==================================================================== CERT-Renater Note d'Information No. 2018/VULN006 _____________________________________________________________________ DATE : 04/01/2018 HARDWARE PLATFORM(S): Various CPU hardware implementations. OPERATING SYSTEM(S): Systems running on various CPU hardware implementations. ===================================================================== http://www.kb.cert.org/vuls/id/584653 _____________________________________________________________________ Vulnerability Note VU#584653 CPU hardware vulnerable to side-channel attacks Original Release date: 03 janv. 2018 | Last revised: 04 janv. 2018 Overview CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Description CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Impact An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory and bypassing KASLR. Solution Replace CPU hardware The underlying vulnerability is primarily caused by CPU implementation optimization choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware. Apply updates Operating system updates mitigate the underlying hardware vulnerability. Vendor Information (Learn More) Vendor Status Date Notified Date Updated AMD Affected - 03 Jan 2018 Apple Affected - 03 Jan 2018 Arm Affected - 03 Jan 2018 Google Affected - 03 Jan 2018 Intel Affected - 03 Jan 2018 Linux Kernel Affected - 03 Jan 2018 Microsoft Affected - 03 Jan 2018 Mozilla Affected - 03 Jan 2018 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 1,5 AV:L/AC:M/Au:S/C:P/I:N/A:N Temporal 1,2 E:POC/RL:OF/RC:C Environmental 2,0 CDP:ND/TD:H/CR:H/IR:ND/AR:ND References https://meltdownattack.com/ https://spectreattack.com/ https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities https://github.com/IAIK/KAISER https://gruss.cc/files/kaiser.pdf https://gruss.cc/files/prefetch.pdf https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf https://lwn.net/Articles/741878/ https://lwn.net/Articles/737940/ http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/ Credit These issues were researched and reported by researchers at Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). This document was written by Art Manion. Other Information CVE IDs: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Date Public: 03 janv. 2018 Date First Published: 03 janv. 2018 Date Last Updated: 04 janv. 2018 Document Revision: 28 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================