New Intel bugs hit virtual machines the hardest

By on
New Intel bugs hit virtual machines the hardest

Intel disclosed on Tuesday three more vulnerabilities within its server, client and workstation processors, signalling that security issues for the company's CPUs are far from over.

The company said the L1 Terminal Fault and two related vulnerabilities are similar to previously disclosed side-channel analysis security issues, including the Meltdown and Spectre variants that kicked off a new level of concern over CPU security when they were disclosed in January.

In a blog post published Tuesday, Intel product security head Leslie Culbertson said the new vulnerabilities can be mitigated through new updates being issued starting today by industry partners and the open source community, as well as microcode updates that Intel released earlier this year.

Culbertson also noted that the company's future CPUs, starting with Intel's next-generation Xeon Scalable processor, code-named Cascade Lake, and new client processors coming out later this year will come with new hardware-level security protections that have been touted for months now.

"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," Culbertson wrote. "This includes keeping systems up-to-date and taking steps to prevent malware."

The new L1 Terminal Fault vulnerability involves a security hole in the CPU's L1 data cache, a small pool of memory within each processor core that helps determine what instruction the core will execute next.

Intel's previously released microcode updates are expected to lower the risk of data exposure for consumer and enterprise users running non-virtualized operating systems, which the company said includes most of data centre systems and PC clients. The company said no significant performance impacts have been noted with this particular mitigation.

For virtual machines, however, the risk is higher, Intel said. As a result, IT administrators and cloud providers are urged to make additional safeguards where they cannot ensure that all virtualized operating systems have been updated. Additional steps include turning off hyper-threading in some scenarios and enabling specific hypervisor core scheduling features.

Performance impact on specific workloads may vary with these fixes, which the company said it will address through several solutions with industry partners that will give customers some options on how to address mitigation efforts.

"As part of this, we have developed a method to detect L1TF-based exploits during system operation, applying mitigation only when necessary," Culbertson said. "We have provided pre-release microcode with this capability to some of our partners for evaluation, and hope to expand this offering over time."

Intel’s stock slipped less than 1 percent to US$48.13 on Tuesday afternoon.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's Windows 7's end-of-life doing for your business?
We've already seen an uptick in PC sales
No noticeable changes yet
PC sales are still dwindling as far as I'm concerned
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?