Intel “L1TF Reloaded” Flaw: New Attack Leaks Data from Virtual Machines
Researchers from VUSec, together with engineers at Google, have published a detailed account of a newly identified chain of vulnerabilities and the exploit known as “L1TF Reloaded,” which targets Intel processors from the Skylake generation onward. In essence, the flaw allows a virtual machine to manipulate the processor so that arbitrary bytes of the host’s main memory are loaded into the L1 cache, from which they can then be extracted through a timing channel. This gives an attacker a primitive for arbitrary host memory reads and, consequently, the ability to steal secrets from neighboring guest systems.
To understand the mechanics, one need only recall two properties of modern x86 CPUs: speculative execution and hierarchical SRAM caches. The processor executes instructions ahead of time based on branch prediction, and although speculative results are usually discarded, their side effects in the cache persist. The exploit combines a “half-Spectre” technique—where kernel code speculatively loads data into L1 based on an attacker-controlled index—with the L1 Terminal Fault (L1TF), a hardware address translation error that, paradoxically, can still fetch from the L1 cache as though the faulty address were valid. Together, these flaws enable an attacker to bring arbitrary bytes into L1, encode them through controlled buffer accesses, and then recover the values by measuring access times using Flush+Reload.
VUSec demonstrated that, in practice, this method yields far more than isolated byte leaks. An attacker guest can traverse pointers in the host kernel’s physmap structure, reconstruct the base of physical memory mappings, then walk through chains of pointers—from KVM objects to task_structs and page tables—ultimately enabling large-scale extraction of host memory. In a proof-of-concept attack against Nginx, this included recovering private TLS keys.
Fortunately, not all processors are vulnerable: newer Intel models (Cascade Lake and later) are immune. For vulnerable Skylake-class CPUs, mitigation required a layered and complex response. Among the steps taken were: systematically locating and neutralizing “half-Spectre” gadgets in KVM and kernel code (through techniques such as array_index_nospec), enforcing L1 cache flushes on VM Exit/Enter transitions, and, most significantly, Google’s introduction of Address Space Isolation (ASI).
ASI was designed as a proactive architectural safeguard. The kernel operates within a “restricted” address space devoid of sensitive mappings, and whenever access to the full address space is needed, a controlled ASI-Exit occurs, flushing microarchitectural state before re-entering. This severs the link between speculative execution in kernel mode and access to secret user or guest data. According to Google’s benchmarks, with ASI enabled and L1 flushing on entry transitions, performance degradation remained modest—typically under 1–3%.
Another subtle challenge lies in shared hyperthreading resources (SMT). Even after a cache flush, a sibling hyperthread could still access data before the flush completes. To counter this, Google implemented a “stunning” mechanism: briefly pausing the sibling hyperthread during ASI-Exit, eliminating potential leakage, though careful optimization is required to keep performance overheads minimal.
The authors stress the importance of collaboration between academia and industry. VUSec conducted its experiments on a dedicated Google-provided node to avoid risk to other customers, later presenting its findings at Google’s Zurich office. For their work, the researchers received $151,515—the highest tier in Google Cloud’s VRP program. Fixes and kernel patches have since been contributed upstream to the Linux community, while ASI continues to evolve collaboratively.
The conclusion is stark: patching gadgets one by one after every new hardware attack is unreliable and unsustainable. Architectural countermeasures that sever the root cause of speculative leaks are more robust and cost-effective in the long term. Address Space Isolation exemplifies this philosophy—closing an entire class of attacks while maintaining acceptable performance, a crucial balance for real-world security in cloud environments.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
