[ASA-201801-10] intel-ucode: access restriction bypass
Levente Polyak
anthraxx at archlinux.org
Thu Jan 11 20:57:24 UTC 2018
Arch Linux Security Advisory ASA-201801-10
==========================================
Severity: High
Date : 2018-01-10
CVE-ID : CVE-2017-5715
Package : intel-ucode
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-582
Summary
=======
The package intel-ucode before version 20180108-1 is vulnerable to
access restriction bypass.
Resolution
==========
Upgrade to 20180108-1.
# pacman -Syu "intel-ucode>=20180108-1"
The problem has been fixed upstream in version 20180108.
Workaround
==========
None.
Description
===========
An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a
commonly used performance optimization).
This variant triggers the speculative execution by utilizing branch
target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that
memory accesses may cause allocation into the microprocessor's data
cache even for speculatively executed instructions that never actually
commit (retire). As a result, an unprivileged attacker could use this
flaw to cross the syscall and guest/host boundaries and read privileged
memory by conducting targeted cache side-channel attacks.
Impact
======
A local unprivileged attacker is able to cross the syscall and
guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks.
References
==========
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://spectreattack.com
https://www.kb.cert.org/vuls/id/584653
https://xenbits.xen.org/xsa/advisory-254.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
https://security.archlinux.org/CVE-2017-5715
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180111/d112bbf0/attachment.asc>
More information about the arch-security
mailing list