Foreshadow vulnerabilities

Foreshadow vulnerabilities

Last Thursday Intel published details regarding three vulnerabilities presented in certain Intel processors. These vulnerabilities are identified as CVE-2018-3615 (for SGX) , CVE-2018-3620 (for operation systems and SMM) and CVE-2018-3646 (for virtualization) .

At Fuga Cloud we utilize Intel CPU architectures to provide our customers with a compute platform. And as many other cloud providers, Fuga Cloud may be affected by these vulnerabilities.

Solution

In order to be protected against these vulnerabilities, it's necessary that the operation system as well as the hypervisor and the CPU microcode of the physical server are provided with updates. Therefore, we encourage our customers to update their operating systems to prevent the possibility of indirect exploitation within their platform.

Fuga Cloud is analyzing and rolling out security patches on the different layers of our cloud platform as they are made available by our third-party suppliers. Most of these security updates can be done without any impact for our customers. Fortunately Intel has already released new microcode for many processors affected and there are already updates available for the hypervisor that we use.

More information about the vulnerabilities

Successful exploitation of these vulnerabilities enables the attacker to read data which is located in Level 1 cache memory of a processor. Exploitation requires access to the core of a physical or virtual machine, which is only available trough an operating system. More information about the vulnerabilities is explained in this video below:

Official statement by intel

Was this article helpful?


Next article:

The Cyso Group again chooses Alkmaar

New location will become a place to inspire both techies and creatives Alkmaar, June 4th 2018 - The Cyso Group, leading in hosting for the past 20 years, has been become the proud owner of a new office complex at Wognumsebuurt 3 in Alkmaar as of Friday June 1st 2018. The new location, with a floor area of 2,195 m², provides the organization enough room to continue the current growth at full speed.