Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
Overview
CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
Description
CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre (also KAISER and KPTI). These attacks are described in detail by Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). |
Impact
An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory and bypassing KASLR. |
Solution
Replace CPU hardware The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware. |
Apply updates |
Vendor Information (Learn More)
Many CPU architectures are affected. The list below consists of CPU vendors and operating system vendors. |
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| AMD | Affected | - | 03 Jan 2018 |
| Arm | Affected | - | 03 Jan 2018 |
| Affected | - | 03 Jan 2018 | |
| Intel | Affected | - | 03 Jan 2018 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 1.5 | AV:L/AC:M/Au:S/C:P/I:N/A:N |
| Temporal | 1.2 | E:POC/RL:OF/RC:C |
| Environmental | 2.0 | CDP:ND/TD:H/CR:H/IR:ND/AR:ND |
References
- https://meltdownattack.com/
- https://spectreattack.com/
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://gruss.cc/files/kaiser.pdf
- https://gruss.cc/files/prefetch.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf
- https://lwn.net/Articles/741878/
- https://lwn.net/Articles/737940/
- http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
- https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/
Credit
These issues were researched and reported by researchers at Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz).
This document was written by Art Manion.
Other Information
- CVE IDs: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
- Date Public: 03 Jan 2018
- Date First Published: 03 Jan 2018
- Date Last Updated: 03 Jan 2018
- Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.