Intel

Notified:  April 14, 2018 Updated: August 14, 2018

Status

  Affected

Vendor Statement

INTEL-SA-00161 Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting IntelĀ® Software Guard Extensions (IntelĀ® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices. Intel is committed to product and customer security and to coordinated disclosure. We worked closely with other technology companies, operating system, and hypervisor software vendors, developing an industry-wide approach to mitigate these issues promptly and constructively. For facts about these new exploits, technical resources, and steps you can take to help protect systems and information please visit: https://www.intel.com/securityfirst.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html