Advisory: Foreshadow attack affects moderns Intel microprocessors

Security researchers have discovered a speculative execution attack side-channel targeting Intel processors that can allow unauthorized programs to steal sensitive information inside the L1 data cache. The attack has been called the “Foreshadow attack”. Discover here all the details concerning the foreshadow attack and why you are safe with Rohde & Schwarz Cybersecurity.

What happened?

The vulnerability can be exploited through different components, three versions have been identified:

A first version of the Foreshadow attack is targeting the SGX (Safe Guard Extension) feature from Intel. It normally allows to allocate private memory regions on the L1 data cache and protect user’s data but researchers have successfully extracted data from it.

The second and third versions are targeting operating system’s kernel (OS), the System Management Mode (SMM) and virtual machines (VM). Data disclosure on the L1 data cache has been performed using a local user access or a guest OS privilege via terminal page fault and a side-channel analysis.

Cloud providers and hypervisors are also impacted as a virtual machine can possibly access to the memory of another virtual machine running in the same host, meaning that a malicious customer could steal other customer information.

Here is the list of affected Intel processors:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Detail of the vulnerability

CVE-2018-3615 for attacking SGX

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

CVE-2018-3620 for attacking the OS Kernel and SMM mode

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

CVE-2018-3646 for attacking virtual machines

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Sources:

Statements on our products

Rohde and Schwarz Application Security products are not affected because they do not execute untrusted data, yet the operating systems will be updated as soon as fixes are released to keep them safe from the Foreshadow vulnerabilities in any case.

However please note that, when running in a virtual machine, information from WAF products (including secrets) may be leaked to other untrusted virtual machines running on a same vulnerable host. Thus we advise to update hypervisors, microcode for processors, and all guest systems running on the same host.

R&S®Web Application Firewall

Kernel updates will be available for the forthcoming versions:

  • R&S®Web Application Firewall 6.5.1 (LTS)
  • i-Suite 5.5.14 (LTS)
  • DAOS 10.5.5 for rWeb

R&S®Cloud Protector

The cloud provider for R&S®Cloud Protector is currently validating patches to be deployed on his platform.

R&S®Vulnerability Manager

A kernel update for Ubuntu is available. To perform the update, open the administration interface, go to Configuration and Check for updates.

About Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity is a leading IT security company that protects companies and public institutions around the world against cyberattacks. The company develops and produces technologically leading solutions for information and network security, including highly secure encryption solutions, next‐generation firewalls and firewalls for business‐critical web applications, innovative approaches for working in the cloud securely as well as desktop and mobile security. The award winning and certified IT security solutions range from compact, allin‐one products to customized solutions for critical infrastructures. To prevent cyberattacks proactively, rather than reactively, the trusted IT solutions are developed following the security by‐design approach. More than 500 people are employed at locations in Germany, France, Spain and the Netherlands.

Amaury le Roux - Marketing Assistant on Linkedin
Amaury le Roux - Marketing Assistant
Amaury is our marketing assistant. Passionate about new marketing strategies, he actively participates in our communication via our blog, website and social networks. He brings us all his enthusiasm to contribute to the success of our projects.

By continuing to browse on our website, you agree to the use of Cookies for: (i) the operation and interactivity of our website, (ii) measuring the audience of our website and analyse your browsing. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close