At 10:00 am on August 14th, PST, Intel officially disclosed the information of a vulnerability named “L1 Terminal Fault”. Alibaba Cloud has communicated with Intel on the key security information, and adopted corresponding emergency measures.
At present, Alibaba Cloud has made underlying improvements to ensure that the enterprise-level product instances are not affected by the vulnerability. For other possible risk scenarios, Alibaba Cloud is communicating and collaborating with Intel closely to evaluate more comprehensive optimization solutions continuously.
So far, there is no information indicating that a customer has been subjected to a real attack.
The details are as follows:
Vulnerability numbers:
CVE-2018-3615 (SGX level)
CVE-2018-3620 (operating system and SMM level)
CVE-2018-3646 (virtualization level)
The scope of the vulnerability:
This vulnerability exists in the hardware of Intel processor chips.
Vulnerability risk:
Information disclosure
Source of information:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
Other notes:
For OS level fixes, users are advised to refer to the recommendations of their respective operating system vendors:
Redhat:
https://access.redhat.com/security/vulnerabilities/L1TF?intcmp=701f2000000RWJsAAO
Ubuntu:
https://blog.ubuntu.com/2018/08/14/ubuntu-updates-for-l1-terminal-fault-vulnerabilities
SUSE:
https://www.suse.com/c/suse-addresses-the-l1-terminal-fault-issue/
Windows: