L1 Terminal Fault - The Latest Speculative Execution Side Channel Attack

Written by Michael Larabel in Hardware on 14 August 2018 at 01:10 PM EDT. 76 Comments
Details are still light but a new vulnerability is coming out called the L1 Terminal Fault. It's been described as a "train-wreck" and is another big deal in the security space as the latest speculative side-channel attack vector.

The CVEs are CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 but as of writing they have not been made public yet. I just noticed the code hitting the mainline Linux kernel to this "L1TF - L1 Terminal Fault" vulnerability.

The pull explains:
L1TF, aka L1 Terminal Fault, is yet another speculative hardware engineering trainwreck. It's a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set.

If an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible.

While this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.

While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.
Ouch, it's going to be a hot mess in the public cloud/virtualization space. Any exposure by bare-metal users appears minimal to unaffected. The initial Linux kernel mitigations:
- Host side protection by inverting the upper address bits of a non present page table entry so the entry points to uncacheable memory.

- Hypervisor protection by flushing L1 Data Cache on VMENTER.

- SMT (HyperThreading) control knobs, which allow to 'turn off' SMT by offlining the sibling CPU threads. The knobs are available on the kernel command line and at runtime via sysfs

- Control knobs for the hypervisor mitigation, related to L1D flush and SMT control. The knobs are available on the kernel command line and at runtime via sysfs

- Extensive documentation about L1TF including various degrees of mitigations.

Performance sounds like it will take another hit, "There is work in progress to provide other forms of mitigations, which might be less horrible performance wise for a particular kind of workloads, but this is not yet ready for consumption due to their complexity and limitations."

Benchmarks forthcoming with KVM virtualization. Intel CPUs are affected but AMD CPUs, Intel Xeon Phi, and older Intel CPUs are among those not believed to be affected. Intel did post this video to YouTube when trying to dig up more on L1 Terminal Fault:

Update 13.28 EST: Red Hat has emailed us with regards to L1 Terminal Fault and the connected "Foreshadow" vulnerability. "Red Hat has been made aware of a new microarchitectural (hardware) implementation issue which, similar to Spectre and Meltdown, is affecting x86 microprocessors manufactured by Intel. Unprivileged attackers can use this flaw to bypass conventional memory security restrictions in order to gain access to memory resources that would otherwise be inaccessible. CVE-2018-3620 is the identifier assigned to the operating system vulnerability for this issue. CVE-2018-3646 is the identifier assigned to the virtualization aspect of the flaw. A third aspect of the flaw is referred to as 'Foreshadow;' this affects Intel Secure Enclave or SGX, which Red Hat does not ship...Red Hat rates this issue as having a security impact of IMPORTANT severity. This flaw requires an attacker to have local access to the affected host or virtualized guest system in order to exploit it."

Update 13.43 EST: Canonical has announced their updates and info for Ubuntu Linux users.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week