SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
(Ubuntu Issues Fix for Linux Kernel) Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents
SecurityTracker Alert ID:  1041574
SecurityTracker URL:  http://securitytracker.com/id/1041574
CVE Reference:   CVE-2018-3639, CVE-2018-3640   (Links to External Site)
Date:  Aug 27 2018
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS
Description:   Two vulnerabilities were reported in Intel, AMD, and ARM CPUs. A local user can obtain potentially sensitive information from system memory. Linux Kernel is affected.

A local user can exploit race conditions in CPU cache processing to obtain potentially sensitive information on the target system. This can be exploited to read arbitrary system register and memory contents on the target system.

A local user can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers [CVE-2018-3640].

The CVE-2018-3640 vulnerability is referred to as "Spectre variant 3A".

A local user can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory [CVE-2018-3639].

The CVE-2018-3639 vulnerability is referred to as "Spectre variant 4".

The original advisory is available at:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG, Jann Horn (Google Project Zero), and Ken Johnson (Microsoft Security Response Center) reported these vulnerabilities.

Impact:   A local user can view system register or memory contents on the target CPU device.
Solution:   Ubuntu has issued a fix for Linux Kernel.

The Ubuntu advisory is available at:

https://usn.ubuntu.com/usn/usn-3756-1

Vendor URL:  usn.ubuntu.com/usn/usn-3756-1 (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
May 22 2018 Intel/AMD/ARM CPU Cache Race Conditions Let Local Users Read Arbitrary Register and Memory Contents



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC