Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foreshadow: Speculative Execution Attack Targets Intel SGX

A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation.

Background

Researchers discovered a flaw in Intel’s Software Guard Extensions (SGX) implementation that opens up a new speculative execution attack called Foreshadow (CVE-2018-3615). In addition, Intel has discovered variants allowing for Foreshadow attacks against microprocessors, system management mode (SMM) code, operating systems and Hypervisor software. These variants have been dubbed Foreshadow-NG (CVE-2018-3620 and CVE-2018-3646).

Collectively, Intel has labeled all of the speculative execution side channel vulnerabilities as L1 Terminal Faults (L1TF). Red Hat Enterprise Linux, Microsoft and other vendors have adopted this name for Foreshadow and Foreshadow-NG.

Vulnerability details

Foreshadow allows an attacker to access the data stored in memory of other applications running on the same host without needing any privilege escalation. This enables the attacker to gain access to sensitive files, data, passwords, keys, etc. The proof-of-concept code for Foreshadow has not been released and researchers suspect there wouldn’t be a way to detect exploitation, should it happen.

Foreshadow: Speculative Execution Attack Targets Intel SGX

Foreshadow-NG allows an attacker to access memory on any Virtual Machine hosted on the same cloud, making it a high-severity issue. According to the Foreshadow researcher’s abstract: “Foreshadow-NG is the first transient execution attack that fully escapes the virtual memory sandbox.” This also includes cloud environments, which could potentially mean asset owners are at risk from their digital neighbors. To make matters worse, the way SGX has been implemented, a single SGX-compromised machine can result in the entire ecosystem becoming tainted.

Based on the information currently available, AMD/ARM-based processors are believed to be unaffected by this flaw, as they don’t implement SGX.

Urgently required actions

We highly recommend reviewing and installing security updates from your operating system and virtualization vendors. Microsoft and Red Hat have released updates to mitigate the flaws in multiple ways and to different extents. These approaches include flushing of sensitive data, rendering sensitive data inaccessible, enhancing isolation between virtual processors and other strategies.

Identifying affected systems

A live list of plugins can be found here. As new plugins are developed for respective systems, that list will update.

Learn more:

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Purchase your 1-, 2-, or 3-year license today.