Another Intel CPU flaw

Having problems installing that new stick of memory? Found some great software or having issues with something? Or maybe want to chat about your PlayStation, X-Box, Nintendo, Sega, even your old Spectrum 48k....! Or maybe something you want to sell or acquire (computing related of course!). Let us know here...
Post Reply
UBT - Timbo
UBT Forum Admin
Posts: 9673
Joined: Mon Mar 13, 2006 12:00 am
Location: NW Midlands
Contact:

Another Intel CPU flaw

Post by UBT - Timbo »

Hi all

It seems that researchers/bug hunters have found another flaw in the design of certain Intel CPUs.

https://www.theregister.co.uk/2018/08/1 ... al_damage/

Thus far, it has been termed "Foreshadow" and relates to how SGX is implemented in the CPU, which helps to authenticate some software via a process called "attestation".

So far, not a lot is known (though that will change for sure) but it seems likely that this might also affect DRM security on other forms of media.

I assume that now this is out in the open, that Intel will get some patches issued that may fix things. Indeed it seems that in fixing this issue, two other flaws have been found as well.

As to how widespread this issue is, remains to be seen and of course what affect it will have, if any, on any PC.

regards
Tim
Woodles
UBT Contributor
Posts: 11757
Joined: Thu Dec 20, 2007 12:00 am
Location: Cambridgeshire

Re: Another Intel CPU flaw

Post by Woodles »

https://software.intel.com/security-sof ... inal-fault
L1 Terminal Fault-SGX (CVE-2018-3615)—Systems with microprocessors utilizing speculative execution and Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.

snip

Intel has released new microcode for many processors affected by L1TF.

snip

While these microcode updates provide important mitigation during enclave entry and exit, updated microcode by itself is not sufficient to protect against L1TF. Deploying OS and VMM updates is also required to mitigate L1TF.
So a patch from Intel and an update to Windows from Microsoft and VMWare from Oracle.

However ...
When hyperthreading is enabled, the possibility of L1TF or E2E attacks from the sibling logical processor still exists before the enclave secret in L1 data cache is flushed or cleared.
So no hyperthreading even when patched?

Mark
Post Reply