Today Intel disclosed details of new speculative execution vulnerabilities called “L1 Terminal Fault”, or L1TF for short. They’ve been assigned the CVE ids CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646.
These vulnerabilities affect all modern Intel CPUs and allow an attacker to potentially read data fragments in the L1 cache belonging to other processes or virtual machines that share that same cache.
Fixes for these vulnerabilities are available and we’re planning on rolling them out over the coming week. The updates require reboots of affected virtual machines and we’ll be notifying customers by email with a schedule of which specific services will be affected and when.
To be fully protected, customers will still need to apply OS updates within their own cloud servers, or build new cloud servers with updated images. We recommend all relevant security updates available from OS vendors are installed before the scheduled reboot, so those updates will take effect.