Foreshadow: Speculative Execution Attack Targets Intel SGX
A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation.
Contexto
Researchers discovered a flaw in Intel’s Software Guard Extensions (SGX) implementation that opens up a new speculative execution attack called Foreshadow (CVE-2018-3615). In addition, Intel has discovered variants allowing for Foreshadow attacks against microprocessors, system management mode (SMM) code, operating systems and Hypervisor software. These variants have been dubbed Foreshadow-NG (CVE-2018-3620 and CVE-2018-3646).
Collectively, Intel has labeled all of the speculative execution side channel vulnerabilities as L1 Terminal Faults (L1TF). Red Hat Enterprise Linux, Microsoft and other vendors have adopted this name for Foreshadow and Foreshadow-NG.
Vulnerability details
Foreshadow allows an attacker to access the data stored in memory of other applications running on the same host without needing any privilege escalation. This enables the attacker to gain access to sensitive files, data, passwords, keys, etc. The proof-of-concept code for Foreshadow has not been released and researchers suspect there wouldn’t be a way to detect exploitation, should it happen.
Foreshadow-NG allows an attacker to access memory on any Virtual Machine hosted on the same cloud, making it a high-severity issue. According to the Foreshadow researcher’s abstract: “Foreshadow-NG is the first transient execution attack that fully escapes the virtual memory sandbox.” This also includes cloud environments, which could potentially mean asset owners are at risk from their digital neighbors. To make matters worse, the way SGX has been implemented, a single SGX-compromised machine can result in the entire ecosystem becoming tainted.
Based on the information currently available, AMD/ARM-based processors are believed to be unaffected by this flaw, as they don’t implement SGX.
Urgently required actions
We highly recommend reviewing and installing security updates from your operating system and virtualization vendors. Microsoft and Red Hat have released updates to mitigate the flaws in multiple ways and to different extents. These approaches include flushing of sensitive data, rendering sensitive data inaccessible, enhancing isolation between virtual processors and other strategies.
Identificação de sistemas afetados
A live list of plugins can be found here. As new plugins are developed for respective systems, that list will update.
Saiba mais:
Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Artigos relacionados
Advisory: Red Hat DHCP Client Command Injection Trouble
May 17, 2018On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerabi...
Advisory: Intel...Simply Misunderstood?
May 11, 2018To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent...
Microsoft May Madness
May 9, 2018Patch Tuesday was anything but typical in the month of May. On May 8, Microsoft released security patches for a total of 67 vulnerabilities, addressing 21 critical vulnerabilities, 42 important and fo...
Cybersecurity Snapshot: New Guide Explains How To Assess if Software Is Secure by Design, While NIST Publishes GenAI Risk Framework
May 10, 2024Is the software your company wants to buy securely designed? A new guide outlines how you can find out. Meanwhile, a new NIST framework can help you assess your GenAI systems’ risks. Plus, a survey shows a big disconnect between AI usage (high) and AI governance (low). And MITRE’s breach post-mortem brims with insights and actionable tips. And much more!
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
May 9, 2024Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
Cybersecurity Snapshot: Attackers Pounce on Unpatched Vulns, DBIR Says, as Critical Infrastructure Orgs Benefit from CISA’s Alert Program
May 3, 2024Verizon’s DBIR found that hackers are having a field day exploiting vulnerabilities to gain initial access. Plus, a CISA program is helping critical infrastructure organizations prevent ransomware attacks. In addition, check out what Tenable’s got planned for RSA Conference 2024. And get the latest on the Change Healthcare breach. And much more!
- Plugins