Lucene search

K
lenovoLenovoLENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID
HistorySep 13, 2018 - 2:41 p.m.

Speculative Execution Side Channel Vulnerability Variants - Lenovo Support US

2018-09-1314:41:00
support.lenovo.com
25

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.976 High

EPSS

Percentile

100.0%

Lenovo Security Advisory: LEN-22133

**Potential Impact:**Malicious code running locally may be able to observe contents of privileged memory or registers, circumventing expected privilege levels

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-3639, CVE-2018-3640, CVE-2019-1125, CVE-2019-11184

Summary Description:

*Update 2019-09-13: Researchers at VU Amsterdam and Intel disclosed a potential security vulnerability in some microprocessors with Intel® Data Direct I/O Technology (Intel® DDIO) and Remote Direct Memory Access (RDMA) that may allow partial information disclosure via adjacent access. This vulnerability is referred to as NetCAT and has been assigned CVE-2019-11184.

*Update 2019-08-06: Bitdefender disclosed a new variant of Spectre variant 1 on August 6, 2019. This information disclosure vulnerability can be used to speculatively access memory, potentially allowing a malicious actor to read privileged data across trust boundaries. This variant is referred to as SWAPGS and has been assigned CVE-2019-1125.

Lenovo is aware of vulnerabilities affecting certain Intel, AMD, and other processors named “Variant 4 – Speculative Store Bypass” and “Variant 3a – Rogue System Register Read” by their discoverers. Both are “side channel” vulnerabilities, meaning they do not access protected data directly, but rather induce the processor to operate in a specific way, and observe execution timing or other externally visible characteristics to infer the protected data.

Mitigation Strategy for Customers (what you should do to protect yourself):

*Update 2019-09-13: If you have applied the BIOS updates listed in the Product Impact section below and the applicable OS update (refer to the References section of this advisory), there are no known additional actions recommended this time.

*Update 2019-08-06: If you have applied the BIOS updates listed in the Product Impact section below, you only need to apply the applicable OS update (refer to the References section of this advisory). If you have not applied the BIOS updates listed below, to protect systems against CVE-2019-1125 (SWAPGS), update to the BIOS version (or later) listed in the product impact section AND apply the OS update (see References section) for CVE-2019-1125 (SWAPGS).

There are two new vulnerability variants, which are in the same family as the side channel attacks disclosed in January (Variant 1 CVE-2017-5753, Variant 2 CVE-2017-5715, and Variant 3 CVE-2017-5754). Processor manufacturers such as Intel are making BIOS microcode updates available to address Variant 4 and 3a. We recommend updating browser, OS, and BIOS as soon as these mitigations are available:

Variant 4: Speculative Store Bypass (CVE-2018-3639)

  • Update BIOS
  • Update operating system
  • Update applications

Variant 3a: Rogue Register Load (CVE-2018-3640)

  • Update BIOS

SWAPGS (CVE-2019-1125)

  • Update BIOS
  • Update operating system

NetCAT (CVE-2019-11184)

  • Update BIOS
  • Update operating system
  • Update applications

We will update this page frequently as fixes are validated or new information emerges. Please check back often.

Prior to patching and firmware update, you can limit your risk by following the usual security best practices to prevent an attacker from running code locally on your system. For example: Limit access to only known and trusted users; install only well-vetted, trusted applications; visit only reputable web sites with minimal obtrusive advertising and content pulled-in from other sources; and if feasible, turn off JavaScript in your browser.

Product Impact:

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.976 High

EPSS

Percentile

100.0%