Lucene search

K
archlinuxArchLinuxASA-201801-10
HistoryJan 10, 2018 - 12:00 a.m.

[ASA-201801-10] intel-ucode: access restriction bypass

2018-01-1000:00:00
security.archlinux.org
19

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%

Arch Linux Security Advisory ASA-201801-10

Severity: High
Date : 2018-01-10
CVE-ID : CVE-2017-5715
Package : intel-ucode
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-582

Summary

The package intel-ucode before version 20180108-1 is vulnerable to
access restriction bypass.

Resolution

Upgrade to 20180108-1.

pacman -Syu β€œintel-ucode>=20180108-1”

The problem has been fixed upstream in version 20180108.

Workaround

None.

Description

An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a
commonly used performance optimization).
This variant triggers the speculative execution by utilizing branch
target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that
memory accesses may cause allocation into the microprocessor’s data
cache even for speculatively executed instructions that never actually
commit (retire). As a result, an unprivileged attacker could use this
flaw to cross the syscall and guest/host boundaries and read privileged
memory by conducting targeted cache side-channel attacks.

Impact

A local unprivileged attacker is able to cross the syscall and
guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks.

References

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://spectreattack.com
https://www.kb.cert.org/vuls/id/584653
https://xenbits.xen.org/xsa/advisory-254.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
https://security.archlinux.org/CVE-2017-5715

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyintel-ucode<Β 20180108-1UNKNOWN

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%