An Intel CPU vulnerability was disclosed on August 14th 2018 called “L1 terminal fault”, also known as “L1TF” or “Foreshadow”. The vulnerability enables attacks against host memory from inside a guest virtual machine (eg, a Cloud server). Malicious guests could infer values of data from the host machine or from other guest machines.
Following Intel’s public disclosure yesterday, we’ve been investigating thoroughly and identifying the best way forward.
We’ll post an update once we’ve made a decision on which mitigations we’re going to apply, when we’re going to apply them, and if possible an estimation of how these mitigations may or may not affect customers.
Brief technical explanation
A page-table entry (PTE) is a structure that translates between virtual and physical memory addresses. Intel CPUs, through an optimization technique called “speculative execution”, are treating invalidated PTEs as valid; this may allow malicious access to system memory that should otherwise be inaccessible to an attacker.
There are few different mitigations available (references in links at the bottom):
A Linux kernel update (with minimal performance impact) will be available this week that ensures that non-present (invalidated) PTEs point to a non-existent region of memory. This provides adequate protection only if guest kernels are also patched, but Cloud providers usually give customers freedom to choose their kernel.
An Intel microcode update is available that arranges for the L1 cache to be flushed before returning to a guest virtual machine, therefore preventing malicious access. The performance impact varies depending on workload.
Clearing the L1 cache is only a partial solution if the CPU is running with hyperthreading enabled, as threads share the L1 cache. One can disable hyperthreading, but that has a significant impact on performance.
Another approach might be to disable the extended page-table feature entirely. This seems at first look to provide the highest guarantee of protection but also the highest performance cost.
“Intel has developed a method to detect L1TF-based exploits during system operation, applying mitigation only when necessary. Intel has provided pre-release microcode with this capability to some of our partners for evaluation, and hope to expand this offering over time.” Source
We’re still in the process of making technical decisions (much of which revolves around trade-offs between performance and security), but we’ll keep you posted. Rest assured we’ll be trying to plot a path forwards that sits best for our customers.
CVEs (and links to Debian security tracker)
- CVE-2018-3615 for attacking SGX.
- CVE-2018-3620 for attacking the OS Kernel and SMM mode.
- CVE-2018-3646 for attacking virtual machines.