Difference between revisions of "SVG:Speculative Execution Vulnerabilities"
(18 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{svg-header}} | {{svg-header}} | ||
This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning Intel chips and other processors. | |||
See also [[SVG:Meltdown and Spectre Vulnerabilities | EGI SVG Information on Meltdown and Spectre Vulnerabilities]] and its related advisory [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] which was compiled in January and early February 2018. | |||
EGI SVG has at present (14th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] in January 2018, [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] in May 2018 and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] in August 2018. | |||
Intel information [https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html] | |||
The important thing is that sites carry out recommended updates, including if appropriate their kernel versions. In some cases this may result in reduced performance, but the update should not be omitted because of this. | |||
This [https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)]provides some information on the variants, the recommended changes concern windows. | |||
{| {{egi-table}} | {| {{egi-table}} | ||
!Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory !! Comment/Other Links | !Date !! CVE !! Exploit Name !! Public vulnerability name!! EGI SVG Advisory !! EGI SVG Risk <br> !!Comment/Other Links | ||
|- | |- | ||
| January 2018 || CVE-2017-5753 || Spectre(Variant 1) || Bounds Check Bypass (BCB) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] | | January 2018 || CVE-2017-5753 || Spectre(Variant 1) || Bounds Check Bypass (BCB) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical || [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution ] | ||
|- | |- | ||
|- | |- | ||
| January 2018 || CVE-2017-5715 || Spectre(Variant 2) || Branch Target Injection (BTI) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] | | January 2018 || CVE-2017-5715 || Spectre(Variant 2) || Branch Target Injection (BTI) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical || see link for CVE-2017-3753 | ||
|- | |- | ||
|- | |- | ||
| January 2018 || CVE-2017-5754 || Meltdown (Variant 3) || Rogue Data Cache Load (RDCL) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] | | January 2018 || CVE-2017-5754 || Meltdown (Variant 3) || Rogue Data Cache Load (RDCL) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical || see link for CVE-2017-3753 | ||
|- | |- | ||
|- | |- | ||
| May 2018 || CVE-2018-3640 || SpectreNG(Variant 3a) || Rogue System Register Read (RSRE | | May 2018 || CVE-2018-3640 || SpectreNG(Variant 3a) || Rogue System Register Read (RSRE) || [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High || [https://www.us-cert.gov/ncas/alerts/TA18-141A https://www.us-cert.gov/ncas/alerts/TA18-141A ] | ||
|- | |- | ||
|- | |- | ||
| May 2018 || CVE-2018-3639 || SpectreNG(Variant 4) || Speculative Store Bypass (SSB) || [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] | | May 2018 || CVE-2018-3639 || SpectreNG(Variant 4) || Speculative Store Bypass (SSB) || [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High || https://access.redhat.com/security/vulnerabilities/ssbd | ||
|- | |- | ||
|- | |- | ||
| | | June 2018 || CVE-2018-3665 || || Lazy FP state restore || None || Moderate || | ||
[https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html] <br> | |||
[https://access.redhat.com/security/cve/cve-2018-3665 https://access.redhat.com/security/cve/cve-2018-3665 ] | |||
|- | |- | ||
|- | |- | ||
| | | July 2018 || CVE-2018-3693 || SpectreNG(Variant 1.1) || Bounds Check Bypass Store (BCBS) || Covered by <br> [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] ||None || | ||
|- | |- | ||
|- | |- | ||
| August 2018 || CVE-2018- | | August 2018 || CVE-2018-3620 || L1TF ||OS, SMM related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || High || | ||
[https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html] <br> | |||
[https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/security/vulnerabilities/L1TF ] | |||
|- | |- | ||
|- | |- | ||
| August 2018 || CVE-2018-3615 || L1TF ||SGX related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || RHEL 7 is not vulnerable but other Linux | | August 2018 || CVE-2018-3646 || L1TF ||Virtualization related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || High || see links for CVE-2018-3620 | ||
|- | |||
|- | |||
| August 2018 || CVE-2018-3615 || L1TF ||SGX related aspects ||[[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || || see links for CVE-2018-3620 <br> RHEL 7 is not vulnerable but other Linux distributions, such as Debian, are. | |||
|- | |- | ||
Line 56: | Line 66: | ||
|} | |} | ||
Revision as of 14:22, 17 September 2018
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Speculative Execution Vulnerabilities
This provides information that may be useful to sites concerning the various speculative execution vulnerabilities concerning Intel chips and other processors.
See also EGI SVG Information on Meltdown and Spectre Vulnerabilities and its related advisory Advisory-SVG-CVE-2017-5753 which was compiled in January and early February 2018.
EGI SVG has at present (14th September 2018) issued 3 advisories related to Speculative Execution Vulnerabilities Advisory-SVG-CVE-2017-5753 in January 2018, Advisory-SVG-CVE-2018-3639 in May 2018 and Advisory-SVG-CVE-2018-3620 in August 2018.
Intel information https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
The important thing is that sites carry out recommended updates, including if appropriate their kernel versions. In some cases this may result in reduced performance, but the update should not be omitted because of this.
This https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)provides some information on the variants, the recommended changes concern windows.
Date | CVE | Exploit Name | Public vulnerability name | EGI SVG Advisory | EGI SVG Risk |
Comment/Other Links |
---|---|---|---|---|---|---|
January 2018 | CVE-2017-5753 | Spectre(Variant 1) | Bounds Check Bypass (BCB) | Advisory-SVG-CVE-2017-5753 | Critical | https://access.redhat.com/security/vulnerabilities/speculativeexecution |
January 2018 | CVE-2017-5715 | Spectre(Variant 2) | Branch Target Injection (BTI) | Advisory-SVG-CVE-2017-5753 | Critical | see link for CVE-2017-3753 |
January 2018 | CVE-2017-5754 | Meltdown (Variant 3) | Rogue Data Cache Load (RDCL) | Advisory-SVG-CVE-2017-5753 | Critical | see link for CVE-2017-3753 |
May 2018 | CVE-2018-3640 | SpectreNG(Variant 3a) | Rogue System Register Read (RSRE) | Advisory-SVG-CVE-2018-3639 | High | https://www.us-cert.gov/ncas/alerts/TA18-141A |
May 2018 | CVE-2018-3639 | SpectreNG(Variant 4) | Speculative Store Bypass (SSB) | Advisory-SVG-CVE-2018-3639 | High | https://access.redhat.com/security/vulnerabilities/ssbd |
June 2018 | CVE-2018-3665 | Lazy FP state restore | None | Moderate |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html | |
July 2018 | CVE-2018-3693 | SpectreNG(Variant 1.1) | Bounds Check Bypass Store (BCBS) | Covered by Advisory-SVG-CVE-2018-3620 |
None | |
August 2018 | CVE-2018-3620 | L1TF | OS, SMM related aspects | Advisory-SVG-CVE-2018-3620 | High |
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html |
August 2018 | CVE-2018-3646 | L1TF | Virtualization related aspects | Advisory-SVG-CVE-2018-3620 | High | see links for CVE-2018-3620 |
August 2018 | CVE-2018-3615 | L1TF | SGX related aspects | Advisory-SVG-CVE-2018-3620 | see links for CVE-2018-3620 RHEL 7 is not vulnerable but other Linux distributions, such as Debian, are. |