Another day, another Intel vulnerability
phoronix.com
>Red Hat has been made aware of a new microarchitectural (hardware) implementation issue which, similar to Spectre and Meltdown, is affecting x86 microprocessors manufactured by Intel. Unprivileged attackers can use this flaw to bypass conventional memory security restrictions in order to gain access to memory resources that would otherwise be inaccessible. CVE-2018-3620 is the identifier assigned to the operating system vulnerability for this issue. CVE-2018-3646 is the identifier assigned to the virtualization aspect of the flaw. A third aspect of the flaw is referred to as 'Foreshadow;' this affects Intel Secure Enclave or SGX, which Red Hat does not ship...Red Hat rates this issue as having a security impact of IMPORTANT severity. This flaw requires an attacker to have local access to the affected host or virtualized guest system in order to exploit it.
Another day, another Intel vulnerability
It keeps happening
L1TF, aka L1 Terminal Fault, is yet another speculative hardware engineering trainwreck. It's a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set.
If an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible.
While this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.
While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.
Do I understand correctly that there isn't really a good way to fix that problem on existing intel processors? Can AMD CPUs get updated in-place to fix things like this? Or is it strictly a hardware issue?
>There isn't really a good fix
It's architectural
>AMD CPUs get updated in place
Architectural difference, no need shown so far by Spectre or Meltdown and I bet this is pretty damn similar.
Red Hat video suggests that cloud operators will have to turn off Hyperthreading
redhat.com
SMT is a meme anyways, nobody needs that
Isn't there only .00005% of the population smart or resourceful enough to take advantage of this sort of thing anyways?
They can compromise cloud vendors
It's a feature, goy.
DELID DIS.