If you thought Meltdown and Spectre were bad...

tsu2 · August 16, 2018, 6:39pm

**Foreshadow
L1 Terminal Fault (L1TF)
**
Bottom line for Users
There’s probably nothing much End Users can do except keep their machines patched. Be aware that early patches are being rolled out on Windows, I haven’t yet years

This looks to be potentially more serious than Meltdown and Spectre,
Demo code has been published.
No known attacks or compromised machines in the wild.

Potential scope
Any and all x86/x64 machines that use an L1 cache (every machine, don’t bother looking for exceptions)
Affects physical machines.
Theoretically affects virtual machines on compromised hardware.
Current descriptions only describe reading compromised data, but there is probably nothing that prevents injection, only difficulty.

Yes, this compromise has its own website
https://foreshadowattack.eu/
The Intel reference and statement
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
The Microsoft paper, but practically everything described is not specific to MS technology
https://blogs.technet.microsoft.com/srd/2018/08/10/analysis-and-mitigation-of-l1-terminal-fault-l1tf/
Probably the most authoritative article on how this affects Linux
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html

TSU

Miuku · August 16, 2018, 7:41pm

Affected processors

This vulnerability affects a wide range of Intel processors.

The vulnerability is not present on:

Processors from AMD, Centaur and other non Intel vendors
Older processor models, where the CPU family is < 6
A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield)
The Intel XEON PHI family
Intel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018.

10char and whatnot.

dcurtisfra · August 17, 2018, 11:07am

With the openSUSE Leap 15.0 patch “openSUSE-2018-886” which was published today, two of the repairs are ‘CVE-2018-3620’ and ‘CVE-2018-3646’:

CVE-2018-3620:

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081).

CVE-2018-3646:

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365).

For systems with Intel hardware, there’s also the Leap 15.0 Intel µCode patch “openSUSE-2018-887” which contains, in addition to a repair for ‘CVE-2018-3646 (L1 Terminal fault)’ repairs for, ‘CVE-2018-3640 (Spectre v3a)’ and ‘CVE-2018-3639 (Spectre v4)’.

Before applying the patch, “/sys/devices/system/cpu/vulnerabilities/l1tf” wasn’t present – it is now – AMD hardware …


 > cat /sys/devices/system/cpu/vulnerabilities/l1tf
Not affected
 >

Bill_L · August 26, 2018, 2:08am

From my older HP Compaq Intel dual core desktop.

cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: SMT disabled, L1D EPT disabled

I hope this is not bad!

malcolmlewis · August 26, 2018, 5:30am

Bill_L:

From my older HP Compaq Intel dual core desktop.
cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: SMT disabled, L1D EPT disabled
I hope this is not bad!

Hi
Nope, your good to go the mitigation is in effect
https://www.suse.com/support/kb/doc/?id=7023077