You’re at a hotel for a conference. You check into a room at the front desk. You’re given a room number and a tab to go with it – great!
You go to dinner and enjoy a delicious meal. You should charge the dinner to your room tab, but… you know the number of another room so you charge your dinner to that number instead.
The hotel will eventually find out what’s happened but it’s much too late – you’ve already checked out!
This can be a nightmare situation to the person in the other room, and exactly is the case behind Intel’s L1 Terminal Fault.
The fault comes as a result of a flaw in Intel’s CPUs meaning that desktops, workstations and server CPUs are vulnerable to exploitation.
User data is potentially not safe: things at risk include passwords, personal and financial records, and encryption keys. They are lifted from other applications and other customers’ virtual machines.
An article on The Register revealed the details of the potential threat. Cybercriminals can exploit a problem similar to the hotel analogy above.
Each byte of memory in an Intel chip has both a physical and virtual address. The operating system (OS) tracks these using special maps called page tables. Processors spend a lot of time walking through page tables, so to speed things up, processors speculatively check the L1 data cache for matches before they confirm that the page table entry is valid. If the processor finds the entry is invalid, it alerts the OS to a fault and gets it chucked out.
However, there is a very small window of time before the fault alert occurs that can be exploited.
In this window, a malicious user operating a virtual machine (VM) on that OS can work out the value of the data and decide whether they want to hack it or not. The hacker can then trick the OS into loading sensitive data into the cache and steal it: malware or a malicious guest OS can exploit this to ascertain data it shouldn’t be able to read by forcing pages to be marked as ‘not present’ and asking the processor to skim over these files.
What’s even worse is that hackers can use this flaw to exploit a multi-tenant cloud environment. Malicious users can trick the environment’s hypervisor into giving up sensitive information from whole organisations.
You’ll be relieved to hear that no known malware is exploiting this vulnerability because it’s being patched quickly and there are faster ways to hack people.
A spokesperson for Intel said: “L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today.”
The three CVE’s that relate to the L1 Terminal Fault vulnerability are as follows:
If you’d like to know more about these CVE’s, please visit the CVE site.
If you have any questions, speak to your AM today.
Discover more about UKFast’s cloud solutions today.