Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Written by Michael Larabel in Linux Security on 6 August 2020 at 09:12 PM EDT. 42 Comments
LINUX SECURITY
Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

Their interesting research most recently has been looking at the prefetching effect observed in previous micro-architectural attacks only to find that the attribution to the CPU prefetching mechanism is incorrect. Instead the issue turns out to be speculative dereferencing of user-space registers in the kernel, according to this latest research.

In turn this research means that existing mitigation techniques may not be enough, there are other new vectors discovered as a result, and ARM/IBM/AMD CPUs may also be affected by Foreshadow.

The new vulnerability outlined in the paper is "Dereference Trap" for leaking registers from an SGX enclave in the presence of only a speculative register dereference.

The discovery of speculative dereferencing of a user-space register in the kernel as opposed to the prefetcher not only means that some mitigations may be inadequate, but they can improve the performance of the original attack and reportedly produce similar behavior on non-Intel CPUs.

As part of their conclusion, they recommend Retpolines (return trampolines) be enabled even on recent generations of CPUs for full mitigation to these microarchitectural attacks like Foreshadow.

Still going through all their research but it can be found via arxiv.org. As of writing the Linux kernel hasn't yet made any changes to their default mitigation handling and also haven't heard anything from Intel or the other CPU vendors.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week