K95275140 : OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620

Security Advisory Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620 also known as Foreshadow-NG)

Impact

For products with Nonein the Versions known to be vulnerable column, there is no impact.

BIG-IP

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the BIG-IP platform. This raises a high bar for attackers attempting to target BIG-IP systems over a network and would require an additional, unpatched, user-space remote code execution vulnerability to exploit these new issues.

The only administrative roles on a BIG-IP system allowed to execute binary code or exploitable analogs, such as JavaScript, are the Administrator, Resource Administrator, Manager, and iRules Manager roles. The Administrator and Resource Administrator users already have nearly complete access to the system and all secrets on the system that are not protected by hardware based encryption. The Manager and iRules Manager roles do have more restricted access to the system, but have the ability to install new iRulesLX code. A malicious authorized Manager or iRules Manager can install malicious binary code to exploit these information leaks and gain more privileged access. F5 recommends limiting access to these roles to trusted employees.

Enterprise Manager

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the Enterprise Manager platform. This raises a high bar for attackers attempting to target the Enterprise Manager system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

BIG-IQ

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the BIG-IQ platform. This raises a high bar for attackers attempting to target the BIG-IQ system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

F5 iWorkflow

CVE-2018-3620 requires an attacker who is capable of providing and running binary code of their choosing on the F5 iWorkflow platform. This raises a high bar for attackers attempting to target the F5 iWorkflow system over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.

Traffix SDC

An unprivileged attacker can use this vulnerability to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.