January 10,2018
Introduction
An industry-wide microprocessor chip vulnerability has been discovered recently known as ‘Spectre’ and ‘Meltdown’[1]. This flaw is a serious hardware flaw that uses a technique called ‘Side-Channel Attack’. A side-channel could be used to target the system’s operation like power consumption, timing etc. It is possible for a potential attacker to exploit this vulnerability to obtain sensitive information on computer systems running affected hardware. Information such as passwords stored in password manager or browser, personal photos, emails, business-critical documents and cache information can be obtained. The vulnerability could allow a potential attacker with unprivileged access, to read the memory of other processes or the memory designated to the operating system kernel.[6]
The CVE’s that are associated with this vulnerability are
- CVE-2017-5715 – Bounds Check Bypass (Spectre)[7]
- CVE-2017-5753 – Branch Target Injection (Spectre)[7]
- CVE-2017-5754 – Rogue Data Cache Load (Meltdown)[7]
CVSS Rating
CVSS Metric 3.0 : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Metric 2.0 : AV:L/AC:L/AU:N/C:C/I:N/A:N
CVSS 3.0 Score : 6.11
CVSS 2.0 Score : 4.94
Recommendations for Mitigation
- Please apply respective patches. For example, Microsoft[2], Apple[3], Linux[4] have released patches. Please see the references.
- Disable “Execute Disable Bit” that will reduce the execution of arbitrary code.
- Employ “Supervisor - Mode Access Prevention” to avoid cache attacks.
- Enable “Supervisor - Mode Execution Prevention” to avoid direct execution of application code.
Patch Information
|
Sl.No. |
Name of the Vendor |
Name of the Product |
Reference Links |
|
1 |
Intel[1] |
Processors |
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr |
|
2 |
Linux[4] |
Red Hat |
https://access.redhat.com/security/vulnerabilities/speculativeexecution |
|
SUSE |
|||
|
3 |
Microsoft[2] |
Windows |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 |
|
Windows Server |
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution |
||
|
Microsoft Edge |
|||
|
4 |
Apple[3] |
iOS |
|
|
https://support.apple.com/en-in/HT201222 |
|||
|
5 |
Google[11] |
Android |
|
|
6 |
Ubuntu[12] |
|
|
|
7 |
ASUS[13] |
|
|
|
https://www.asus.com/News/V5urzYAT6myCC1o2 |
|||
|
8 |
Dell[14] |
|
|
|
9 |
HP[15] |
Desktops |
|
|
10 |
IBM[16] |
|
|
|
11 |
Mozilla[17] |
Firefox |
|
|
12 |
VMWare[18] |
|
|
|
13 |
Citrix[19] |
XenServer |
|
|
14 |
Lenovo |
Laptops |
|
References
[1] Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
[2] Guidance to mitigate speculative execution side-channel vulnerabilities (ADV180002)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
[3] About speculative execution vulnerabilities in ARM-based and Intel CPUs
https://support.apple.com/en-us/HT208394
[4] Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
https://access.redhat.com/security/vulnerabilities/speculativeexecution
[5] An Update on AMD Security
https://www.amd.com/en/corporate/speculative-execution
[6] Vulnerability Note VU#584653 CPU hardware vulnerable to side-channel attacks
http://www.kb.cert.org/vuls/id/584653
[7] CPU Side-Channel Information Disclosure
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
[8] Spectre Attacks: Exploiting Speculative Execution
https://spectreattack.com/spectre.pdf
[9] Mozilla Security Blog
https://beebom.com/mozilla-rolls-out-firefox-57-0-4-with-meltdown-and-spectre-patches/
[10] Meltdown and Spectre Intel Processor Vulnerabilities: What You Need to Know
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/meltdown-and-spectre-intel-processor-vulnerabilities-what-you-need-to-know
[11] Product Status Google’s Mitigations Against CPU Speculative Execution Attack Methods
https://support.google.com/faqs/answer/7622138
[12] Ubuntu Security Notices
https://support.google.com/faqs/answer/7622138
[13] ASUS Update on Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
https://www.asus.com/News/YQ3Cr4OYKdZTwnQK
https://www.asus.com/News/V5urzYAT6myCC1o2
[14] Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
http://www.dell.com/support/article/in/en/indhs1/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en
http://www.dell.com/support/article/in/en/indhs1/sln308588/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-emc-products--dell-enterprise-servers--storage-and-networking-?lang=en
[15] HP Support Communication-Security Bulletin
https://support.hp.com/us-en/document/c05869091
[16] IBM Support Fixcentral
https://www-945.ibm.com/support/fixcentral/
[17] Mozilla Security Blog
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[18] Meltdown and Spectre: VMWare Products
https://vinfrastructure.it/2018/01/meltdown-spectre-vmware-patches/
[19] Citrix Update for Spectre and Meltdown
https://translate.google.co.in/translate?hl=en&sl=de&u=https://blog.sievers-group.com/citrix-update-fuer-meltdown-und-spectre/&prev=search
[20] Reading Privileged Memory with a Side Channel
https://support.lenovo.com/in/en/solutions/len-18282
