Difference between revisions of "SVG:Meltdown and Spectre Vulnerabilities"
Line 1: | Line 1: | ||
{{svg-header}} | {{svg-header}} | ||
{{Template:Under_construction}} | {{Template:Under_construction}} | ||
== Purpose of this page == | == Purpose of this page == | ||
To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities. | To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities. | ||
== What are they? == | == What are they? == | ||
These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. | These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems. | ||
Meltdown affects most Intel chips, and has CVE-2017-5754 | Meltdown affects most Intel chips, and has CVE-2017-5754 | ||
Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715. | Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715. | ||
Here you will find more information [http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/] | |||
[https://meltdownattack.com/ | [https://meltdownattack.com/ https://meltdownattack.com/ ], [https://spectreattack.com/ https://spectreattack.com/] and [https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html] | ||
== CERN information == | == CERN information == | ||
CERN has compiled information which is useful for may EGI sites | CERN has compiled information which is useful for may EGI sites | ||
[https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml | [https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml] | ||
== Intel Information == | == Intel Information == | ||
Product patches | Product patches | ||
[https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File] | [https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File] | ||
== RedHat Information == | == RedHat Information == | ||
RedHat description [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution] | RedHat description [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution] | ||
[https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751] | [https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751] | ||
RedHat CVE info: | RedHat CVE info: [https://access.redhat.com/security/cve/CVE-2017-5754 https://access.redhat.com/security/cve/CVE-2017-5754] | ||
[https://access.redhat.com/security/cve/CVE-2017-5754 | |||
[https://access.redhat.com/security/cve/CVE-2017-5753 | [https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5753] | ||
[https://access.redhat.com/security/cve/CVE-2017-5715 | [https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5715] | ||
RHEL6: | RHEL6: | ||
kernel-2.6.32-696.18.7.el6: [https://access.redhat.com/errata/RHSA-2018:0008 https://access.redhat.com/errata/RHSA-2018:0008] | kernel-2.6.32-696.18.7.el6: [https://access.redhat.com/errata/RHSA-2018:0008 https://access.redhat.com/errata/RHSA-2018:0008] | ||
microcode_ctl-1.17-25.2.el6_9: [https://access.redhat.com/errata/RHSA-2018:0013 https://access.redhat.com/errata/RHSA-2018:0013] | microcode_ctl-1.17-25.2.el6_9: [https://access.redhat.com/errata/RHSA-2018:0013 https://access.redhat.com/errata/RHSA-2018:0013] | ||
RHEL7: | RHEL7: | ||
kernel-3.10.0-693.11.6.el7: [https://access.redhat.com/errata/RHSA-2018:0007 https://access.redhat.com/errata/RHSA-2018:0007] | kernel-3.10.0-693.11.6.el7: [https://access.redhat.com/errata/RHSA-2018:0007 https://access.redhat.com/errata/RHSA-2018:0007] | ||
microcode_ctl-2.1-22.2.el7: [https://access.redhat.com/errata/RHSA-2018:0012 https://access.redhat.com/errata/RHSA-2018:0012] | microcode_ctl-2.1-22.2.el7: [https://access.redhat.com/errata/RHSA-2018:0012 https://access.redhat.com/errata/RHSA-2018:0012] | ||
linux-firmware-20170606-57.gitc990aae.el7_4: [https://access.redhat.com/errata/RHSA-2018:0014 https://access.redhat.com/errata/RHSA-2018:0014] | linux-firmware-20170606-57.gitc990aae.el7_4: [https://access.redhat.com/errata/RHSA-2018:0014 https://access.redhat.com/errata/RHSA-2018:0014] | ||
<br> qemu-kvn: | |||
RHEL6: | |||
qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0024 https://access.redhat.com/errata/RHSA-2018:0024] | |||
libvirt: [https://access.redhat.com/errata/RHSA-2018:0030 https://access.redhat.com/errata/RHSA-2018:0030] | |||
RHEL7: | |||
qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0023 https://access.redhat.com/errata/RHSA-2018:0023] | |||
libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029] | |||
== Scientific Linux == | |||
SL6: | |||
[https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/] | |||
SL7: | |||
[https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/] | |||
<br> | |||
qemu-kvn: | |||
SL6: | |||
qemu- | qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180024-1/ http://scientificlinux.org/category/sl-errata/slsa-20180024-1/] | ||
libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180030-1/ http://scientificlinux.org/category/sl-errata/slsa-20180030-1/] | |||
SL7: | |||
qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180023-1/ http://scientificlinux.org/category/sl-errata/slsa-20180023-1/] | |||
libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180029-1/ http://scientificlinux.org/category/sl-errata/slsa-20180029-1/] | |||
== Ubuntu == | |||
[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown] | |||
== | == Xen == | ||
[https:// | [https://xenbits.xen.org/xsa/advisory-254.html https://xenbits.xen.org/xsa/advisory-254.html] | ||
== Other Cloud related == | |||
==Other Cloud related == | |||
The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs. | The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs. | ||
[https://www.qemu.org/2018/01/04/spectre/ https://www.qemu.org/2018/01/04/spectre/] | [https://www.qemu.org/2018/01/04/spectre/ https://www.qemu.org/2018/01/04/spectre/] |
Revision as of 16:36, 11 January 2018
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Meltdown and Spectre Vulnerabilities
This page is under construction. |
Purpose of this page
To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities.
What are they?
These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.
Meltdown affects most Intel chips, and has CVE-2017-5754
Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.
Here you will find more information http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://meltdownattack.com/ , https://spectreattack.com/ and https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html
CERN information
CERN has compiled information which is useful for may EGI sites
https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml
Intel Information
Product patches
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
RedHat Information
RedHat description https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/articles/3307751
RedHat CVE info: https://access.redhat.com/security/cve/CVE-2017-5754
https://access.redhat.com/security/cve/CVE-2017-5753
https://access.redhat.com/security/cve/CVE-2017-5715
RHEL6:
kernel-2.6.32-696.18.7.el6: https://access.redhat.com/errata/RHSA-2018:0008
microcode_ctl-1.17-25.2.el6_9: https://access.redhat.com/errata/RHSA-2018:0013
RHEL7:
kernel-3.10.0-693.11.6.el7: https://access.redhat.com/errata/RHSA-2018:0007
microcode_ctl-2.1-22.2.el7: https://access.redhat.com/errata/RHSA-2018:0012
linux-firmware-20170606-57.gitc990aae.el7_4: https://access.redhat.com/errata/RHSA-2018:0014
qemu-kvn:
RHEL6:
qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0024
libvirt: https://access.redhat.com/errata/RHSA-2018:0030
RHEL7:
qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0023
libvirt: https://access.redhat.com/errata/RHSA-2018:0029
Scientific Linux
SL6:
https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/
SL7:
https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/
qemu-kvn:
SL6:
qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180024-1/
libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180030-1/
SL7:
qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180023-1/
libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180029-1/
Ubuntu
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Xen
https://xenbits.xen.org/xsa/advisory-254.html
The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs.