Intel confirms new chip security flaw affecting Core and Xeon CPUs

Foreshadow attack devised by KU Leuven can compromise Intel's Software Guard Extensions (SGX) technology

Intel has issued a warning over a new security flaw affecting its Core-branded and Xeon microprocessors, and issued updates that, it claims, can mitigate the risks.

Uncovered by the Catholic University of Leuven (KU Leuven) in Belgium and a number of other universities around the world, the speculative execution security flaw, labelled L1 Terminal Fault (L1TF) affects Intel's Software Guard Extensions (SGX) technology.

"The attack uses speculative execution", says researcher Raoul Strackx, a post-doctorate student at KU Leuven.

He continued: "To be able to work quickly, a processor will make certain calculations in advance. If it becomes clear that the calculations retrieve information from an enclave in an unauthorised way, they are discarded. But this is where Intel SGX makes a mistake. Not all traces of the calculations are discarded, which allowed us to enter the ‘enclave'."

As has become the norm for major security flaws these days, the researchers have published their research on a dedicated web page, replete with an obligatory logo.

"Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds.

"Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory," it explains.

The 18-page white paper can be viewed here (PDF), while the more in-depth technical paper can be viewed here (PDF).

SGX is a relatively new feature in Intel processors, introduced in 2015, that is supposed to enable user data to be protected from an attacker.

It was originally believed to be immune to the Meltdown and Spectre security flaws, disclosed at the beginning of the year, but the researchers claim to have demonstrated a method of attack that "can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key.

"Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem."

Intel admitted that security flaws in a blog post published late last night. It described it as a "speculative execution side-channel method [of attack] called L1 Terminal Fault (L1TF)".

While the university researchers identified one type of attack, Intel has admitted that, following disclosure, it uncovered two more.

Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, said that the company has rushed out patches and that future CPUs would be designed so that they are not vulnerable to the security flaw.

"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," Culbertson added.

Intel has produced a video to explain the security flaw.

Once updates are applied, the risk to consumers and businesses running PCs and servers in non-virtualised environments "will be low", wrote Culbertson, and there would be no "meaningful performance impact" from the patch.

However, he continued: "There is a portion of the market - specifically a subset of those running traditional virtualization technology, and primarily in the data centre - where it may be advisable that customers or partners take additional steps to protect their systems.

"This is principally to safeguard against situations where the IT administrator or cloud provider cannot guarantee that all virtualised operating systems have been updated. These actions may include enabling specific hypervisor core scheduling features or choosing not to use hyper-threading in some specific scenarios."

In an interview with The Register, De Yuval Yarom from the University of Adelaide, one of the universities that collaborated on the research, said that one of the major problems with Foreshadow is that it breaks down trust in the code that a computer is running.

"The main promise of SGX is that you can write code, and ship it to someone you do not fully trust. That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know… they haven't modified your code, they haven't accessed the data that your code used," Dr Yarom told The Register.

The warning comes just weeks ahead of Intel's plans to unveil its ninth-generation of Core processors, which will refresh the company's Core i3, i5, i7 and i9 range.

They are expected to be released on 1 October and include a Core i9-9900K which is capable of boosting up to 5GHz on one or two of its eight cores.