Security Alert (A18-05-06): New Variants of Meltdown and Spectre Vulnerabilities in Processors

Description:

Google Project Zero and Microsoft have recently disclosed the Rogue System Register Read (RSRE, Variant 3a) and Speculative Store Bypass (SSB, Variant 4) which are related to the previous Meltdown and Spectre vulnerabilities announced in January 2018. The vulnerabilities exploit against the speculative execution feature of modern CPU microprocessors using side-channel analysis, which may be able to bypass the Kernel Address Space Layout Randomization (KASLR) protections and read privileged data across trust boundaries. The exploitation of the vulnerabilities requires attackers to have local user privilege to load and run malicious programs or specially crafted webpages on affected systems.

Affected Systems:

The following provides a sample list of products that are affected by the vulnerabilities.  The list is not exhaustive and it is strongly recommended to consult the product vendors if the used products are affected.

Processors:

• AMD
• ARM
• Intel
• IBM POWER

Operating systems:

• Microsoft Windows
• All Linux/Unix operating systems (on 32-bit and 64-bit)

Hypervisors:

• VMWare
• Microsoft Hyper-V
• Xen
• Red Hat Virtualization

Impact:

A successful attack could lead to information disclosure.

Recommendation:

Keep systems and firmware up-to-date

System administrators should consult the product vendors to confirm the availability of patches and apply any available updates as soon as possible to mitigate the risk. Microcode updates and other system updates are expected to be released in coming weeks.

Apply available updates or patches to browsers

Most leading browser providers have previously deployed mitigations in their browser software against Meltdown and Spectre Variant 1. The mitigations may also substantially increase the difficulty of exploiting Variant 4. Users are therefore advised to follow the best practice to keep their web browsers always at the latest version as far as possible.

Related Security Alert:

• High Threat Security Alert (A18-01-03): Multiple Vulnerabilities in Microsoft Products
• High Threat Security Alert (A18-01-04): Multiple Vulnerabilities in Browsers
• High Threat Security Alert (A18-01-05): Multiple Vulnerabilities in Linux/Unix Operating Systems
• High Threat Security Alert (A18-01-06): Multiple Vulnerabilities in Apple iOS
• Security Alert (A18-01-09): Multiple Vulnerabilities in Hypervisors

More Information:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180013
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.hkcert.org/my_url/en/alert/18052301
https://www.us-cert.gov/ncas/alerts/TA18-141A
https://www.kb.cert.org/vuls/id/180049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640