Intel discloses a new vulnerability recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF) which affects select Intel microprocessor products that support the Intel Software Guard Extension (Intel SGX). Further research of the Intel security team was able to identify two related applications of the L1 Terminal Fault with the potential to impact other microprocessors, virtualization software, and operating systems. While Intel hasn’t received reports that these vulnerabilities have been used in real-world exploits, Intel emphasizes the importance to adhere to security best practices at all times.
About L1 Terminal Fault
All three applications of L1TF are speculative execution side channel cache timing vulnerabilities. In this regard, they are similar to previously reported variants. These particular methods target access to the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next. Learn more about the L1 Terminal Fault vulnerability on the video below:
Learn more about L1TF at Intel’s Security Centre. You can also check Intel’s white paper here.
Bug Bounty Program Expanded
Amidst the discoveries of new vulnerabilities, Intel expands its Bug Bounty Program along with higher rewards, offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000. Intel also raised bounty awards across the board, with awards of up to $100,000 for other areas.