SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   IBM AIX Vendors:   IBM
(IBM Issues Fix for IBM AIX) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
SecurityTracker Alert ID:  1041049
SecurityTracker URL:  http://securitytracker.com/id/1041049
CVE Reference:   CVE-2018-3639   (Links to External Site)
Date:  Jun 8 2018
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.3, 6.1, 7.1, 7.2
Description:   Two vulnerabilities were reported in Intel, AMD, and ARM CPUs. A local user can obtain potentially sensitive information from system memory. IBM AIX is affected.

A local user can exploit race conditions in CPU cache processing to obtain potentially sensitive information on the target system. This can be exploited to read arbitrary system register and memory contents on the target system.

A local user can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers [CVE-2018-3640].

The CVE-2018-3640 vulnerability is referred to as "Spectre variant 3A".

A local user can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory [CVE-2018-3639].

The CVE-2018-3639 vulnerability is referred to as "Spectre variant 4".

The original advisory is available at:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG, Jann Horn (Google Project Zero), and Ken Johnson (Microsoft Security Response Center) reported these vulnerabilities.

Impact:   A local user can view system register or memory contents on the target CPU device.
Solution:   IBM has issued a fix for IBM AIX.

The IBM advisory is available at:

https://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc

Vendor URL:  aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
May 22 2018 Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC