All Products
Search
Document Center

[Vulnerability notice] Intel Processor L1 Terminal Fault Vulnerability

Last Updated: Jan 14, 2020

At 10:00 am on August 14th, PST, Intel officially disclosed the information of a vulnerability named “L1 Terminal Fault”. Alibaba Cloud has communicated with Intel on the key security information, and adopted corresponding emergency measures.

At present, Alibaba Cloud has made underlying improvements to ensure that the enterprise-level product instances are not affected by the vulnerability. For other possible risk scenarios, Alibaba Cloud is communicating and collaborating with Intel closely to evaluate more comprehensive optimization solutions continuously.

So far, there is no information indicating that a customer has been subjected to a real attack.

The details are as follows:


Vulnerability numbers:

CVE-2018-3615 (SGX level)

CVE-2018-3620 (operating system and SMM level)

CVE-2018-3646 (virtualization level)

The scope of the vulnerability:

This vulnerability exists in the hardware of Intel processor chips.

Vulnerability risk:

Information disclosure

Source of information:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Other notes:

For OS level fixes, users are advised to refer to the recommendations of their respective operating system vendors:

Redhat:

https://access.redhat.com/security/vulnerabilities/L1TF?intcmp=701f2000000RWJsAAO

Ubuntu:

https://blog.ubuntu.com/2018/08/14/ubuntu-updates-for-l1-terminal-fault-vulnerabilities

SUSE:

https://www.suse.com/c/suse-addresses-the-l1-terminal-fault-issue/

Windows:

https://blogs.technet.microsoft.com/srd/2018/08/14/analysis-and-mitigation-of-l1-terminal-fault-l1tf/