L1 Terminal Fault (L1TF)
Bottom line for Users
There’s probably nothing much End Users can do except keep their machines patched. Be aware that early patches are being rolled out on Windows, I haven’t yet years
This looks to be potentially more serious than Meltdown and Spectre,
Demo code has been published.
No known attacks or compromised machines in the wild.
Any and all x86/x64 machines that use an L1 cache (every machine, don’t bother looking for exceptions)
Affects physical machines.
Theoretically affects virtual machines on compromised hardware.
Current descriptions only describe reading compromised data, but there is probably nothing that prevents injection, only difficulty.
This vulnerability affects a wide range of Intel processors.
The vulnerability is not present on:
Processors from AMD, Centaur and other non Intel vendors
Older processor models, where the CPU family is < 6
A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield)
The Intel XEON PHI family
Intel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018.
With the openSUSE Leap 15.0 patch “openSUSE-2018-886” which was published today, two of the repairs are ‘CVE-2018-3620’ and ‘CVE-2018-3646’:
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081).
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365).
For systems with Intel hardware, there’s also the Leap 15.0 Intel µCode patch “openSUSE-2018-887” which contains, in addition to a repair for ‘CVE-2018-3646 (L1 Terminal fault)’ repairs for, ‘CVE-2018-3640 (Spectre v3a)’ and ‘CVE-2018-3639 (Spectre v4)’.
Before applying the patch, “/sys/devices/system/cpu/vulnerabilities/l1tf” wasn’t present – it is now – AMD hardware …
> cat /sys/devices/system/cpu/vulnerabilities/l1tf