Hubbry Logo
ForeshadowForeshadowMain
Open search
Foreshadow
Community hub
Foreshadow
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Foreshadow
Foreshadow
Foreshadow
View on Wikipedia
from Wikipedia

Foreshadow
A logo created for the vulnerability, featuring a lock with a shadow
CVE identifiersCVE-2018-3615 (Foreshadow), CVE-2018-3620 and CVE-2018-3646 (Foreshadow-NG)
Date discoveredJanuary 2018; 7 years ago (2018-01)
Affected hardwareModern Intel processors
Websiteforeshadowattack.eu

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel,[1][2] is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018.[18] The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG)[19] (CVE-2018-3620 and CVE-2018-3646) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory.[1] A listing of affected Intel hardware has been posted.[11][12]

Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that also affected Intel.[7] AMD products are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]

Foreshadow may be very difficult to exploit.[3][7] As of 15 August 2018, there seems to be no evidence of any serious hacking involving the Foreshadow vulnerabilities.[3][7] Nevertheless, applying software patches may help alleviate some concern, although the balance between security and performance may be a worthy consideration.[6] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10] The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake),[20][21] as well as new client processors expected to launch later this year [2018]."[6]

On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication, entitled "Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution"[22] at a USENIX security conference.[9][22]

History

[edit]

Two groups of researchers discovered the security vulnerabilities independently: a Belgian team (including Raoul Strackx, Jo Van Bulck, Frank Piessens) from imec-DistriNet, KU Leuven reported it to Intel on 3 January 2018;[23] a second team from Technion – Israel Institute of Technology (Marina Minkin, Mark Silberstein), University of Adelaide (Yuval Yarom), and University of Michigan (Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch) reported it on 23 January 2018.[1][4] The vulnerabilities were first disclosed to the public on 14 August 2018.[1][4]

Mechanism

[edit]

The Foreshadow vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds.[1] There are two versions: the first version (original/Foreshadow) (CVE-2018-3615 [attacks SGX]) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-2018-3620 [attacks the OS Kernel and SMM mode] and CVE-2018-3646 [attacks virtual machines]) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory.[1] Intel considers the entire class of speculative execution side channel vulnerabilities as "L1 Terminal Fault" (L1TF).[1]

For Foreshadow, the sensitive data of interest is the encrypted data in an SGX enclave. Usually, an attempt to read enclave memory from outside the enclave is made, speculative execution is permitted to modify the cache based on the data that was read, and then the processor is allowed to block the speculation when it detects that the protected-enclave memory is involved and reading is not permitted. Speculative execution can use sensitive data in a level 1 cache before the processor notices a lack of permission.[4] The Foreshadow attacks are stealthy, and leave few traces of the attack event afterwards in a computer's logs.[5]

On 16 August 2018, researchers presented technical details of the Foreshadow security vulnerabilities in a seminar, and publication,[22] at a USENIX security conference.[9][22]

Impact

[edit]

Foreshadow is similar to the Spectre security vulnerabilities discovered earlier to affect Intel and AMD chips, and the Meltdown vulnerability that affected Intel.[7] AMD products, according to AMD, are not affected by the Foreshadow security flaws.[7] According to one expert, "[Foreshadow] lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn't crack".[16] Nonetheless, one of the variants of Foreshadow goes beyond Intel chips with SGX technology, and affects "all [Intel] Core processors built over the last seven years".[3]

Intel notes that the Foreshadow flaws could produce the following:[6]

  • Malicious applications, which may be able to infer data in the operating system memory, or data from other applications.
  • A malicious guest virtual machine (VM) may infer data in the VM's memory, or data in the memory of other guest VMs.
  • Malicious software running outside of SMM may infer data in SMM memory.
  • Malicious software running outside of an Intel SGX enclave or within an enclave may infer data from within another Intel SGX enclave.

According to one of the discoverers of the computer flaws: "... the SGX security hole can lead to a "Complete collapse of the SGX ecosystem."[6]

A partial listing of affected Intel hardware has been posted, and is described below.[11][12] (Note: a more detailed - and updated - listing of affected products is on the official Intel website.[11])

  • Intel Core i3/i5/i7/M processor (45 nm and 32 nm)
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core X-series processor family for Intel X99 and X299 platforms
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
  • Intel Xeon Processor E5 v1/v2/v3/v4 family
  • Intel Xeon Processor E7 v1/v2/v3/v4 family
  • Intel Xeon Processor Scalable family
  • Intel Xeon Processor D (1500, 2100)

Foreshadow may be very difficult to exploit,[3][7] and there seems to be no evidence to date (15 August 2018) of any serious hacking involving the Foreshadow vulnerabilities.[3][7]

Mitigation

[edit]

Applying software patches may help alleviate some concern(s), although the balance between security and performance may be a worthy consideration.[6][24] Companies performing cloud computing may see a significant decrease in their overall computing power; people should not likely see any performance impact, according to researchers.[10]

The real fix, according to Intel, is by replacing today's processors.[6] Intel further states, "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake),[20][21] as well as new client processors expected to launch later this year [2018]."[6]

See also

[edit]

References

[edit]

Further reading

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Foreshadow

View on Grokipedia
from Grokipedia
Foreshadow is a family of speculative execution side-channel attacks targeting Intel processors, enabling attackers to disclose sensitive data from protected memory regions such as Intel Software Guard Extensions (SGX) enclaves, operating system kernels, virtual machines, and System Management Mode (SMM). The vulnerability, also known as L1 Terminal Fault (L1TF), exploits transient out-of-order execution during page table walks when accessing non-present L1 data cache (L1D) lines, allowing unauthorized reads across security boundaries like hypervisor isolation and SGX confidentiality guarantees. Discovered in early 2018 by independent research teams, Foreshadow was first reported to on January 3, 2018, by researchers from , and on January 23, 2018, by teams from Technion, the , the , and CSIRO's Data61. The attack was publicly disclosed at the Security Symposium in August 2018, where the original variant—dubbed Foreshadow—was detailed in the paper "Foreshadow: Extracting the Keys to the Intel SGX Kingdom" by Van Bulck et al. This initial attack primarily affects SGX-enabled processors from the Skylake (6th generation) and (7th generation) families, potentially extracting up to 4 KB of enclave secrets, including attestation keys that could compromise remote attestation in cloud environments. Subsequent variants expanded the attack's scope: Foreshadow-NG targets OS kernel memory on non-SGX systems, affecting a broader range of Intel processors including 2nd to 8th generation Core i3/i5/i7/M, Scalable (Skylake-SP and Cascade Lake-SP), and certain processors. Foreshadow-VM undermines isolation by leaking data from other guests on the same host, while Foreshadow-SMM breaches the highly privileged SMM to access secrets. Overall, the vulnerability impacts billions of Intel-based devices running vulnerable , with real-world exploitation requiring local attacker privileges but capable of extracting cryptographic keys, user data, and memory without detection. Mitigation involves a combination of CPU updates to prevent speculative L1D loads, operating system and patches to flush affected L1D contents on context switches, and hardware mitigations in newer processors like Ice Lake (10th generation) and later. classified Foreshadow under CVE-2018-3615 (SGX), CVE-2018-3620 (OS/SMM), and CVE-2018-3646 (VMs), recommending immediate updates to address performance-impacting but essential protections. While no widespread exploits were reported at disclosure in , in August 2025 researchers disclosed L1TF Reloaded, a combined attack bypassing software mitigations to leak data in public clouds like AWS and Google Cloud. Foreshadow highlighted ongoing risks in hardware, influencing subsequent defenses like Intel's L1D eviction policies.

Overview

Description and Naming

Foreshadow is a class of speculative execution side-channel vulnerabilities affecting Intel processors, enabling attackers to leak sensitive data across security boundaries by exploiting transient faults during L1 data cache (L1D) accesses. Specifically, it targets scenarios where the processor speculatively executes instructions on data from unmapped or invalid memory pages, allowing unauthorized access to protected regions such as Intel Software Guard Extensions (SGX) enclaves, operating system kernels, virtual machines (VMs), and System Management Mode (SMM) environments. This transient execution attack leverages the processor's out-of-order execution to bypass isolation mechanisms, potentially exposing cryptographic keys, user data, or hypervisor secrets. Intel officially designates Foreshadow as L1 Terminal Fault (L1TF), emphasizing the role of the L1D cache in the fault mechanism. The encompasses multiple variants, each assigned a distinct (CVE) identifier: CVE-2018-3615 for the SGX-related attack, CVE-2018-3620 for the OS kernel and SMM variant, and CVE-2018-3646 for the VM cross-hypervisor exploitation. These designations highlight the attack's ability to undermine fundamental hardware-enforced protections in modern computing systems. The name "Foreshadow" was coined by the discovering researchers from imec-DistriNet at , Technion, the , the , and CSIRO's Data61, drawing from the literary term "" to illustrate how the vulnerability subtly hints at and enables the reconstruction of confidential data through paths. This nomenclature underscores the attack's insidious nature, where seemingly innocuous foreshadows broader risks.

Variants

The Foreshadow vulnerability encompasses several variants, each exploiting the L1 Terminal Fault (L1TF) to target distinct privileged memory regions in Intel processors, though they differ in their required privilege escalation paths and scopes. The original Foreshadow attack specifically targets Intel Software Guard Extensions (SGX) enclaves, enabling an attacker with access to an untrusted OS or hypervisor to extract up to 4 KB of enclave data per attack, including cryptographic keys used for attestation and sealing. This variant, assigned CVE-2018-3615, undermines SGX's confidentiality guarantees by leaking secrets from production enclaves, such as the 128-bit launch and attestation keys, potentially allowing forged remote attestations. Foreshadow-NG extends the attack to broader system components, breaking isolation to access unauthorized physical memory not mapped in the attacker's . One variant, Foreshadow-OS (CVE-2018-3620), focuses on operating system kernel memory leakage, permitting unprivileged user applications to read kernel data and compromise between user-mode applications. This includes potential access to (SMM) protected regions under the same CVE, where firmware-level code executes in a highly privileged environment, thus threatening low-level system . Another Foreshadow-NG variant targets virtual machines, known as Foreshadow-VMM (CVE-2018-3646), allowing a malicious guest VM to breach isolation and read from the host OS, other guest VMs, or SMM regions. This poses significant risks in environments, enabling cross-VM without privileges. While all variants leverage the same underlying L1TF fault, they diverge in escalation requirements: the original necessitates SGX enclave entry, whereas Foreshadow-OS relies on user-kernel privilege gaps, and Foreshadow-VMM exploits guest-host boundaries. These distinctions highlight Foreshadow's versatility in subverting layered hardware protections.

Background

Speculative Execution in CPUs

is a performance optimization technique in modern central processing units (CPUs) where instructions are predicted and executed ahead of their definitive resolution, particularly for branch instructions, to minimize stalls and enhance overall throughput. This approach relies on , allowing the CPU to process subsequent instructions while awaiting confirmation of decisions, thereby increasing (IPC). Key components enabling include branch prediction mechanisms, such as the Branch Target Buffer (BTB), which forecast the direction and target of branches to guide instruction fetching. The (ROB) plays a crucial role by maintaining a queue of in-flight instructions in program order, enabling the CPU to commit results only after speculation is verified correct; if a misprediction occurs, the ROB facilitates squashing of transient execution states to restore architectural consistency. These transient states represent temporary computations that are discarded upon misprediction but can still influence microarchitectural elements during their brief lifetime. In , the L1 data cache serves as the primary, lowest-latency storage for frequently accessed data, accelerating load operations during predicted instruction paths. However, this cache's proximity to the execution core makes it susceptible to alterations from transient states, where speculative loads may populate cache lines before a fault or misprediction invalidates the . Speculative execution was first introduced in processors with the in 1995, marking a shift to superscalar out-of-order designs that incorporated dynamic and to overcome limitations of in-order pipelines. This technique has evolved significantly, with modern cores like Skylake (introduced in 2015) enhancing accuracy and capacity to achieve significant IPC improvements over prior generations in branch-intensive workloads.

Relevant Intel Technologies

Intel Software Guard Extensions (SGX) is a set of CPU instructions that enable the creation and execution of hardware-protected enclaves, allowing sensitive code and data to run in isolated memory regions shielded from the operating system, hypervisor, or other privileged software. Enclave memory employs abort page semantics, where unauthorized accesses return a deterministic value (such as -1 for loads) after passing initial page table checks, ensuring architectural isolation while relying on the processor's memory encryption engine to safeguard data in caches and DRAM. This design protects against software attacks but exposes enclave contents in processor caches during speculative execution. Intel Virtualization Technology (VT-x) facilitates efficient execution by introducing two modes: VMX root operation for the host (e.g., ) and VMX non-root operation for guests. It employs Extended Page Tables (EPT) to map guest physical addresses to host physical addresses, enforcing isolation between virtual machines and the host through nested paging structures. EPT violations trigger faults that interrupt address translation, but can transiently access underlying physical memory before fault resolution, potentially bridging guest-host boundaries. System Management Mode (SMM) operates as a highly privileged execution environment in processors, activated via System Management Interrupts (SMI) to handle low-level system tasks such as and hardware error correction. SMM code executes in a dedicated (SMRAM) that is isolated from normal OS and application access, with all logical cores required to rendezvous during entry and exit to maintain confidentiality. This mode leverages the processor's capabilities for performance, placing SMM data in shared L1 caches vulnerable to transient leaks across privilege levels. Page fault handling in Intel x86 processors occurs when a memory access violates paging rules, such as referencing a non-present page or exceeding access permissions, generating a #PF exception (vector 14). The processor stores the faulting linear address in CR2 and pushes an onto the stack detailing the violation type (e.g., not present, write-protected), after which control transfers to the OS handler via the . Microarchitecturally, during address translation walks, speculative loads may temporarily populate the L1 data cache with faulting data before the fault is recognized and resolved, leading to eviction of that data upon aborting the speculation. This process integrates with broader mechanisms to maintain performance while enforcing eventual architectural correctness.

History

Discovery

The discovery of Foreshadow emerged from collaborative research efforts spanning 2017 and 2018, involving teams from imec-DistriNet at in , the Technion in , the University of Michigan in the United States, the University of Adelaide in , and CSIRO's Data61. These researchers independently identified the vulnerability through systematic exploration of Intel's (SGX), a hardware-based security feature designed to protect sensitive code and data in isolated enclaves. The team first uncovered the issue and notified Intel on January 3, 2018, while the other collaborators reported their concurrent findings during the subsequent embargo period on January 23, 2018. The initial hypothesis driving the investigation stemmed from the early 2018 disclosures of speculative execution vulnerabilities like Meltdown and Spectre, which revealed how transient out-of-order execution in modern CPUs could leak privileged data across security boundaries. Motivated by these revelations, the researchers hypothesized that similar flaws might undermine SGX's intra-address-space isolation, potentially allowing enclave secrets to be extracted via microarchitectural side channels without kernel privileges or knowledge of the victim's code. This probe focused on Intel processors supporting SGX, examining how speculative execution interacts with enclave memory protection mechanisms. A pivotal breakthrough came with the development of a novel exploitation technique using transient to inject faults into the L1 cache, enabling the leakage of arbitrary enclave memory contents. As a proof-of-concept, the team demonstrated the attack by extracting RSA private keys from SGX-protected cryptographic operations, confirming the vulnerability's ability to compromise even vetted architectural enclaves like Intel's attestation services. This L1 cache-based approach marked the first practical software-only method to dismantle SGX's core security guarantees, highlighting risks to millions of affected devices. The findings were detailed in the seminal paper "Foreshadow: Extracting the Keys to the SGX Kingdom with Transient ," authored by Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Yuval Yarom, Raoul Strackx, Thomas F. Wenisch, and Mark Silberstein, and presented at the 27th Security Symposium in August 2018. This publication established Foreshadow as a high-impact contribution to microarchitectural security research, influencing subsequent mitigations for flaws.

Disclosure Timeline

The Foreshadow vulnerability was responsibly disclosed to by researchers from on January 3, 2018, following standard practices for coordinating with the affected vendor. A second independent research team from institutions including Technion, the , the , and CSIRO's Data61 reported their findings to on January 23, 2018, during the ongoing embargo period. acknowledged the severity of the issue, assigning it CVE-2018-3615 for the core SGX-related variant, and began developing mitigations in collaboration with the researchers. In preparation for public release, distributed updates to OEMs and system vendors starting around May to June to address the vulnerability ahead of disclosure. The full public reveal occurred on August 14, , coinciding with the presentation of the seminal research paper at the Security Symposium and the issuance of Intel's security advisory INTEL-SA-00161, which detailed the L1 Terminal Fault (L1TF) family of issues. Patch rollout followed swiftly, with operating system-level mitigations integrated into major platforms. included Foreshadow protections in its August 2018 Patch Tuesday updates for Windows, while patches addressing the were upstreamed around the same time and distributed via major distributions shortly thereafter; some full ecosystem integrations extended into 2018. Subsequent variants, collectively termed Foreshadow-NG (CVEs 2018-3620 and 2018-3646), which extended the to operating system kernels, hypervisors, and virtual machines, were disclosed simultaneously with the original vulnerability in August 2018 as part of the same research and advisory. As of 2025, no major in-the-wild exploits leveraging Foreshadow or its variants have been reported, with industry focus shifting to ongoing monitoring and verification of mitigations across affected hardware.

Mechanism

Core Vulnerability

The core vulnerability in Foreshadow, known as L1 Terminal Fault (L1TF), stems from a flaw in Intel CPUs' handling of speculative execution for load instructions accessing protected memory regions. During transient out-of-order execution, the processor speculatively fetches data from physical memory addresses corresponding to page table entries (PTEs) marked as non-present (i.e., invalid PTEs where the present bit is cleared), bypassing the standard page fault checks that would normally prevent such access. This allows forbidden data—such as kernel pages or enclave secrets—to be loaded into the L1 data cache before the fault is detected and the speculation is squashed. Upon detecting the , the is squashed, but the transiently loaded data remains in the L1 data cache because the process does not invalidate the affected cache lines. This allows the leaked data to be accessible via side-channel attacks, with remnants potentially lingering in the 64-byte cache lines. At the bit level, L1TF enables the leakage of up to 512 bits (equivalent to one full 64-byte L1 cache line) per , as the entire cache line is populated during the mis-speculated load. This relies on prerequisites inherent to transient execution, including the attacker's ability to trigger mis-speculated loads targeting protected memory regions, such as those marked non-present in the page tables, while ensuring the data resides in or is fetched into the L1 cache (as L2 cache data cannot be similarly accessed).

Exploitation Techniques

Exploitation of the L1 Terminal Fault (L1TF), also known as Foreshadow, begins with triggering speculative execution to access protected memory regions. Attackers induce terminal faults by attempting to load data from unmapped or permission-violating logical addresses, such as through system calls like mmap to map invalid pages or by clearing page table entry (PTE) present bits, which provokes a page fault during memory access. In virtualized environments, extended page table (EPT) violations can be triggered by manipulating guest page tables to bypass walks and access host memory speculatively. This fault handling gap allows the processor to transiently execute out-of-order loads, populating the L1 data cache (L1D) with unauthorized data before the fault is resolved and the speculation is squashed. Once is speculatively loaded into the L1D cache, attackers extract it via side-channel attacks that measure cache state changes. The Flush+Reload technique is commonly employed, where the attacker flushes cache lines using instructions like clflush, then reloads them and times the access latency to infer whether a specific byte was cached during . This cache exploits the L1D's low latency for hits (around 4 cycles) versus misses, enabling reconstruction of leaked byte-by-byte by probing cache occupancy for each possible value. Malicious user-space code can initiate these probes without elevated privileges, provided the attacker has local code execution on the same physical machine. Proof-of-concept implementations demonstrate practical feasibility, such as repeatedly speculating loads to extract up to 4 KB of data from a protected enclave, achieving approximately 97% success rate on a Skylake CPU ( i7-6700). These exploits rely on iterative fault induction and side-channel measurements to recover contiguous memory blocks, with success depending on factors like cache contention and depth. Exploiting L1TF requires a local attacker with code execution on the target machine, typically in user space without needing administrative privileges for the basic operating system . However, targeting enclaves demand initial compromise or co-location within the protected domain to initiate effectively.

Affected Systems

Hardware

The Foreshadow vulnerability, also known as L1 Terminal Fault (L1TF), affects processors featuring microarchitectures that allow to access data in the L1 data cache (L1D) despite invalid entries, enabling potential leakage of sensitive information across security boundaries. Vulnerable microarchitectures include Haswell, Broadwell, Skylake, , , , , and , among others, due to their virtually indexed, physically tagged L1D cache design combined with speculative walks. Affected processor families span several generations of Intel products released primarily from 2012 to 2021, before full hardware mitigations were universally implemented. The following table summarizes key affected families, focusing on representative generations and models:
FamilyAffected Generations/MicroarchitecturesExamples
6th to 11th Gen (Skylake to , excluding mitigated microarchitectures like Sunny Cove in 10th Gen Ice Lake)6th Gen (Skylake S/H), 7th Gen ( S/U/Y), 8th Gen (, ), 9th Gen ( Refresh), 10th Gen ( S/H/U), 11th Gen ( S)
E3/E5/E72012–2018 (Ivy Bridge to ) E3 v2/v3/v4/v5/v6 (Ivy Bridge to Skylake), E5 v2/v3/v4 (Ivy Bridge to Broadwell), E7 v2/v3/v4
Scalable1st Gen (Skylake-SP, 2017), 2nd Gen partial (-SP pre-mitigation, 2019)Skylake-SP (06_55H), early variants
Broadwell-DE to Skylake-D (2015–2019)-1500/2100 series (Broadwell, Skylake)
Select series (2016–2019)Apollo Lake (E3900), Denverton (C3000)
Select models (2012–2018)Knights Landing (partial implementations)
Note: Within generations, some models (e.g., 10th Gen Ice Lake based on Sunny Cove) include hardware mitigations and are non-vulnerable if the RDCL_NO bit is set. These implementations are vulnerable because they lack built-in hardware barriers to prevent speculative loading of L1D cache lines from non-present or paging structures, a flaw rooted in the microarchitectural optimization for performance. Many processors released after 2019 incorporate hardware mitigations that render them non-vulnerable to L1TF, particularly those based on microarchitectures starting from Sunny Cove (e.g., Ice Lake and later generations like , ). However, some refresh-based processors, such as 11th Gen , remain vulnerable and require and software mitigations. and ARM-based processors are unaffected, as the vulnerability stems from specific microarchitectural behaviors in handling page faults during . As of November 2025, provides microcode updates for all affected processors, and major operating systems implement full mitigations by default, rendering exploitation unlikely on updated systems. Detection of L1TF status on a given processor involves querying the instruction to identify the family, model, and stepping (e.g., via leaf 0x1 for basic info and leaf 0x7 for extended features), followed by checking the IA32_ARCH_CAPABILITIES (MSR 0x10A) for bit 1 (RDCL_NO), which indicates hardware mitigation against L1TF if set; this MSR is accessible only if supported, as enumerated by leaf 0x7, subleaf 0, ECX bit 29. Tools like operating system utilities or 's microcode verification can confirm the presence of required updates.

Software and Environments

Foreshadow, also known as L1 Terminal Fault (L1TF), impacts a range of operating systems running on vulnerable processors, particularly through its Foreshadow-NG variant that enables unprivileged user-space applications to access kernel on unpatched systems. Affected platforms include and later versions, kernels starting from version 4.0, and macOS, where the vulnerability allows potential leakage of sensitive kernel data such as passwords or encryption keys. In these environments, the attack exploits transient execution to read data from the processor's L1 data cache, bypassing standard isolation mechanisms like isolation. Virtualization platforms amplify the risks of Foreshadow in multi-tenant setups, with the Foreshadow-VMM (CVE-2018-3646) enabling malicious guest virtual machines to access hypervisor memory and data from other co-located VMs on unpatched hosts. Key affected hypervisors include VMware ESXi, , and KVM-based solutions, where shared hardware resources facilitate cross-VM attacks. In cloud environments such as AWS EC2 and VMs, this can lead to between tenants, as the leverages the same L1 cache sharing on multi-core servers. Applications utilizing face the most severe threats from the Foreshadow-SGX variant (CVE-2018-3615), which dismantles enclave isolation by extracting secrets like sealing and remote attestation keys from protected memory. is commonly employed in scenarios requiring high-assurance confidentiality, such as (DRM) in Blu-ray players and the 4K Netflix client, secure computation in messaging protocols like Open Whisper Systems' , and blockchain applications including wallets that rely on hardware-enforced enclaves for key protection. On unpatched systems, these deployments risk complete compromise of enclosed data, undermining 's core promise of trusted execution. In browser-based environments, Foreshadow poses risks on vulnerable hosts running Chrome or , where code in unprivileged contexts could potentially trigger the attack to access kernel or enclave data, though browser sandboxes significantly constrain the exploit's reach compared to native applications.

Impact

Security Consequences

The Foreshadow vulnerability, also known as L1 Terminal Fault (L1TF), enables attackers to extract sensitive data from Intel SGX enclaves by exploiting to access L1 data cache contents that should be isolated. Specifically, it allows the leakage of up to 4KB of enclave memory per attack, including critical assets such as 2048-bit RSA private keys, user passwords, and SGX attestation reports that verify enclave . This breach compromises the guarantees of SGX, which is designed to protect code and data in trusted execution environments against even privileged software like the operating system or . In practical attack scenarios, a malicious tenant could steal secrets or data from co-located virtual machines, violating isolation in multi-tenant environments such as public . Similarly, running in user space might extract kernel credentials or (SMM) data, escalating privileges to access protected memory regions. These capabilities break the fundamental model, where virtual machines are expected to remain isolated from each other and the host. The broader implications of Foreshadow severely undermine trust in SGX for applications, such as secure in services relying on hardware enclaves, potentially enabling the creation of forged attestations that deceive remote parties about enclave authenticity. This erosion extends to the overall ecosystem, as it exposes flaws in hardware-enforced isolation that developers and providers have relied upon for secure multi-tenant deployments. As of November 2025, no Foreshadow exploits have been observed in the wild, though the vulnerability poses a high theoretical risk to unpatched legacy systems still using affected Intel processors like Skylake and Kaby Lake generations. However, in August 2025, researchers disclosed "L1TF Reloaded," a new attack variant combining L1TF with Spectre-like techniques to bypass mitigations and leak VM data in public clouds, underscoring persistent vulnerabilities in unpatched or incompletely mitigated systems. Its complexity limits immediate real-world deployment compared to simpler attack vectors, but persistent exposure in outdated infrastructure heightens long-term concerns for sectors dependent on SGX, such as financial and healthcare computing.

Performance Considerations

The execution of a Foreshadow attack introduces measurable overhead, primarily during the data extraction phase, where repeated speculative executions are required to reliably leak information. Extracting a full 4 KB page requires repeating the attack thousands of times across all possible byte values to reliably leak the data via the covert channel, resulting in noticeable CPU overhead for the attacking process due to the intensive trial-and-error nature of cache probing and recovery. Mitigations for Foreshadow, also known as L1 Terminal Fault (L1TF), impose varying performance costs depending on the implementation and environment. patches from , which prevent speculative access to invalid entries, typically result in 1-5% loss in (IPC) across general workloads, with bare-metal systems experiencing ≤1% overall impact in benchmarks like SPECfp2017 and Triad. In virtualized setups, operating system mechanisms akin to isolation (PTI) can increase (TLB) misses by up to 30%, exacerbating latency in memory-intensive scenarios due to frequent cache flushes on switches. Benchmark results on Skylake processors highlight these effects, showing a 2-10% drop in throughput for unmitigated versus mitigated configurations in database workloads, such as those measured with SPECjbb, where multithreaded applications see up to 4% slowdown. In virtualized environments, the impact is amplified, with reports of 10-30% performance reduction when is disabled or side-channel-aware scheduling is enforced to isolate guest VMs, particularly affecting web servers and high-density VPS deployments. Long-term hardware solutions in CPUs released post-2019, such as Intel's and subsequent generations, incorporate built-in L1TF mitigations that eliminate the need for software flushes, yielding negligible overhead compared to earlier software-only approaches—often under 1% across enterprise workloads.

Mitigation

Immediate Fixes

In response to the Foreshadow vulnerability, also known as L1 Terminal Fault (L1TF), released microcode updates in August 2018 that modify processor operations to implicitly clear sensitive data from the L1 data cache (L1D) during context switches and other speculative events, thereby preventing unauthorized speculative access. These updates are deployed through firmware from original equipment manufacturers (OEMs) or via operating system loaders, such as the intel-microcode package in distributions, which includes specific patches like those targeting SGX enclaves to block L1TF exploitation in secure environments. At the operating system level, immediate mitigations focus on configuring kernel parameters to enforce L1D flushing and restrict speculative loads from protected memory regions. In , setting the boot parameter l1tf=full activates comprehensive protection by clearing the L1D cache on every (VM) entry and ensuring that user-space pages are not speculatively loaded into the cache, applicable across affected distributions like and . For Windows, mitigations are enabled through registry modifications under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, using keys such as FeatureSettingsOverride (set to 72 or 0x48 with enabled, or 8264 or 0x2048 with it disabled) and FeatureSettingsOverrideMask (set to 3 or 0x3) to activate L1TF protections alongside broader safeguards, as detailed in Microsoft's security updates. Hypervisor configurations provide targeted fixes for virtualized environments, emphasizing isolation between guest VMs. addresses L1TF through Extended Page Tables (EPT) hardening in its vSphere updates, which invalidate speculative EPT entries to prevent cross-VM data leakage, enabled by default in patches from VMSA-2018-0020 and configurable via advanced settings like VMkernel.Boot.hyperthreadingMitigation=true for enhanced concurrent-context protection. In KVM-based setups, while also recommending L1D flushing on VM entry via kvm-intel.vmentry_l1d_flush=cond. For high-security VMs, disabling at the level or via hypervisor options fully eliminates the shared core vulnerability exploited by L1TF, as it prevents intra-core attacks without relying solely on software flushes. Detection and verification tools assist in confirming mitigation deployment. Intel provides analysis guidance and recommends scripts like the open-source spectre-meltdown-checker to assess L1TF exposure, which evaluates microcode versions and kernel configurations for completeness. In Linux, kernel parameters such as reading /sys/devices/system/cpu/vulnerabilities/l1tf report the current status (e.g., "Mitigation: PTE Inversion; VMX: conditional cache flushes"), allowing administrators to verify full protection without performance regressions from incomplete setups.

Long-term Solutions

To address the Foreshadow vulnerability (also known as L1 Terminal Fault or L1TF) in a sustainable manner, introduced hardware-level mitigations in subsequent processor generations, fundamentally altering the mechanisms that enable the attack. Starting with the family of Scalable processors released in 2019, implemented silicon-based changes to the handling and permission check processes, preventing unauthorized speculative access to L1 cache contents, including those protected by SGX enclaves. These modifications ensure that transient cannot from invalid or privileged regions, such as SGX-protected areas, without the performance overhead of software-only defenses. Later processor architectures, including Ice Lake (2019) and subsequent generations like (2020) and (2021), build on these fixes with enhanced isolation for paths and integrated protections against related side-channel vulnerabilities, such as Spectre variants. This approach prioritizes redesigning the to enforce stricter bounds on , particularly for SGX, where enclave entry and exit now include hardware-enforced cache flushes and isolation to block cross-core data leakage. As a result, systems upgraded to these processors are inherently resistant to Foreshadow without requiring ongoing patches, though full protection still necessitates compatible and OS configurations. As of August 2025, researchers demonstrated "L1TF Reloaded," an exploit bypassing some software mitigations in public cloud environments like AWS and Google Cloud, but hardware protections in post-Cascade Lake processors remain effective when combined with current and OS updates. For environments relying on SGX, long-term resilience also involves adopting updated enclave designs that leverage these hardware features, such as restricting execution to single-threaded modes on Hyper-Threaded cores and incorporating constant-time algorithms to mitigate residual timing side channels. Intel's ongoing evolution of SGX in post-Cascade Lake CPUs further emphasizes verifiable attestation and sealed key management to prevent key extraction attacks like Foreshadow-SGX, ensuring that remains viable against speculative exploits.

References

  1. https://foreshadowattack.eu/
  2. https://foreshadowattack.eu/foreshadow.pdf
  3. https://foreshadowattack.eu/foreshadow-NG.pdf
  4. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
  5. https://cyberscoop.com/cloud-security-l1tf-reloaded-public-cloud-vulnerability-exploit/
  6. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/l1-terminal-fault.html
  7. https://www.usenix.org/conference/usenixsecurity18/presentation/bulck
  8. https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/analysis-of-speculative-execution-side-channels-white-paper.pdf
  9. https://spectreattack.com/spectre.pdf
  10. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/hardware-behavior-related-to-speculative-execution.html
  11. https://ieeexplore.ieee.org/document/488575/
  12. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/analysis-speculative-execution-side-channels.html
  13. https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know
  14. https://chipsandcheese.com/p/skylake-intels-longest-serving-architecture
  15. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-van_bulck.pdf
  16. https://www.usenix.org/system/files/sec19-canella.pdf
  17. https://cdrdv2-public.intel.com/850978/253668-087-sdm-vol-3a.pdf
  18. https://www.techspot.com/news/75971-foreshadow-fifth-major-cpu-security-flaw-discovered-2018.html
  19. https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/
  20. https://www.zdnet.com/article/microsoft-heres-how-to-limit-foreshadow-attack-impact/
  21. https://blog.ariacybersecurity.com/blog/what-is-foreshadow-vulnerability-blog
  22. https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
  23. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/microcode-update-guidance.html
  24. https://cyberus-technology.de/en/articles/l1-terminal-fault
  25. https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/
  26. https://www.servethehome.com/intel-publishes-l1tf-and-foreshadow-performance-impacts/
  27. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-l1-terminal-fault.html
  28. https://access.redhat.com/articles/L1TF-perf
  29. https://www.microsoft.com/en-us/msrc/blog/2018/08/analysis-and-mitigation-of-l1-terminal-fault-l1tf
  30. https://access.redhat.com/security/vulnerabilities/L1TF
  31. https://docs.kernel.org/admin-guide/hw-vuln/l1tf.html
  32. https://support.microsoft.com/en-us/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
  33. https://www.vmware.com/security/advisories/VMSA-2018-0020.html
  34. https://github.com/speed47/spectre-meltdown-checker
  35. https://arstechnica.com/gadgets/2018/08/intels-sgx-blown-wide-open-by-you-guessed-it-a-speculative-execution-attack/
  36. https://www.phoronix.com/review/cascadelake-jcc-taa
  37. https://bughunters.google.com/blog/4684191115575296/project-rain-l1tf
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.