Search...

CPU hardware vulnerable to side-channel attacks

2018-01-04T00:00:00
ID VU:584653
Type cert
Reporter CERT
Modified 2018-07-03T21:27:00

Description

Overview

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants:

* Variant 1 (CVE-2017-5753, [Spectre](<https://spectreattack.com/spectre.pdf>)): Bounds check bypass
* Variant 2 (CVE-2017-5715, also [Spectre](<https://spectreattack.com/spectre.pdf>)): Branch target injection[](<https://spectreattack.com/spectre.pdf>)
* Variant 3 (CVE-2017-5754, [Meltdown](<https://meltdownattack.com/meltdown.pdf>)): Rogue data cache load, memory access permission check performed after kernel memory read

Spectre

Spectre attacks take advantage of a CPU's branch prediction capabilities. Modern CPUs include a feature called branch prediction, which speculatively executes instructions at a location that the CPU believes it will branch to. Such speculative execution helps to more fully utilize the parts of the CPU, minimizing the time waiting, and therefore improving performance. When a branch is successfully predicted, instructions will retire, which means the outcomes of the instructions such as register and memory writes will be committed. If a branch is mispredicted, the speculatively-executed instructions will be discarded, and the direct side-effects of the instructions are undone. What is not undone are the indirect side-effects, such as CPU cache changes. By measuring latency of memory access operations, the cache can be used to extract values from speculatively-executed instructions.

With Spectre variant 1 (CVE-2017-5753), the instructions after a conditional branch are speculatively executed as the result of a misprediction. With Spectre variant 2 (CVE-2017-5715), the CPU executes instructions at a location determined by a mispredicted branch target.

With both variants of the Spectre attack, the impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted.

While the Spectre attack itself does not cross a user/kernel memory privilege boundary, depending on the configuration of the target platform, the Spectre attack may indirectly allow a user-space application to access kernel memory. For example, the Project Zero blog post describes a scenario that uses eBPF to exfiltrate kernel memory contents into user-space code. This is made possible because eBPF JIT allows for userspace applications to inject code that is executed in kernel space. While this code is verified by the kernel, eBPF-compliant code will be allowed to execute with kernel permissions. The exploit described by Project Zero leverages eBPF to execute the Spectre attack in kernel space, while exfiltrating the data to user space. It is possible that other technologies that allow in-kernel code execution may also possibly be leveraged to leak kernel memory using Spectre.

Meltdown

Meltdown is related to the Spectre attack in that it also uses a cache side channel to access data that otherwise wouldn't be available. The main difference is that it leverages out-of-order execution capabilities in modern CPUs. Like speculative execution due to branch prediction, as used by Spectre, out-of-order execution on a CPU is a technique for ensuring fullest utilization of the CPU's parts. Although instructions may appear sequentially in the machine language, a CPU that supports out-of-order execution may execute instructions in a non-sequential manner, which can minimize the time that a CPU spends idle.

Meltdown leverages insecure behavior that has been demonstrated in Intel CPUs and may affect CPUs from other vendors. Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution. The Meltdown attack reads a kernel memory value, which raises an exception because code running with user-space privileges are not permitted to directly read kernel memory. However, due to the race condition, out-of-order instructions following the faulting instruction may also execute. Even though instructions appear after the faulting instruction, out-of-order execution allows them to execute, using data retrieved from the instruction that raises the exception. By the time the exception is raised, some number of out-of-order instructions have executed. Although the raised exception causes the CPU to roll back the out-of-order instructions, the cache state is not reverted. This allows data from out-of-order instructions to persist beyond the point when the exception has been raised.

The impact of Meltdown is that a process running in user space is able to view the contents of kernel memory. Meltdown may also allow Spectre-like memory content leaking that does not cross the user/kernel privilege boundary.

The Linux kernel mitigations for Meltdown are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Because the Spectre attacks do not cross user/kernel boundaries, the protections introduced with KAISER/KPTI do not add any protection against them.

The following table compares Spectre and Meltdown.

| border="0"| Spectre| Meltdown
---|---|---
CPU mechanism for triggering| Speculative execution from branch prediction| Out-of-order execution
Affected platforms| CPUs that perform speculative execution from branch prediction| CPUs that allow memory reads in out-of-order instructions
Difficulty of successful attack| High - Requires tailoring to the software environment of the victim process| Low - Kernel memory access exploit code is mostly universal
Impact| Cross- and intra-process (including kernel) memory disclosure| Kernel memory disclosure to userspace
Software mitigations| Variant 1: Compiler changes. Web browser updates to help prevent exploitation from JavaScript
Variant 2: Indirect Branch Restricted Speculation (IBRS).
Note: The software mitigation for Spectre variant 2 requires CPU microcode updates| Kernel page-table isolation (KPTI)

Impact

An attacker able to execute code with user privileges can achieve various impacts. The Meltdown attack allows reading of kernel memory from userspace. This can result in privilege escalation, disclosure of sensitive information, or it can weaken kernel-level protections, such as KASLR. The Spectre attack can allow inter-process or intra-process data leaks.

To execute code locally, an attacker would require a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk.

Solution

Apply updates

Operating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems will no longer receive security updates via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary.

Consider CPU Options

Initial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations. While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches. Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities.

Vendor Information

584653

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

AMD Affected

Updated: January 03, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.amd.com/en/corporate/speculative-execution>

Amazon Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://aws.amazon.com/security/security-bulletins/AWS-2018-013/>

Android Open Source Project Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://source.android.com/security/bulletin/2018-01-01>

Apple __ Affected

Updated: February 02, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://support.apple.com/en-us/HT208394>
  • <https://support.apple.com/en-us/HT208397>
  • <https://support.apple.com/en-us/HT208403>
  • <https://support.apple.com/en-us/HT208401>
  • <https://support.apple.com/en-ca/HT208465>

Addendum

<https://twitter.com/aionescu/status/948609809540046849>
<https://twitter.com/ErrataRob/status/949088097475743744>

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Arm __ Affected

Updated: January 03, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://developer.arm.com/support/security-update>
  • <https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf>

Addendum

<https://lwn.net/Articles/740393/>

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CentOS Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://lists.centos.org/pipermail/centos-announce/2018-January/date.html>

Cisco Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel>

Citrix Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://support.citrix.com/article/CTX231399>

Debian GNU/Linux Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://security-tracker.debian.org/tracker/CVE-2017-5754>

Dell Affected

Updated: January 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://www.dell.com/support/contents/us/en/19/article/product-support/self-support-knowledgebase/software-and-downloads/support-for-meltdown-and-spectre>

DragonFly BSD Project Affected

Updated: January 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html>

Fedora Project Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://fedoramagazine.org/protect-fedora-system-meltdown/>

Fortinet, Inc. Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://fortiguard.com/psirt/FG-IR-18-002>

FreeBSD Project Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.freebsd.org/news/newsflash.html#event20180104:01>

Fujitsu Affected

Updated: January 11, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://support.ts.fujitsu.com/content/SideChannelAnalysisMethod.asp?lng=EN>

Google Affected

Updated: January 03, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html>
  • <https://support.google.com/faqs/answer/7622138>

Hewlett Packard Enterprise Affected

Updated: January 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.hpe.com/us/en/services/security-vulnerability.html>

IBM Corporation Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/>

Intel Affected

Updated: January 22, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://newsroom.intel.com/news/intel-responds-to-security-research-findings/>
  • <https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits>
  • <https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html>
  • <https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/>
  • <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf>

Lenovo Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://support.lenovo.com/us/en/solutions/len-18282>

Linux Kernel Affected

Updated: January 04, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://lkml.org/lkml/2017/11/22/956>
  • <https://lkml.org/lkml/2018/1/4/174>
  • <https://lkml.org/lkml/2018/1/4/615>

Microsoft __ Affected

Updated: January 11, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in>
  • <https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>
  • <https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/CVE-2017-5715-and-hyper-v-vms>
  • <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>
  • <https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/>
  • <https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/>
  • <https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/>
  • <https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices>

Addendum

Note that Windows systems without antivirus do not appear to receive the ADV180002 update automatically. In order to receive the update through Windows Update, run the following command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0 /f
If a third-party antivirus product does not explicitly indicate compatibility with to the protections provided by ADV180002 using the above registry value, the system will not automatically receive the ADV180002 update as well.

Once a system has the ADV180002 update installed, it must be manually activated using the following commands to make the appropriate registry changes:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
Also note that in addition to the above changes, ADV180002 requires CPU microcode updates to achieve full protection. In some cases, Windows Update may not automatically install the ADV180002 update. An unofficial spreadsheet of antivirus vendor compatibility with this update is maintained here:

On systems that have not received the ADV180002 update automatically, you may have to install the update manually. Please see for more details.

To verify that your Windows system has protections against Meltdown and Spectre variant 2, in a PowerShell session running with Administrator privileges, run:

  1. Install-Module SpeculationControl
    If this fails, you may need to install PackageManagement PowerShell Modules
  2. Get-SpeculationControlSettings
    If this fails, you may need to change your PowerShell ExecutionPolicy setting: Set-ExecutionPolicy RemoteSignedOnce you are satisfied with the PowerShell output, you can revert the ExecutionPolicy setting back to the default Restricted setting by running:
    Set-ExecutionPolicy Restricted
    The output of this PowerShell command will indicate the status of whether the CPU has the required microcode update, whether Windows has the required software update installed, and whether the mitigations are enabled. Any setting that indicates "False" is an indicator of incomplete protection from Meltdown and/or Spectre.

For example, a system that has the ADV180002 update properly installed and enabled, but is missing the CPU microcode update to fully enable the protections will show output like this:

Once the CPU microcode is updated on such a system (e.g. by way of a BIOS update) , the output will look like this, which indicates that the protections that Microsoft have released are fully enabled:

If the above PowerShell command indicates "Windows OS support for PCID optimization is enabled: False", this is a symptom of using a processor that doesn't support process context identifiers (PCID). Such processors cannot take advantage of the performance optimization that avoids a TLB flush.

If the above PowerShell command indicates "Hardware requires kernel VA shadowing: False", this is a symptom of using a processor that doesn't require mitigations for CVE-2017-5754 (Meltdown).

Also note that Microsoft has not yet provided protection for CVE-2017-5754 (Meltdown) on affected 32-bit platforms.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mozilla Affected

Updated: January 03, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>

NVIDIA Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://nvidia.custhelp.com/app/answers/detail/a_id/4609>
  • <http://nvidia.custhelp.com/app/answers/detail/a_id/4611>
  • <http://nvidia.custhelp.com/app/answers/detail/a_id/4613>
  • <http://nvidia.custhelp.com/app/answers/detail/a_id/4614>
  • <https://www.nvidia.com/en-us/product-security/>

NetBSD Affected

Updated: January 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD Affected

Updated: January 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Oracle Corporation Affected

Updated: February 23, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.theregister.co.uk/2018/01/16/oracle_quarterly_patches_jan_2018/>

QUALCOMM Incorporated __ Affected

Updated: January 11, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The Register has published the following: <https://www.theregister.co.uk/2018/01/06/qualcomm_processor_security_vulnerabilities/>

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc. Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

SUSE Linux Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/>
  • <http://lists.suse.com/pipermail/sle-security-updates/2018-January/date.html>

Synology Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.synology.com/en-global/support/security/Synology_SA_18_01>

Trend Micro Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>

Ubuntu Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown>

VMware Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.vmware.com/security/advisories/VMSA-2018-0002.html>

Xen Affected

Updated: January 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://xenbits.xen.org/xsa/advisory-254.html>
  • <https://blog.xenproject.org/2018/01/22/xen-project-spectre-meltdown-faq-jan-22-update/>

openSUSE project Affected

Updated: January 05, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00001.html>

NetApp Not Affected

Updated: January 08, 2018

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Raspberry Pi Not Affected

Updated: January 08, 2018

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/>

Technicolor __ Not Affected

Updated: January 08, 2018

Status

Not Affected

Vendor Statement

Both Spectre and Meltdown attacks presupposed “open platforms”, where
additional code can be added by a non-privileged user. The Technicolor products
are not open platforms. Even where 3rd party application can run in containers
and can be managed via Life Cycle Management, these applications are validated
and signed before they can be installed on the platform. Technicolor is
currently working with its vendors to identify if additional layers of
protection are needed. Yet, as the current platforms are closed and have secure
bootloading mechanism in place, there is no risk and no privilege acquired by
an attacker in exploiting such an attack on Technicolor's devices.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ASUSTeK Computer Inc. Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Acer Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc. Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://support.f5.com/csp/article/K91229003>

GIGABYTE Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc. Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Semiconductor Inc. Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Corporation Unknown

Updated: January 05, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 46 vendors View less vendors

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 4.4 | AV:L/AC:M/Au:S/C:C/I:N/A:N
Temporal | 3.4 | E:POC/RL:OF/RC:C
Environmental | 5.1 | CDP:ND/TD:H/CR:H/IR:ND/AR:ND

References

  • <https://vuls.cert.org/confluence/display/Wiki/Vulnerabilities+Associated+with+CPU+Speculative+Execution>
  • <https://meltdownattack.com/>
  • <https://meltdownattack.com/meltdown.pdf>
  • <https://spectreattack.com/>
  • <https://spectreattack.com/spectre.pdf>
  • <https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html>
  • <https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>
  • <https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/>
  • <https://github.com/IAIK/KAISER>
  • <https://gruss.cc/files/kaiser.pdf>
  • <https://gruss.cc/files/prefetch.pdf>
  • <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf>
  • <https://lkml.org/lkml/2017/12/27/2>
  • <https://lkml.org/lkml/2018/1/4/615>
  • <https://lwn.net/Articles/741878/>
  • <https://lwn.net/Articles/737940/>
  • <https://lwn.net/Articles/742702/>
  • <http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table>
  • <https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/>
  • <https://en.wikipedia.org/wiki/Kernel_page-table_isolation>
  • <https://chrisam.net/2018/01/04/speculative-execution-side-channel-vulnerabilities-vendor-published-info/>
  • <https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/>
  • <https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec>
  • https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
  • <https://github.com/iadgov/Spectre-and-Meltdown-Guidance>
  • <https://arxiv.org/abs/1802.03802>

Acknowledgements

These issues were researched and reported by researchers at Google Project Zero (Jann Horn) the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (Gruss et. al.), Paul Kocher, and Anders Fogh.

This document was written by Art Manion and Will Dormann.

Other Information

CVE IDs: | CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
---|---
Date Public: | 2018-01-03
Date First Published: | 2018-01-04
Date Last Updated: | 2018-07-03 21:27 UTC
Document Revision: | 231

JSON Vulners Source
Initial Source


All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018
Protected by