GOT THAT FEELING OF DEJA VU? If you've answered yes, that'll be because Intel has revealed another trio of speculative execution vulnerabilities in its processors.
Dubbed L1 Terminal Fault, each of the three flaws affect a system with an Intel chip in a different way. The first allows for Intel's software guard extension (SGX) to be exploited; the second affects operating systems and a computer's system management mode; amd the third affects hypervisor software commonly found in data centres.
The flaws were flagged to Intel by a bunch of security researchers after the Meltdown and Spectre vulnerabilities were discovered and came to light back in January.
The researchers flagged a potential attack technique called Foreshadow, which exploits a vulnerability in the SGX technology found in Intel's processors.
In normal circumstances, SGX works by forming a fortress around a user's data, protecting things like documents, photos and passwords. It's designed to withstand exploits that affect a the lower-levels of a computer or cloud systems operating stack.
SGX protects against the speculative execution attacks of the Meltdown and Spectre flaws using a mechanism called abort page semantics, which prevents malicious use of the scouting speculative execution - such attacks can mislead scouts to sensitive data, rather than allow them to predict the data a computing task might need next.
However, Foreshadow overcomes SGX's turning away of malicious scouts by making a shadow copy of the information the data fort holds and moving it to an unprotected location where it can then be accessed using the malicious speculative execution scout. If that's all a bit too much to follow, check out the video below.
Luckily for Intel, the first two variants of the L1 Terminal Fault have been patched, and when combined with the patches for Meltdown and Spectre, should prevent Core and Xeon chips from being hacked through exploiting their speculative execution features.
The real problems sits with the third flaw. The nature of hypervisor software allows for virtual machines or processors to be run off shared resources of a physical server, with one key feature being the use of simultaneous multi-threading. In Intel's case, this tech is called Hyperthreading and in hypervisor situations allows for a multi-core CPU to split one of its cores to act like two separate processors for the hypervisor. This technique creates sibling threads.
Those threads might have separate virtual processors but on the hardware side, they share a pool of L1 cache memory attached to the core. If a malicious guest happens to be using one of the virtual processors, they could - with some sophisticated hacking - exploit the third variation of the L1 Terminal Fault to target data used by the other sibling thread.
The virtual processor will recognise this and deny the request, but thanks to speculative execution, if the data the malicious actor was after just so happened to be in the cache at the same time, it could be exposed to the hacker.
It's a complicated cyberattack and one that Intel hasn't observed out in the wild. But there are steps IT admins can take, such as applying operating system patches to all the guest systems running on a processor that should stop one sibling thread from attacking another.
Another fix involves using the latest microcode and hypervisor updates to periodically flush the information left in the L1 cache making it more difficult for malicious actors to swipe if they get into a sibling thread.
If that's not enough, other steps can be taken, especially in situations where not every virtualised operating system running off a processor can be guaranteed of being updated. IT admins can make sure that only trusted sibling threads access the same processor core using the core scheduling technique.
But if core scheduling isn't secure enough, allowing only one thread to run per core will avoid L1 Terminal Fault security problems, though that'll likely be at the expense of getting the most out of a server running an Intel chip.
All in all, these vulnerabilities aren't nearly as serious as Meltdown and Spectre, and seem easily mitigated with patches and a bit of savvy systems administration. Still, it highlights that speculative execution seems to be at the core of serious processor vulnerabilities and that next-gen chip will need to be built with the lessons learnt from such security holes. µ
'Some of us like the misery'
That'll surely affect its credit score