Foreshadow
Hardware vulnerability for Intel processors / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Foreshadow?
Summarize this article for a 10 year old
Foreshadow, known as L1 Terminal Fault (L1TF) by Intel,[1][2] is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018.[18] The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG)[19] (CVE-2018-3620 and CVE-2018-3646) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory.[1] A listing of affected Intel hardware has been posted.[11][12]
CVE identifier(s) | CVE-2018-3615 (Foreshadow), CVE-2018-3620 and CVE-2018-3646 (Foreshadow-NG) |
---|---|
Date discovered | January 2018; 6 years ago (2018-01) |
Affected hardware | Modern Intel processors |
Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that also affected Intel.[7] AMD products are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]
Foreshadow may be very difficult to exploit.[3][7] As of 15 August 2018, there seems to be no evidence of any serious hacking involving the Foreshadow vulnerabilities.[3][7] Nevertheless, applying software patches may help alleviate some concern, although the balance between security and performance may be a worthy consideration.[6] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10] The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake),[20][21] as well as new client processors expected to launch later this year [2018]."[6]
On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, entitled "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution"[22] at a USENIX security conference.[9][22]