Amazon Posts L1TF/Foreshadow Demonstrator Code For The Linux Kernel

Written by Michael Larabel in Linux Kernel on 22 January 2019 at 05:40 AM EST. Add A Comment
LINUX KERNEL
In helping to build better defenses against this side channel vulnerability, Julian Stecklina of Amazon Germany (who previously co-discovered the "LazyFP" vulnerability last year) has posted demonstrator code for the Level 1 Terminal Fault (L1TF) vulnerability against the Linux kernel.

Stecklina crafted this L1TF demonstrator code so it would work in the presence of the kernel's default L1TF code and to be used for validation/improvements but not as something that could be forged into a practical exploit. The code demonstrates a malicious user-space application using L1TF to leak data and for a guest to leak arbitrary data from the L1 cache.

L1TF was announced last summer as one of the side channel CPU attacks of the year and could allow leaking of information from the level one data cache. Kernel updates paired with new CPU microcode provide the default mitigation against L1TF/Foreshadow.

While these CPU vulnerabilities of 2018 were quick to be mitigated with software updates, Linux kernel developers continue working to offset the performance overhead of some of these mitigations (fortunately for L1TF, not much of a real performance cost) as well as exploring other ways to improve the defenses against these style of side channel attacks with modern processors.

Developers interested in learning more can find the patch via the kernel mailing list.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week