Three new speculative execution errors, similar to Spectre and Meltdown, have been found in Intel processors and open the door to potential attacks.
Intel processors, similar to Spectre and Meltdown, rediscover vulnerabilities
These attacks are defined by the numbers CVE-2018-3615, CVE-2018-3620 and CVE-2018-3620 and CVE-2018-3620 and represent a new vulnerability category known as L1 Terminal Fault (L1TF) and Foreshadow.
To simplify matters, these errors allow attackers to read information in the L1 cache of a processor, a small memory reserve that only the processing kernel (and its SMT-enabled CPU threads) can access. Accessing this normally restricted information can allow attackers to steal information such as passwords and encryption keys, and what is frightening is that this attack can take place from one virtual machine to another within a virtualized server environment.
Fortunately, these problems can be solved by a combination of firmware, software and hypervisor updates, and Microsoft reports that its software updates have a “negligible impact on performance” in a blog post called Hyper-V Clear Mitigation for L1 Terminal Fault, which discusses many details about Microsoft fixes and other possible patches.
AMD commented that its processors “are not susceptible to the new Foreshadow or Foreshadow-NG speculative execution variants due to our hardware paging architecture. AMD also recommends that data center users do not implement foreshadow-related patches on their platforms.
Intel declares that it is Foreshadow and the possible solutions
L1TF adds three new vulnerabilities to a growing list of speculative execution attacks, many of which are unique to Intel processors.
Source