Foreshadow

Last updated

Foreshadow
Foreshadow logo with narrow text.svg
A logo created for the vulnerability, featuring a lock with a shadow.
CVE identifier(s) CVE- 2018-3615 (Foreshadow), CVE- 2018-3620 and CVE- 2018-3646 (Foreshadow-NG)
Date discoveredJanuary 2018;5 years ago (2018-01)
Affected hardwareModern Intel processors

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, [1] [2] is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. [18] The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. [1] There are two versions: the first version (original/Foreshadow) (CVE - 2018-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) [19] (CVE- 2018-3620 andCVE- 2018-3646) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. [1] A listing of affected Intel hardware has been posted. [11] [12]

Contents

Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that also affected Intel. [7] AMD products are not affected by the Foreshadow security flaws. [7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack". [16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years". [3]

Foreshadow may be very difficult to exploit. [3] [7] As of 15 August 2018, there seems to be no evidence of any serious hacking involving the Foreshadow vulnerabilities. [3] [7] Nevertheless, applying software patches may help alleviate some concern, although the balance between security and performance may be a worthy consideration. [6] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers. [10] The real fix, according to Intel, is by replacing today's processors. [6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), [20] [21] as well as new client processors expected to launch later this year [2018]." [6]

On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, entitled "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution" [22] at a USENIX security conference. [9] [22]

History

Two groups of researchers discovered the security vulnerabilities independently: a Belgian team (including Raoul Strackx, Jo Van Bulck, Frank Piessens) from imec-DistriNet, KU Leuven reported it to Intel on 3 January 2018; [23] a second team from Technion – Israel Institute of Technology (Marina Minkin, Mark Silberstein), University of Adelaide (Yuval Yarom), and University of Michigan (Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch) reported it on 23 January 2018. [1] [4] The vulnerabilities were first disclosed to the public on 14 August 2018. [1] [4]

Mechanism

The Foreshadow vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. [1] There are two versions: the first version (original/Foreshadow) (CVE- 2018-3615 [attacks SGX]) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE - 2018-3620 [attacks the OS Kernel and SMM mode] and CVE - 2018-3646 [attacks virtual machines]) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. [1] Intel considers the entire class of speculative execution side channel vulnerabilities as "L1 Terminal Fault" (L1TF). [1]

For Foreshadow, the sensitive data of interest is the encrypted data in an SGX enclave. Usually, an attempt to read enclave memory from outside the enclave is made, speculative execution is permitted to modify the cache based on the data that was read, and then the processor is allowed to block the speculation when it detects that the protected-enclave memory is involved and reading is not permitted. Speculative execution can use sensitive data in a level 1 cache before the processor notices a lack of permission. [4] The Foreshadow attacks are stealthy, and leave few traces of the attack event afterwards in a computer's logs. [5]

On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, [22] at a USENIX security conference. [9] [22]

Impact

Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that affected Intel. [7] AMD products, according to AMD, are not affected by the Foreshadow security flaws. [7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack". [16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years". [3]

Intel notes that the Foreshadow flaws could produce the following: [6]

According to one of the discoverers of the computer flaws: "... the SGX security hole can lead to a "Complete collapse of the SGX ecosystem." [6]

A partial listing of affected Intel hardware has been posted, and is described below. [11] [12] (Note: a more detailed - and updated - listing of affected products is on the official Intel website. [11] )

Foreshadow may be very difficult to exploit, [3] [7] and there seems to be no evidence to date (15 August 2018) of any serious hacking involving the Foreshadow vulnerabilities. [3] [7]

Mitigation

Applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration. [6] [24] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers. [10]

The real fix, according to Intel, is by replacing today's processors. [6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), [20] [21] as well as new client processors expected to launch later this year [2018]." [6]

See also

Related Research Articles

<span class="mw-page-title-main">Arbitrary code execution</span> Computer security

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network is often referred to as remote code execution (RCE).

The Time Stamp Counter (TSC) is a 64-bit register present on all x86 processors since the Pentium. It counts the number of CPU cycles since its reset. The instruction RDTSC returns the TSC in EDX:EAX. In x86-64 mode, RDTSC also clears the upper 32 bits of RAX and RDX. Its opcode is 0F 31. Pentium competitors such as the Cyrix 6x86 did not always have a TSC and may consider RDTSC an illegal instruction. Cyrix included a Time Stamp Counter in their MII.

<span class="mw-page-title-main">Pwnie Awards</span> Information security awards

The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.

<span class="mw-page-title-main">Intel Core</span> Line of CPUs by Intel

Intel Core is a line of streamlined midrange consumer, workstation and enthusiast computer central processing units (CPUs) marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time of their introduction, moving the Pentium to the entry level. Identical or more capable versions of Core processors are also sold as Xeon processors for the server and workstation markets.

In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In 2008, a vulnerability in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS. Cloudburst was presented in Black Hat USA 2009.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

<span class="mw-page-title-main">Kernel page-table isolation</span>

Kernel page-table isolation is a Linux kernel feature that mitigates the Meltdown security vulnerability and improves kernel hardening against attempts to bypass kernel address space layout randomization (KASLR). It works by better isolating user space and kernel space memory. KPTI was merged into Linux kernel version 4.15, and backported to Linux kernels 4.14.11, 4.9.75, and 4.4.110. Windows and macOS released similar updates. KPTI does not address the related Spectre vulnerability.

<span class="mw-page-title-main">Meltdown (security vulnerability)</span> Microprocessor security vulnerability

Meltdown is one of the two original transient execution CPU vulnerabilities. Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

<span class="mw-page-title-main">Spectre (security vulnerability)</span> Processor security vulnerability

Spectre refers to one of the two original transient execution CPU vulnerabilities, which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

Speculative Store Bypass (SSB) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "Variant 3a".

Lazy FPU state leak, also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel Core CPUs. The vulnerability is caused by a combination of flaws in the speculative execution technology present within the affected CPUs and how certain operating systems handle context switching on the floating point unit (FPU). By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown vulnerabilities that were publicly disclosed in January 2018.

In digital computing, hardware security bugs are hardware bugs or flaws that create vulnerabilities affecting computer central processing units (CPUs), or other devices which incorporate programmable processors or logic and have direct memory access, which allow data to be read by a rogue process when such reading is not authorized. Such vulnerabilities are considered "catastrophic" by security analysts.

Spoiler is a security vulnerability on modern computer central processing units that use speculative execution. It exploits side-effects of speculative execution to improve the efficiency of Rowhammer and other related memory and cache attacks. According to reports, all modern Intel Core CPUs are vulnerable to the attack as of 2019. AMD has stated that its processors are not vulnerable.

<span class="mw-page-title-main">Microarchitectural Data Sampling</span> CPU vulnerabilities

The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL, ZombieLoad., and ZombieLoad 2.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The classic example is Spectre that gave its name to this kind of side-channel attack, but since January 2018 many different vulnerabilities have been identified.

SWAPGS, also known as Spectre variant 1 (swapgs), is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors. Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache, which attackers use to extract data using a timing attack, similar to side-channel exploitation of Spectre.

<span class="mw-page-title-main">Load value injection</span> Microprocessor security vulnerability

Load value injection (LVI) is an attack on Intel microprocessors that can be used to attack Intel's Software Guard Extensions (SGX) technology. It is a development of the previously known Meltdown security vulnerability. Unlike Meltdown, which can only read hidden data, LVI can inject data values, and is resistant to the countermeasures so far used to mitigate the Meltdown vulnerability.

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips. First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was intended as a mitigation for speculative execution attacks.

References

  1. 1 2 3 4 5 6 7 8 9 "Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution". ForeShadowAttack.eu. 2018-08-14. Archived from the original on 2018-08-15. Retrieved 2018-08-14.
  2. "Software Security Guidance from Intel". Software.intel.com. Archived from the original on 2020-07-26. Retrieved 2021-12-29.
  3. 1 2 3 4 5 6 7 Kan, Michael (2018-08-14). "New 'Foreshadow' Flaw Exploits Intel Chips To Steal Protected Data - The new vulnerability builds on research related to the Meltdown and Spectre flaws. Foreshadow can be exploited to read data from Intel's SGX technology, while a separate variant can break the security protections in data centers that run virtual machines". PC Magazine . Archived from the original on 2018-08-15. Retrieved 2018-08-14.
  4. 1 2 3 4 Bright, Peter (2018-08-14). "Intel's SGX blown wide open by, you guessed it, a speculative execution attack - Speculative execution attacks truly are the gift that keeps on giving". Ars Technica . Archived from the original on 2018-08-15. Retrieved 2018-08-14.
  5. 1 2 Newman, Lily Hay (2018-08-14). "Spectre-like Flaw Undermines intel Processors' Most Secure Element". Wired . Archived from the original on 2019-01-11. Retrieved 2018-08-15.
  6. 1 2 3 4 5 6 7 8 9 Vaughan-Nichols, Steven J. (2018-08-14). "Beyond Spectre: Foreshadow, a new Intel security problem - Researchers have broken Intel's Software Guard Extensions, System Management Mode, and x86-based virtual machines". ZDNet . Archived from the original on 2018-08-15. Retrieved 2018-08-15.
  7. 1 2 3 4 5 6 7 8 9 Giles, Martin (2018-08-14). "Intel's 'Foreshadow' flaws are the latest sign of the chipocalypse". MIT Technology Review . Archived from the original on 2018-08-16. Retrieved 2018-08-14.
  8. Masters, Jon (2018-08-14). "Understanding L1 Terminal Fault aka Foreshadow: What you need to know". Red Hat . Archived from the original on 2018-08-18. Retrieved 2018-08-18.
  9. 1 2 3 Chirgwin, Richard (2018-08-15). "Foreshadow and Intel SGX software attestation: 'The whole trust model collapses' - El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe". The Register . Archived from the original on 2018-08-15. Retrieved 2018-08-15.
  10. 1 2 3 Lee, Dave (2018-08-15). "'Foreshadow' attack affects Intel chips". BBC News . Archived from the original on 2018-08-15. Retrieved 2018-08-15.
  11. 1 2 3 4 Staff (2018-08-14). "Q3 2018 Speculative Execution Side Channel Update (Intel-SA-00161)". Intel . Archived from the original on 2019-04-24. Retrieved 2018-08-01.
  12. 1 2 3 Armasu, Lucian (2018-08-15). "Intel Chips' List of Security Flaws Grows". Tom's Hardware . Archived from the original on 2021-12-29. Retrieved 2018-08-15.
  13. Kerner, Sean Michael (2018-08-15). "Intel SGX at Risk From Foreshadow Speculative Execution Attack - Another set of side-channel, speculative execution vulnerabilities have been publicly reported by security researchers; this time the vulnerabilities take specific aim at SGX secure enclave and hypervisor isolation boundaries". eWeek . Archived from the original on 2021-12-29. Retrieved 2018-08-15.
  14. Kennedy, John (2018-08-15). "A Foreshadow of security: What you need to know about new Intel chip flaws". Silicon Republic.com. Archived from the original on 2018-08-16. Retrieved 2018-08-15.
  15. Hachman, Mark (2018-08-15). "Foreshadow attacks Intel CPUs with Spectre-like tactics (but you're probably safe) - You should be protected from L1TF if your PC is patched and up to date". PC World . Archived from the original on 2021-12-29. Retrieved 2018-08-16.
  16. 1 2 3 Hoffman, Chris (2018-08-16). "How to Protect Your PC From the Intel Foreshadow Flaws". How-To Geek. Archived from the original on 2018-08-16. Retrieved 2018-08-16.
  17. Constantin, Lucian (2018-08-16). "New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs". SecurityBoulevard.com. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  18. [1] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]
  19. Weisse, Ofir; et al. (2018). "Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution".[ permanent dead link ]
  20. 1 2 Cutress, Ian (2018-08-19). "Intel at Hot Chips 2018: Showing the Ankle of Cascade Lake". AnandTech . Archived from the original on 2018-08-20. Retrieved 2018-08-19.
  21. 1 2 Alcorn, Paul (2018-08-22). "Intel Unveils Cascade Lake, In-Silicon Spectre And Meltdown Mitigations". Tom's Hardware . Retrieved 2018-08-22.
  22. 1 2 3 4 Van Bulck, Jo; Minkin, Marina; Weisse, Ofir; Genkin, Daniel; Kasikci, Baris; Piessens, Frank; Silberstein, Mark; Wenisch, Thomas F.; Yarom, Yuval; Strackx, Raoul (2018-08-16). "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution" (PDF). USENIX . Archived (PDF) from the original on 2018-08-18. Retrieved 2018-08-16.
  23. "Protecting Our Customers through the Lifecycle of Security Threats | Intel Newsroom". Newsroom.intel.com. Archived from the original on 2018-08-14. Retrieved 2021-12-29.
  24. Larabel, Michael (2019-05-24). "Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload". Phoronix . Archived from the original on 2019-06-01. Retrieved 2019-05-25.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.