Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Speculative Execution Vulnerabilities"

From EGIWiki
Jump to navigation Jump to search
(19 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{svg-header}}
{{svg-header}}


{{under construction}}
This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning Intel chips and other processors.


This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning intel chips and other processors.  
See also [[SVG:Meltdown and Spectre Vulnerabilities | EGI SVG Information on Meltdown and Spectre Vulnerabilities]] and its related advisory [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] which was compiled in January and early February 2018.  


See also [[SVG:Meltdown and Spectre Vulnerabilities | EGI SVG Information on Meltdown and Spectre Vulnerabilities]] related advisory [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] which was compiled in January and early February 2018. (This may later be merged into this page.)
EGI SVG has at present (14th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] in January 2018, [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] in May 2018 and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]]  in August 2018.


EGI SVG has at present (7th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]]  in August 2018,  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] in May 2018, and [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] in January 2018.
Intel information [https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html]


Intel information [https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html]
The important thing is that sites carry out recommended updates, including if appropriate their kernel versions. In some cases this may result in reduced performance, but the update should not be omitted because of this.  


The important thing is that sites update their kernel versions. In some cases this may result in reduced performance, but the update should not be omitted because of this.  
This [https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)  https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)]provides some information on the variants, the recommended changes concern windows.




{| {{egi-table}}
{| {{egi-table}}
!Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory    !! Comment/Other Links
!Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory    !! EGI SVG Risk <br>  !!Comment/Other Links
|-
|-
|  January 2018 || CVE-2017-5753  || Spectre(Variant 1) || Bounds Check Bypass (BCB)  || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]]     ||  
|  January 2018 || CVE-2017-5753  || Spectre(Variant 1) || Bounds Check Bypass (BCB)  || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical  || [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution ]
|-
|-


|-
|-
|  January 2018 || CVE-2017-5715  || Spectre(Variant 2) || Branch Target Injection (BTI) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]]     ||  
|  January 2018 || CVE-2017-5715  || Spectre(Variant 2) || Branch Target Injection (BTI) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical  || see link for CVE-2017-3753 
|-
|-


|-
|-
|  January 2018 || CVE-2017-5754  || Meltdown (Variant 3) || Rogue Data Cache Load (RDCL) ||  [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]]     ||  
|  January 2018 || CVE-2017-5754  || Meltdown (Variant 3) || Rogue Data Cache Load (RDCL) ||  [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical  || see link for CVE-2017-3753
|-
|-


|-
|-
|  May 2018 || CVE-2018-3640  || SpectreNG(Variant 3a) || Rogue System Register Read (RSRE ||  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]]   || [https://www.us-cert.gov/ncas/alerts/TA18-141A  https://www.us-cert.gov/ncas/alerts/TA18-141A ]
|  May 2018 || CVE-2018-3640  || SpectreNG(Variant 3a) || Rogue System Register Read (RSRE) ||  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High  || [https://www.us-cert.gov/ncas/alerts/TA18-141A  https://www.us-cert.gov/ncas/alerts/TA18-141A ]
|-
|-


|-
|-
|  May 2018 || CVE-2018-3639  || SpectreNG(Variant 4) || Speculative Store Bypass (SSB) ||  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]]     || https://access.redhat.com/security/vulnerabilities/ssbd
|  May 2018 || CVE-2018-3639  || SpectreNG(Variant 4) || Speculative Store Bypass (SSB) ||  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High    || https://access.redhat.com/security/vulnerabilities/ssbd
|-
|-


|-
|-
May 2018 || CVE-2018-3693 || SpectreNG(Variant 1.1)  || Bounds Check Bypass Store (BCBS) ||  None  ||  
June 2018 || CVE-2018-3665 ||   || Lazy FP state restore ||  None  || Moderate ||
[https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html] <br>
 
[https://access.redhat.com/security/cve/cve-2018-3665 https://access.redhat.com/security/cve/cve-2018-3665 ]
|-
|-




|-
|-
August 2018 || CVE-2018-3620 || L1TF  ||OS, SMM related aspects  ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||     [ https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html] [https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/security/vulnerabilities/L1TF  ]
July 2018 || CVE-2018-3693 || SpectreNG(Variant 1.1)  || Bounds Check Bypass Store (BCBS)  ||   Covered by <br> [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||None  ||
|-
|-


|-
|-
|  August 2018 || CVE-2018-3646 || L1TF ||Virtualization related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||     see links for CVE-2018-3620  
|  August 2018 || CVE-2018-3620 || L1TF   ||OS, SMM related aspects   ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||   High  ||
[https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html] <br>
[https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/security/vulnerabilities/L1TF ]
|-
|-


|-
|-
|  August 2018 || CVE-2018-3615 || L1TF ||SGX related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || RHEL 7 is not vulnerable but other Linux OS are  
|  August 2018 || CVE-2018-3646 || L1TF ||Virtualization related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || High ||    see links for CVE-2018-3620  
|-
|-


 
|-
 
|  August 2018 || CVE-2018-3615  || L1TF ||SGX related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || || see links for CVE-2018-3620  <br> RHEL 7 is not vulnerable but other Linux distributions, such as Debian, are.
|-






|}
|}
This provides information on the Intel L1TF vulnerability and other Intel vulnerabilities announced in August 2018.
[[SVG:L1TF  | EGI SVG L1TF and others ]] related advisory
This provides links to information on the 4th variant of the Meltdown/Spectre CPU hole announced in May 2018 which may be useful to sites
[[SVG:Spectre 4th Variant | EGI SVG Information on 4th Variant]] related advisory [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]]
Some useful info from us-cert
[https://www.us-cert.gov/ncas/alerts/TA18-141A  https://www.us-cert.gov/ncas/alerts/TA18-141A ]
This provides info on the Meltdown and Spectre vulnerabilities made public in January 2018.
SVG compiled links to information which may be useful to EGI sites.
[[SVG:Meltdown and Spectre Vulnerabilities | EGI SVG Information on Meltdown and Spectre Vulnerabilities]] related advisory [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]]

Revision as of 13:22, 17 September 2018

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Speculative Execution Vulnerabilities


This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning Intel chips and other processors.

See also EGI SVG Information on Meltdown and Spectre Vulnerabilities and its related advisory Advisory-SVG-CVE-2017-5753 which was compiled in January and early February 2018.

EGI SVG has at present (14th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities Advisory-SVG-CVE-2017-5753 in January 2018, Advisory-SVG-CVE-2018-3639 in May 2018 and Advisory-SVG-CVE-2018-3620 in August 2018.

Intel information https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

The important thing is that sites carry out recommended updates, including if appropriate their kernel versions. In some cases this may result in reduced performance, but the update should not be omitted because of this.

This https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)provides some information on the variants, the recommended changes concern windows.


Date CVE Exploit Name Public vulnerability name EGI SVG Advisory EGI SVG Risk
Comment/Other Links
January 2018 CVE-2017-5753 Spectre(Variant 1) Bounds Check Bypass (BCB) Advisory-SVG-CVE-2017-5753 Critical https://access.redhat.com/security/vulnerabilities/speculativeexecution
January 2018 CVE-2017-5715 Spectre(Variant 2) Branch Target Injection (BTI) Advisory-SVG-CVE-2017-5753 Critical see link for CVE-2017-3753
January 2018 CVE-2017-5754 Meltdown (Variant 3) Rogue Data Cache Load (RDCL) Advisory-SVG-CVE-2017-5753 Critical see link for CVE-2017-3753
May 2018 CVE-2018-3640 SpectreNG(Variant 3a) Rogue System Register Read (RSRE) Advisory-SVG-CVE-2018-3639 High https://www.us-cert.gov/ncas/alerts/TA18-141A
May 2018 CVE-2018-3639 SpectreNG(Variant 4) Speculative Store Bypass (SSB) Advisory-SVG-CVE-2018-3639 High https://access.redhat.com/security/vulnerabilities/ssbd
June 2018 CVE-2018-3665 Lazy FP state restore None Moderate

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

https://access.redhat.com/security/cve/cve-2018-3665

July 2018 CVE-2018-3693 SpectreNG(Variant 1.1) Bounds Check Bypass Store (BCBS) Covered by
Advisory-SVG-CVE-2018-3620
None
August 2018 CVE-2018-3620 L1TF OS, SMM related aspects Advisory-SVG-CVE-2018-3620 High

https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html
https://access.redhat.com/security/vulnerabilities/L1TF

August 2018 CVE-2018-3646 L1TF Virtualization related aspects Advisory-SVG-CVE-2018-3620 High see links for CVE-2018-3620
August 2018 CVE-2018-3615 L1TF SGX related aspects Advisory-SVG-CVE-2018-3620 see links for CVE-2018-3620
RHEL 7 is not vulnerable but other Linux distributions, such as Debian, are.