RedHat presents a commentary on the newly discovered vulnerability 'Foreshadow' on Intel 's CPU

A serious vulnerability called " Forshadow (L1 Terminal Fault)" was found on Intel's processor. In case of being vulnerable, there is a possibility that a third party could steal information such as the memory of the virtual machine running on the OS and the OS. RedHat explains what this vulnerability is all about.

L1TF Explained in 3 Minutes from Red Hat - YouTube


As bugs in Specter and Meltdown were discovered from Intel processors, many security researchers have investigated other similar bugs. And the newly discovered is the L1 Terminal Fault. If this bug is exploited, confidential information may be stolen from cloud services used by many companies.

At the time of article creation, each software vendor has created a patch to minimize the damage, and many companies need to apply patches.

Let's explain what the L1 Terminal Fault is like by comparing with the hotel.

When you check in to the hotel, you will receive a card key at the accommodation where your name is written at the front desk.

And at this hotel we assume that all meals and other expenses were settled all together at checkout. Then, when you eat a meal at a hotel restaurant etc, simply present a card key to the hotel employee will add meal fee to check-out fee.

But suppose you knew the name and card number of the person staying in another room. Then, after eating meal, when presenting another person's card key which is exactly like the real one to the employee, we can press the meal fee to others. And this problem becomes light only when a person borrowing another room checks out, but at that time it has been too much time to arrest the criminal.

Cybercriminals can do something similar on servers with Intel processors.

The CPU acquires the information of the memory (RAM) and performs calculation processing, but the data access speed of the memory is very slow. For this reason, no matter how fast the CPU itself processes, there is a problem that the effective performance deteriorates at the memory speed. Therefore, the CPU is equipped with a memory called a cache memory that can be accessed at high speed, and ingenious measures have been taken to improve effective performance.

Each byte of the L1 cache nearest to the CPU has the memory physical address and virtual address . And the OS has a page table which is a correspondence table of these two addresses. The processor reads this page table and performs various processes. However, referring to the page table has a problem that "there is a possibility that a correct calculation result can not be obtained unless it is done in order", and it can not process at high speed by making full use of parallel processing such as pipeline processing was.

Therefore, in the past, many CPU developers thought that "if we estimate the value in advance, we can execute it ignoring the order". Being able to execute ignoring the order means that it is possible to perform parallel processing that may change the order of processing and it will be possible to greatly speed up the processing of the CPU. Guessing and executing this value is called speculative execution, and it is a simple idea that "if you predict the value in advance, if you do not use it in subsequent processing, you can throw it away as garbage" Because it is highly effective, it has been adopted by many CPUs.

For this reason, the idea of ​​"speculative execution" is extremely excellent as a CPU speeding up technique, but it has one major problem. That is, third parties can cheat OS by illegally loading data into the page table before data is treated as garbage, so that confidential information can be stolen.

And this problem can also be applied to hypervisor type virtual environment used in many cloud computing environments, there is a danger that information will be stealed from many virtual machines.

Software patches have already been developed for many hypervisor type virtual environments. This patch prevents third parties from loading illegal data into the page table, and it rarely disturbs the speculative execution itself. For this reason, there is little influence on performance.

Patches are also being developed for OSs operating as virtual machines. This patch is to initialize the L1 cache cleanly at the timing of virtual machine switching etc. This will eliminate worry about caching information being stolen to third parties.

However, if you are running an unsupported virtual machine, you need to stop the Hyper-Threading feature on the Intel processor. Because of this, care should be taken because there is a possibility that the performance of the server may be drastically deteriorated.

Patching is not necessarily required by all companies. Please confirm with vendor and support beforehand whether influence of patch application or not, judge applicability.