Foreshadow
Foreshadow

Foreshadow

General

Earlier this year, a few vulnerabilities were introduced called Meltdown and Spectre. These vulnerabilities are the consequences of the ‘speculative execution’ functionality which is used by many modern processors in order to optimise all achievements. The technical team of CloudVPS worked very hard to protect our customers, systems and products against these attacks.

Last Tuesday, Intel published details regarding three new vulnerabilities which are present in certain Intel processors. These vulnerabilities are published under the name ‘L1 Terminal Fault’ (L1TF) and are also related to the ‘speculative execution’ functionality. The three vulnerabilities can be identified as CVE-2018-3615 (for SGX), CVE-2018-3620 (for operation systems and SMM) and CVE-2018-3646 (for virtualisation).

Successful exploitation of these vulnerabilities enables the attacker to read data which is located in Level 1 cache memory of a processor. Exploitation requires access to the core of a physical or virtual processor, which are only available through an operating system of a system or virtual machine.

In this blog you will find information regarding the actions that you can undertake yourself and the actions already taken by CloudVPS in order to reduce or mitigate the risks of these vulnerabilities.

Vulnerabilities

The vulnerabilities appeared due to the fact of bugs located in the physical hardware which make it possible to read data within a certain memory section of the computer. In contrast to the Meltdown and Spectre vulnerabilities, this attack focuses on the Level 1 cache memory on a processor instead of the control flow of a program.

These attacks are possibly used to read information which is available in Level 1 cache, including information which is part of the System Management Mode (SMM), the core of the operation system or hypervisor. The vulnerability can also be used to read information saved in other virtual machines which are active on the same physical resources, and is a risk for the cloud infrastructure.

Solution

Mitigation of the vulnerabilities can take place by software updates. In order to mitigate the three vulnerabilities, it is necessary that the operation system as well as the hypervisor and the microcode of the physical server are provided with updates.

Microcode updates possibly demand a restart of the physical hardware which enables the migration of your VPS to a physical host in order to secure the availability. If applicable, you will receive a notification via an individual message. As our new OpenStack platform is fully executed on high availability, you will not experience any inconvenience if you are active on these platforms.

Besides updating the platforms it is also necessary that all VPS operation systems are updated. The vulnerabilities can be used locally by the attacker in order to read data from other virtual systems if they use the same Level 1 cache. Our recommendation is to keep your system up-to-date and provide your system with the most recent updates available. Please keep in mind that updating your system will cause restart issues if you’re using CentOS 6 on our Xen platform.  

Unfortunately, not all updates are provided by our suppliers and partners which are needed for all platforms. We are therefore working closely together with all our suppliers in order to receive, test and roll out the mitigating measures for all vulnerabilities in order to mitigate the risks. Via this blog, we will provide you with the latest status update regarding the status of available updates in relation to these vulnerabilities. We will shortly inform you with an update regarding a concrete follow-up and mitigating measures.

In case you have any questions after reading this message please send an e-mail to support@cloudvps.com. We will answer your question as soon as possible.