Security News > 2020 > August > Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark.

In a paper slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory - such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.

The paper, Speculative Dereferencing of Registers: Reviving Foreshadow, details how defenses based on this misunderstanding, such as the Meltdown mitigation known as KAISER, don't really work against Foreshadow.

"The consequence is that we are able to mount a Foreshadow attack on older kernels patched against Foreshadow with all mitigations enabled and on a fully-patched kernel if only Spectre-v2 mitigations are disabled."

Foreshadow - an L1 Terminal Fault bug in Intel parlance - involves abusing the processor's speculative execution to discern private data in an Intel SGX enclave's L1 data cache via a side channel.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/07/foreshadow_strikes_back_boffins_find/