ID

VAR-201801-1711

CVE

CVE-2017-5754

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Spectre vulnerability exists in the CPU processor core. Because Intel does not separate low-privileged applications from accessing kernel memory, an attacker can use a malicious application to obtain private data that should be quarantined. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Intel and ARM CPU chips have an information disclosure vulnerability, which originates from a flaw in the processor data boundary mechanism. The following products and versions are affected: ARM Cortex-A75; Intel Xeon E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4; Xeon E3-1245 v2, v3, v5, v6; Xeon X7542 wait. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 04 Jan 2018 01:01:25 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:0007-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0007 Issue date: 2018-01-03 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-693.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm kernel-doc-3.10.0-693.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm perf-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-693.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm kernel-doc-3.10.0-693.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm perf-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-693.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm kernel-doc-3.10.0-693.11.6.el7.noarch.rpm ppc64: kernel-3.10.0-693.11.6.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.11.6.el7.ppc64.rpm kernel-debug-3.10.0-693.11.6.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.11.6.el7.ppc64.rpm kernel-devel-3.10.0-693.11.6.el7.ppc64.rpm kernel-headers-3.10.0-693.11.6.el7.ppc64.rpm kernel-tools-3.10.0-693.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.11.6.el7.ppc64.rpm perf-3.10.0-693.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm python-perf-3.10.0-693.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-693.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-693.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-693.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.11.6.el7.ppc64le.rpm perf-3.10.0-693.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm python-perf-3.10.0-693.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-693.11.6.el7.s390x.rpm kernel-debug-3.10.0-693.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-693.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-693.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.11.6.el7.s390x.rpm kernel-devel-3.10.0-693.11.6.el7.s390x.rpm kernel-headers-3.10.0-693.11.6.el7.s390x.rpm kernel-kdump-3.10.0-693.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.11.6.el7.s390x.rpm perf-3.10.0-693.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-693.11.6.el7.s390x.rpm python-perf-3.10.0-693.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.s390x.rpm x86_64: kernel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm perf-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-693.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm kernel-doc-3.10.0-693.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm perf-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.11.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaTXxVXlSAg2UNWIIRAnGZAKCCDXCEpNliyl378yhPHJ11vj74bwCdFc9+ 0mPrmOPm1+0ayOnwPiH6wmA= =fBN+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03140487 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03140487 Version: 1 MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-04-12 Last Updated: 2018-04-12 Potential Security Impact: Local: Disclosure of Information Source: Micro Focus, Product Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. References: - PSRT110609 - CVE-2017-5753 - CVE-2017-5715 - CVE-2017-5754 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Virtualization Performance Viewer Software 2.20, 3.0, 3.01, 3.02, 3.03 - HPE Cloud Optimizer 2.20, 3.0, 3.01, 3.02, 3.03 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector RESOLUTION Micro Focus is actively working with its vendors to address any systems-level Spectre and Meltdown impacts.However, if you have immediate concerns or questions regarding CentOS and its approach to Spectre or Meltdown, please contact them directly. HISTORY Version:1 (rev.1) - 12 April 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - PSRT110635 - PSRT110634 - PSRT110633 - PSRT110632 - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server prior to v1.28 - HPE ProLiant DL180 Gen10 Server prior to v1.28 - HPE ProLiant DL160 Gen10 Server prior to v1.28 - HPE ProLiant DL360 Gen10 Server prior to v1.28 - HPE ProLiant ML110 Gen10 Server prior to v1.28 - HPE ProLiant DL580 Gen10 Server prior to v1.28 - HPE ProLiant DL560 Gen10 Server prior to v1.28 - HPE ProLiant DL120 Gen10 Server prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL450 Gen10 Server prior to v1.28 - HPE Synergy 660 Gen10 Compute Module prior to v1.28 - HPE ProLiant XL170r Gen10 Server prior to v1.28 - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28 - HPE ProLiant XL190r Gen10 Server prior to v1.28 - HPE ProLiant XL230k Gen10 Server prior to v1.28 - HPE ProLiant DL385 Gen10 Server prior to v1.04 - HPE Synergy 480 Gen10 Compute Module prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL730f Gen9 Server To be delivered - HPE ProLiant XL230a Gen9 Server To be delivered - HPE ProLiant XL740f Gen9 Server To be delivered - HPE ProLiant XL750f Gen9 Server To be delivered - HPE ProLiant XL170r Gen9 Server To be delivered - HP ProLiant DL60 Gen9 Server To be delivered - HPE ProLiant XL450 Gen9 Server To be delivered - HP ProLiant DL160 Gen9 Server To be delivered - HPE Apollo 4200 Gen9 Server To be delivered - HP ProLiant BL460c Gen9 Server Blade To be delivered - HP ProLiant ML110 Gen9 Server To be delivered - HP ProLiant ML150 Gen9 Server To be delivered - HPE ProLiant ML350 Gen9 Server To be delivered - HP ProLiant DL380 Gen9 Server To be delivered - HP ProLiant DL120 Gen9 Server To be delivered - HPE ProLiant DL560 Gen9 Server To be delivered - HP ProLiant BL660c Gen9 Server To be delivered - HPE ProLiant DL20 Gen9 Server To be delivered - HPE Synergy 660 Gen9 Compute Module To be delivered - HPE Synergy 480 Gen9 Compute Module To be delivered - HPE ProLiant ML30 Gen9 Server To be delivered - HPE ProLiant XL250a Gen9 Server To be delivered - HPE ProLiant XL190r Gen9 Server To be delivered - HP ProLiant DL80 Gen9 Server To be delivered - HPE ProLiant DL180 Gen9 Server To be delivered - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To be delivered - HPE ProLiant WS460c Gen9 Workstation To be delivered - HPE ProLiant XL260a Gen9 Server To be delivered - HPE Synergy 620 Gen9 Compute Module To be delivered - HPE ProLiant DL580 Gen9 Server To be delivered - HPE Synergy 680 Gen9 Compute Module To be delivered - HPE ProLiant m510 Server Cartridge prior to v1.62 - HPE ProLiant m710p Server Cartridge prior to v12/12/2017 - HPE ProLiant m710x Server Cartridge prior to v1.60 - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60) - HPE Synergy Composer prior to 12/12/2017 - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6 - HP ProLiant DL360 Gen9 Server prior to 2.3.110 - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017 - HPE ProLiant ML10 v2 Server prior to 12/12/2017 - HPE ProLiant m350 Server Cartridge prior to v1/15/2018 - HPE ProLiant m300 Server Cartridge prior to v1/15/2018 - HPE ProLiant MicroServer Gen8 prior to 12/12/2017 - HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability: * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554251) 4. ========================================================================== Ubuntu Security Notice USN-3523-1 January 09, 2018 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 Summary: Several security issues were fixed in the Linux kernel. This flaw is known as Meltdown. (CVE-2017-5754) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. (CVE-2017-17864) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: linux-image-4.13.0-25-generic 4.13.0-25.29 linux-image-4.13.0-25-lowlatency 4.13.0-25.29 linux-image-generic 4.13.0.25.26 linux-image-lowlatency 4.13.0.25.26 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 6.6) - noarch, x86_64 3. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel on the powerpc/ppc64el architectures by flushing the L1 data cache on exit from kernel mode to user mode (or from hypervisor to kernel). This works on Power7, Power8 and Power9 processors. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 IOCTL handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing . This bug could be exploited by an attacker to overwrite kernel memory from an unprivileged userland process, leading to privilege escalation. The acpi_smbus_hc_add() prints a kernel address in the kernel log at every boot, which could be used by an attacker on the system to defeat kernel ASLR. Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated in the Linux kernel architecture by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. For the stable distribution (stretch), these problems have been fixed in version 4.9.82-1+deb9u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlqO5kYACgkQ3rYcyPpX RFtjkgf9HK7sq/xNOFjZsc3iaVNdzDhDEth8ql/Q9WsbDP9JmlrwmlTsD/QAgXgx m9zIIJzyI9Dry60bVvYZHFrtYhQXX5zp9DYa89oinHv+1UxzaYHTHsNoh326k86n QUcDLYe2+JJgi/2KjLqfFfa5zgMqUNj3C6iBDezs0tCfE/QZAmAX7aA7A3mTJYLB 3v2tSoEeW0fb9M5Ic2QHJD1TW6NU+j6zaUeJRyhj7lthmyOcNxwTIrt2CswDnLUI tCMtzdce6OWAW5xXQxHwzzf5+vRvmm/f+wM2V3WTcA1Q0tfA5cZGFe2SMOhyGKtf KG1ziLYIY0OdCtdxj0K/wEzpe6cikg== =B81o -----END PGP SIGNATURE-----

IOT TAXONOMY

AFFECTED PRODUCTS