SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Device (Embedded Server/Appliance)  >   CPU (Generic) Vendors:   Advanced Micro Devices, Arm Holdings, Intel
Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
SecurityTracker Alert ID:  1040949
SecurityTracker URL:  http://securitytracker.com/id/1040949
CVE Reference:   CVE-2018-3639, CVE-2018-3640   (Links to External Site)
Updated:  May 22 2018
Original Entry Date:  May 22 2018
Impact:   Disclosure of system information
Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in Intel, AMD, and ARM CPUs. A local user can obtain potentially sensitive information from system memory.

A local user can exploit race conditions in CPU cache processing to obtain potentially sensitive information on the target system. This can be exploited to read arbitrary system register and memory contents on the target system.

A local user can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers [CVE-2018-3640].

The CVE-2018-3640 vulnerability is referred to as "Spectre variant 3A".

A local user can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory [CVE-2018-3639].

The CVE-2018-3639 vulnerability is referred to as "Spectre variant 4".

The original advisory is available at:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG, Jann Horn (Google Project Zero), and Ken Johnson (Microsoft Security Response Center) reported these vulnerabilities.

Impact:   A local user can view system register or memory contents on the target CPU device.
Solution:   The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.
Cause:   Access control error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 22 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 7.
May 22 2018 (Intel Issues Advisory) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Intel has issued an advisory.
May 22 2018 (ARM Issues Advisory) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
ARM Holdings has issued an advisory.
May 22 2018 (Ubuntu Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 18.04 LTS.
May 22 2018 (Red Hat Issues Fix for Oracle Java SE) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Oracle Java SE for Red Hat Enterprise Linux 6 for java-1.7.0-openjdk.
May 22 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.
May 22 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 6 and 7 for java-1.8.0-openjdk.
May 22 2018 (VMware Issues Fix for VMware Workstation/Fusion) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
VMware has issued a fix for VMware Workstation/Fusion.
May 22 2018 (Red Hat Issues Fix for Oracle Java SE) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Oracle Java SE for Red Hat Enterprise Linux 7 for java-1.7.0-openjdk.
May 22 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 6, 7, 7.3, 7.4.
May 22 2018 (Red Hat Issues Fix for Red Hat Enterprise MRG Grid) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise MRG Grid for Red Hat Enterprise Linux 6.
May 22 2018 (Ubuntu Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 17.10.
May 23 2018 (IBM Issues Fix for IBM AIX for IBM AIX) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
May 23 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.
May 23 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 6 and 7.
May 24 2018 (Oracle Issues Fix for Oracle Linux for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Oracle has issued a fix for Linux Kernel for Oracle Linux 6.
May 24 2018 (Oracle Issues Fix for Oracle Linux for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Oracle has issued a fix for Linux Kernel for Oracle Linux 7.
May 29 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 6.4, 6.5, 6.6, 7.2, and 7.3.
Jun 8 2018 (IBM Issues Fix for IBM AIX) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Jun 12 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 6.7.
Jun 13 2018 (HPE Issues Advisory for HPE ProLiant) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
HPE has issued an advisory for HPE ProLiant.
Jul 24 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.
Aug 6 2018 (Red Hat Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 6.6.
Aug 6 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux.
Aug 27 2018 (Ubuntu Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 18.04 LTS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC