as very huge.

 

[HTC]

Yes, but did that impact AMD worse on performance compared to Intel?

I dont think so. And how many micro-code updates did Intel CPU's had by now. As written above consumers dont really get much out of those updates which could tamper performance, but on large (DC) scale a 5 up to 15% hit is considered as very huge.

Less mitigations required = less performance hit impact.

Still, this whole speculative execution part of the processors should be removed from future processors, from both camps: too many problems, IMO.