Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Speculative Execution Vulnerabilities"

From EGIWiki
Jump to navigation Jump to search
Line 9: Line 9:
EGI SVG has at present (7th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]]  in August 2018,  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] in May 2018, and [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] in January 2018.  
EGI SVG has at present (7th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]]  in August 2018,  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] in May 2018, and [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] in January 2018.  


Intel information [https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html]




{| {{egi-table}}
{| {{egi-table}}
!Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory    !! !!
!Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory    !! Comment !! Other Links




Line 37: Line 38:


|-
|-
|  May 2018 || CVE-2018-3693  ||  SpectreNG(Variant 1.1)  || Bounds Check Bypass Store (BCBS)  ||     || ||
|  May 2018 || CVE-2018-3693  ||  SpectreNG(Variant 1.1)  || Bounds Check Bypass Store (BCBS)  ||   None  || ||
|-
|-


|-
|-
May 2018 || CVE-2018-3693 || SpectreNG(Variant 1.1)  || Bounds Check Bypass Store (BCBS) ||     || ||
August 2018 || CVE-2018-3620 || L1TF  ||Speculative Execution Side Channel vulnerabilities concerning Intel processors ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||   ||
|-
|-


|-
|-
May 2018 || CVE-2018-3693 || SpectreNG(Variant 1.1) || Bounds Check Bypass Store (BCBS)  ||     || ||
August 2018 || CVE-2018-3646 ||  || ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||   ||
|-
|-


|-
|  August 2018 || CVE-2018-3615  ||  || ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||  RHEL 7 is not vulnerable but other Linux OS are  ||
|-






|-
|  August 2018 || CVE-2018-3620  || L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors || ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||    ||
|-





Revision as of 16:40, 10 September 2018

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Speculative Execution Vulnerabilities


Baustelle.png This page is under construction.


This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning intel chips and other processors.

See also EGI SVG Information on Meltdown and Spectre Vulnerabilities related advisory Advisory-SVG-CVE-2017-5753 which was compiled in January and early February 2018. (This may later be merged into this page.)

EGI SVG has at present (7th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities Advisory-SVG-CVE-2018-3620 in August 2018, Advisory-SVG-CVE-2018-3639 in May 2018, and Advisory-SVG-CVE-2017-5753 in January 2018.

Intel information https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html


Date CVE Exploit Name Public vulnerability name EGI SVG Advisory Comment Other Links


January 2018 CVE-2017-5753 Spectre(Variant 1) Bounds Check Bypass (BCB) Advisory-SVG-CVE-2017-5753
January 2018 CVE-2017-5715 Spectre(Variant 2) Branch Target Injection (BTI) Advisory-SVG-CVE-2017-5753
January 2018 CVE-2017-5754 Meltdown (Variant 3) Rogue Data Cache Load (RDCL) Advisory-SVG-CVE-2017-5753
May 2018 CVE-2018-3640 SpectreNG(Variant 3a) Rogue System Register Read (RSRE Advisory-SVG-CVE-2018-3639
May 2018 CVE-2018-3639 SpectreNG(Variant 4) Speculative Store Bypass (SSB) Advisory-SVG-CVE-2018-3639
May 2018 CVE-2018-3693 SpectreNG(Variant 1.1) Bounds Check Bypass Store (BCBS) None
August 2018 CVE-2018-3620 L1TF Speculative Execution Side Channel vulnerabilities concerning Intel processors Advisory-SVG-CVE-2018-3620
August 2018 CVE-2018-3646 Advisory-SVG-CVE-2018-3620
August 2018 CVE-2018-3615 Advisory-SVG-CVE-2018-3620 RHEL 7 is not vulnerable but other Linux OS are



This provides information on the Intel L1TF vulnerability and other Intel vulnerabilities announced in August 2018.

EGI SVG L1TF and others related advisory


This provides links to information on the 4th variant of the Meltdown/Spectre CPU hole announced in May 2018 which may be useful to sites

EGI SVG Information on 4th Variant related advisory Advisory-SVG-CVE-2018-3639

Some useful info from us-cert

https://www.us-cert.gov/ncas/alerts/TA18-141A

This provides info on the Meltdown and Spectre vulnerabilities made public in January 2018.

SVG compiled links to information which may be useful to EGI sites.

EGI SVG Information on Meltdown and Spectre Vulnerabilities related advisory Advisory-SVG-CVE-2017-5753