These 3 issues all relate to a bug in Intel cpus The cpu will speculatively honour invalid PTE against data in the on-core L1 cache. Memory disclosure occurs into the wrong context.
These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together are the currently public artifacts of this one bug. There may be more artifacts of this on the way, perhaps combined with other past and not yet known mistakes. CVE-2018-3620 matters for the host OS. We have reviewed our pmap module and it appears like we never invalidate a PTE by clearing the 'valid' bit alone, we always clear the PTE to 0 entirely. Page 0 of physical memory is unused. As well, we don't support Wine (which has VA 0 / PA 0 issues); we don't support 32-bit emulation in 64-bit mode which makes things trickier, and we have SMT disabled by default which reduces the risk patterns further. CVE-2018-3646 relates to the same bug, but considers the cross-domain impact upon entering VMs, which obviously run in different security domains. A patch should arrive soon to flush the L1 cache before vmenter, so that an incorrectly accessed PTE can't read data from another domain. Another aspect of the risk in this area goes away if SMT is disabled, so keep it disabled! CVE-2018-3615 (Foreshadow) is by receiving the most press which is amazing considering it is by far the most boring of the 3, since very few few people give a rats ass about SGX -- who cares if SGX is broken when the cpu can't run your OS safely? Some convincing press agencies were hired I guess, and have performed a masterful job of distracting. We had some idea this class of problem was coming, through hints we received from others and an extremely cynical perspective that has developed. We believe Intel cpus do almost no security checks up-front, but defer checks until instruction retire. As a result we believe similar issues will be coming in the future. We asked repeatedly, but Intel provided no advance notice. We did not even receive replies to our requests for dialogue. On a side note, AMD cpus are not vulnerable to this problem. Currently it is believed their address translation layer works according to spec.