Intel’s L1TF Security Vulnerability
Today, Intel released a statement regarding L1 Terminal Fault (L1TF), a severe security vulnerability that affects many multi-tenant environments running virtual machines. This vulnerability exposes data to any guest running on the same processor core.
This means an attacker could theoretically use one Droplet to view another virtual machines’s memory. However, they should have no ability to target a specific virtual machines or user.
The security implications of this vulnerability are significant and require us to move rapidly to ensure our platform remains protected. In the wake of previous vulnerabilities, Intel has improved their communications flow with us and shared more information sooner, which enabled us to start our mitigation efforts yesterday. However, due to the condensed timeline, unforeseen issues may arise during these efforts. We will continue to work with Intel to enhance their multi-party vulnerability disclosure process so we can improve our agility and efficiency in the future, and better address these types of issues.
Remediation efforts will be completed within a few weeks, and during this time we will take all possible steps to ensure customer virtual machines and data remain safe.
We are closely monitoring this situation, and we will update this blog post as more information becomes available.
You can read Intel’s initial statement here.