Three new specter / meltdown-like bugs found on cpus intel

Three new 'speculative execution' bugs similar to those of Specter and Meltdown have been found on Intel processors, opening the door to potential attacks.

Rediscover security flaws in Intel processors, similar to Specter and Meltdown

These attacks are defined by numbers CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646 and constitute a new category of vulnerability known as L1 Terminal Fault (L1TF) and Foreshadow.

To keep things simple, these flaws allow attackers to read the information in a processor's L1 cache, a small memory reserve that can only be accessed by the processing core (and its associated threads for SMT-enabled CPUs). Accessing this normally restricted information can allow attackers to steal information such as passwords and encryption keys, and what is scary is that this attack can be carried out from one virtual machine to another within a virtualized server environment.

Fortunately, these issues can be addressed through a combination of firmware, software, and hypervisor updates, and Microsoft reports that its software updates have a 'negligible performance impact' in a blog post called “Hyper-V HyperClear Mitigation for L1. Terminal Fault ” that goes into great detail regarding Microsoft fixes and other possible patches.

AMD commented that its processors "are not susceptible to new speculative execution attack variants called Foreshadow or Foreshadow-NG due to our hardware paging architecture protections." AMD also recommends that users of its data centers not deploy Foreshadow-related patches on their platforms.

Intel explains what Foreshadow is and possible solutions

L1TF adds three new vulnerabilities to a growing list of speculative execution attacks, many of which are unique to Intel processors.

Gizmodo Font (Image) Overclock3D