Intel CPU Multiple Vulnerabilities (aka L1TF / Foreshadow)

Disclosed on Aug 14, 2018, multiple vulnerabilities were identified on CPUs which enables attacker to bypass security restrictions. This potentially allows unauthorized disclosure of information residing in L1 data cache of CPUs (aka L1 Terminal Fault, L1TF). This affects personal computers, servers and hypervisors running on a wide range of Intel CPUs.

Vulnerability

Referring to disclosed details, there are three variants of L1TF (ref: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html)

  • Variant 1: attack against SGX (CVE-2018-3615, Foreshadow-SGX)
  • Variant 2: attack against OS Kernel and SMM (CVE-2018-3620, Foreshadow-OS)
  • Variant 3: attack against virtual machines (CVE-2018-3646, Foreshadow-VMM)

Affected Products

The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time.

  • Intel® Core™ i3/i5/i7/M processor (45nm and 32nm)
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel® Core™ processors
  • Intel® Core™ X-series Processor Family for Intel® X99/X299 platforms
  • Intel® Xeon® processor 3400/3600/5500/5600/6500/7500 series
  • Intel® Xeon® Processor E3 v1/v2/v3/v4/v5/v6 Family
  • Intel® Xeon® Processor E5 v1/v2/v3/v4 Family
  • Intel® Xeon® Processor E7 v1/v2/v3/v4 Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor D (1500, 2100)

Available Patches

Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.

End users and systems administrators should check with their system manufacturers and system software vendors and apply any available updates as soon as practical.

Please note that:

  • Some patches may affect the performance of the system, so before installing the patches, please visit hardware and software vendor website for more detail information and get appropriate patches.
  • Patches will be provided by each vendor and might be applicable to some specific version only.