VMware has released a security update which includes mitigation’s for Foreshadow, Intel’s latest silicon security problem.
On Tuesday, the Dell subsidiary said in a security advisory that Foreshadow, otherwise known as the L1 Terminal Fault, could be exploited to obtain sensitive information from victim machines.
Foreshadow, CVE-2018-3615, springs from design faults found in today’s modern CPUs, and follows Intel’s Spectre and Meltdown vulnerabilities.
The vulnerability was uncovered in modern Intel CPUs which utilize Software Guard Extensions (SGX), which are meant to protect data from being viewed, edited, or exfiltrated, even should a system otherwise fall under an attacker’s control.
However, SGX contains design problems which leave it as open to speculative execution attacks as Meltdown and Spectre.
“Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.” according to the researchers who found the vulnerability.
To make matters worse, two other variants which impact microprocessors, operating systems and Hypervisor software were then uncovered. These speculative execution side channel vulnerabilities, discovered by Intel, impact VMware software in a big way.
Short video from Red Hat that explains L1TF in 3 Minutes:
Potential to Disrupt
The first vulnerability which has the potential to disrupt VMware services running on Intel chips is CVE-2018-3646. Issued a CVSS score of 7.1, the bug is described as a means for attackers to access information in the L1 data cache without permission.
If an attacker has local user access with guest OS privileges, they are able to exploit speculative execution practices in processors — a technique designed to give our systems a speed boost — in order to cause a terminal page fault and access the cache.
“This issue may allow a malicious VM running on a given CPU core to effectively read the Hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache,” the company says.
The security problem impacts VMware vCenter Server (VC), VMware vSphere ESXi (ESXi), VMware Workstation Pro / Player (WS), VMware Fusion Pro / Fusion (Fusion),
In addition, VMware has also released mitigations for CVE-2018-3620, the second vulnerability which may impact Hypervisor software and results in the same information disclosure problem.
VMware vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC), and vRealize Automation (vRA) are affected.
An Intel Spokesperson informed us that: “L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today.”
“We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue.”