Research teams specialized in the field of information security found three new vulnerabilities in Intel processors. Their common name is L1 Terminal Fault or simply L1TF. A group of specialists who discovered flaws gave them the name “Foreshadow”.
Vulnerabilities affect the mechanism of speculative execution of the CPU and allow for attacks of the Specter class. The speculative execution function allows to improve the performance of modern processors by prematurely performing operations and later dropping unnecessary data. The vulnerabilities are targeted at data that is processed during speculative execution and stored in the CPU cache.
Intel has already released a patch. The weak spots have been eliminated in the last update of the microcode. According to the company, it has absolutely no effect on performance of client devices, but it can reduce efficiency by 7% when working with a virtual machine.
“The SGX attack is devastating. It can potentially undermine the integrity – and privacy – for any application that is reliant upon trusted hardware. A lot of companies in the cryptocurrency space rely on SGX to support multi-party protocols, but this attack allows any participant to cheat,” King’s College London assistant professor Patrick McCorry said.