(L1TF disclosure on 2018/8/14)
l L1 Terminal Fault (L1TF) is a security vulnerability including CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646. It may potentially affect certain non-virtualized and virtualized environments.
L1TF is derivatives of speculative execution side-channel analysis methods publicly disclosed in January and May 2018.(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3639 and CVE-2018-3640).
l QCT has been working with Intel to identify mitigations that enhance platform resiliency to this vulnerability and on its coordinated public disclosure.
l QCT keeps addressing the potential L1TF vulnerability in our products by releasing corresponding updates to BIOS with the microcode (MCU), we believe these updates help ensure our customers have access to the protections necessary for traditional IT and cloud services environments.
Please see fixed BIOS version and schedule here - http://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00115
l While the mitigations are sufficient for most environments, some - such as those where mutually untrusted guest Virtual Machines (VM) run concurrently on sibling threads of a given processor core, may necessitate additional actions.
- In these cases, it may be advisable to enable Hypervisor core scheduling techniques or choosing not to use hyper-threading in some specific scenarios. For more details, we recommend that our customers seek guidance from your hypervisor vendors.
- This should be done in conjunction with a review of the security needs for customer’s environment, assessing the approach and acceptable level of risk that also meets the unique needs of your business.
- QCT will keep providing frequent and real-time update info once Intel releases further message or updated microcode. For OS/VMM update, please contact your OS or VM vendors for detail information.