SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   CPU (Generic) Vendors:   Intel
Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
SecurityTracker Alert ID:  1041451
SecurityTracker URL:  http://securitytracker.com/id/1041451
CVE Reference:   CVE-2018-3615, CVE-2018-3620, CVE-2018-3646   (Links to External Site)
Date:  Aug 14 2018
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Intel CPUs. A local user can obtain potentially sensitive information from system memory.

A local user can conduct a speculative execution side-channel attack against the L1 cache to infer potentially sensitive information from L1 cache memory on the target system.

This method is referred to as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.

Microprocessors that support Intel Software Guard Extensions (SGX) are affected [CVE-2018-3615].

Other Intel microprocessors that use speculative execution and address translations may be affected [CVE-2018-3620].

Other Intel microprocessors that use speculative execution and address translations and that host virtual systems may be affected [CVE-2018-3646].

The following models are affected:

Core i3 processor (45nm and 32nm)
Core i5 processor (45nm and 32nm)
Core i7 processor (45nm and 32nm)
Core M processor family (45nm and 32nm)
2nd generation Core processors
3rd generation Core processors
4th generation Core processors
5th generation Core processors
6th generation Core processors
7th generation Core processors
8th generation Core processors
Core X-series Processor Family for X99 platforms
Core X-series Processor Family for X299 platforms
Xeon processor 3400 series
Xeon processor 3600 series
Xeon processor 5500 series
Xeon processor 5600 series
Xeon processor 6500 series
Xeon processor 7500 series
Xeon Processor E3 Family
Xeon Processor E3 v2 Family
Xeon Processor E3 v3 Family
Xeon Processor E3 v4 Family
Xeon Processor E3 v5 Family
Xeon Processor E3 v6 Family
Xeon Processor E5 Family
Xeon Processor E5 v2 Family
Xeon Processor E5 v3 Family
Xeon Processor E5 v4 Family
Xeon Processor E7 Family
Xeon Processor E7 v2 Family
Xeon Processor E7 v3 Family
Xeon Processor E7 v4 Family
Xeon Processor Scalable Family
Xeon Processor D (1500, 2100)

The original advisory is available at:

https://foreshadowattack.eu/

Raoul Strackx, Jo Van Bulck, and Frank Piessens of imec-DistriNet, KU Leuven, Marina Minkin and Mark Silberstein of Technion, Ofir Weisse, Daniel Genkin, Baris Kasikci, and Thomas F. Wenisch of University of Michigan, and Yuval Yarom of University of Adelaide and Data61 reported this vulnerability.

Impact:   A local user can obtain potentially sensitive information from L1 cache memory on the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Vendor URL:  www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 14 2018 (Red Hat Issues Fix) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Aug 14 2018 (VMware Issues Fix for VMware Workstation/Fusion) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
VMware has issued a fix for VMware Workstation/Fusion.
Aug 14 2018 (VMware Issues Fix for VMware vCenter) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
VMware has issued a fix for VMware vCenter.
Aug 14 2018 (VMware Issues Fix for VMware ESXi) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
VMware has issued a fix for VMware ESXi.
Aug 15 2018 (Red Hat Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 7.
Aug 15 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.
Aug 15 2018 (FreeBSD Issues Fix for FreeBSD Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
FreeBSD has issued a fix for FreeBSD Kernel for FreeBSD 11.1 and 11.2.
Aug 16 2018 (Ubuntu Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 18.04 LTS.
Aug 16 2018 (Ubuntu Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 14.04 LTS.
Aug 16 2018 (Ubuntu Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 16.04 LTS.
Aug 16 2018 (HPE Issues Fix for HPE ProLiant Computers) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
HPE has issued a fix for HPE ProLiant computers.
Aug 23 2018 (Cisco Issues Advisory for Cisco ASR Router) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Cisco has issued an advisory for Cisco ASR Router.
Aug 23 2018 (Cisco Issues Fix for Cisco Unified Computing System) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Cisco has issued a fix for Cisco Unified Computing System.
Aug 23 2018 (Cisco Issues Advisory for Cisco 4000 Series Integrated Services Routers) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Cisco has issued an advisory for Cisco 4000 Series Integrated Services Routers.
Aug 23 2018 (Cisco Issues Advisory for Cisco Video Surveillance Media Server) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Cisco has issued an advisory for Cisco Video Surveillance Media Server.
Aug 27 2018 (Ubuntu Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Ubuntu has issued a fix for Linux Kernel for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 18.04 LTS.
Aug 30 2018 (Red Hat Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 5.9.
Aug 30 2018 (Red Hat Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 5.
Sep 7 2018 (Oracle Issues Fix for Oracle Linux for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Oracle has issued a fix for Linux Kernel for Oracle Linux 6 and 7.
Sep 14 2018 (Oracle Issues Fix for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Oracle has issued a fix for Linux Kernel for Oracle Linux 5 ELS and Oracle Linux 6.
Oct 10 2018 (Oracle Issues Fix for Oracle Linux for Linux Kernel) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Oracle has issued a fix for Linux Kernel for Oracle Linux 7.
Oct 11 2018 (Oracle Issues Fix for Oracle Linux) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Oracle has issued a fix for Oracle Linux 6 and 7.
Nov 19 2018 (Ubuntu Issues Fix) Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC