Overview
When a program attempts to access data in memory, the logical memory address is translated to a physical address by the hardware. Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault. Once the fault is triggered, there is a gap before resolution where the processor will use
speculative execution to try to load data. During this time, the processor could speculatively access the
level 1 data cache (L1D), potentially allowing side-channel methods to infer information that would otherwise be protected.
This side-channel method can be exploited in three different environments:
- L1 Terminal Fault-SGX (CVE-2018-3615)—Systems with microprocessors utilizing speculative execution and Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.
- L1 Terminal Fault-OS/ SMM (CVE-2018-3620)—Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.
- L1 Terminal Fault-VMM (CVE-2018-3646)—Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis.
Impact Summary
- Malicious applications may be able to infer the values of data in the operating system memory, or data from other applications.
- A malicious guest virtual machine (VM) may be able to infer the values of data in the VMM’s memory, or values of data in the memory of other guest VMs.
- Malicious software running outside of SMM may be able to infer values of data in SMM memory.
- Malicious software running outside of an Intel SGX enclave or within an enclave may be able to infer data from within another Intel SGX enclave.