Intel’s Core and Xeon line of processors are prone to another major speculative execution flaw named “Foreshadow,” alternatively called L1 Terminal Fault or L1TF. This attack could allow attackers to gain access to sensitive data stored in a computer’s memory or 3rdparty Clouds, which includes files, encryption keys, pictures, or even passwords. Speculative execution refers to a processor’s educated guess as to what the next operation would be in a process. If this educated guess is correct, then resources are saved, else the data is scrapped but remnants might be left behind. Foreshadow targets Intel’s Security Guard Extensions (SGX) within the processors.
SGX was originally designed with the idea to protect code from disclosure or modification, even if the BIOS, virtual machine manager (VMM), operating system, and drivers should become compromised. It allows programs to establish secure enclaves, which are regions of a chip that are privatized to run code that an operating system cannot access or change. Thus, there is a safe location for private data in the event of the computer itself becoming compromised. SGX uses what’s known as attestation keys to enable its crucial integrity checks. This works fine for Spectre and Meltdown but Foreshadow is a different contender. In addition, not many users utilize the SGX feature, so there isn’t a real concern for most consumers.
If you’re patched for Spectre / Meltdown, then you should be safe from Foreshadow as well. Additionally, if you don’t even utilize SGX then there is no real concern there either. As for fixes, an upcoming processor release of Cascade Lake is expected to patch this at the hardware level. Intel is also releasing microcode that addresses these concerns and have already been rolled out during May / June releases. They’re also coordinating with key developers such as Microsoft and Linux to patch this risk.
To add some context to this vulnerability, it could allow a breakdown of walls between different virtual machines and that poses a huge threat to providers of this service. So, if you’re in a virtual environment using Hyper-V or ESXi, then this should be more of a concern than standard end users. Environments utilizing AMD Epyc processors are not affected by this, in fact AMD is stating that customers should not implement Foreshadow-related software mitigations.
References
Bulck, J. V. et al. FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. Retrieved from https://foreshadowattack.eu/foreshadow.pdf
Hachman, M. (August 15, 2018). Foreshadow attacks Intel CPUs with Spectre-like tactics (but you’re probably safe). Retrieved from https://www.pcworld.com/article/3297419/security/foreshadow-l1tf-is-a-speculative-execution-exploit-targeting-intel-core-chips.html
Newman, L. H. (August 14, 2018). SPECTRE-LIKE FLAW UNDERMINES INTEL PROCESSORS’ MOST SECURE ELEMENT. Retrieved from https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/