Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0121
Two new speculative execution side-channel vulnerabilities announced
22 May 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CPU Microcode
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Mobile Device
Virtualisation
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-3640 CVE-2018-3639
Member content until: Thursday, June 21 2018
Reference: ASB-2018.0002.4
OVERVIEW
New vulnerabilities have been found in CPU microcode using
speculative execution. Continuing from Spectre and Meltdown, Intel
has announced Variant 3a and Variant 4 of the side-channel attacks. [1]
IMPACT
Intel advises:
"CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4
Systems with microprocessors utilizing speculative execution and speculative
execution of memory reads before the addresses of all prior memory writes are
known may allow unauthorized disclosure of information to an attacker with
local user access via a side-channel analysis.
4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a
Systems with microprocessors utilizing speculative execution and that perform
speculative reads of system registers may allow unauthorized disclosure of
system parameters to an attacker with local user access via a side-channel
analysis.
4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" [1]
MITIGATION
Intel advises:
"Most leading browser providers have recently deployed mitigations in their
Managed Runtimes – mitigations that substantially increase the difficulty of
exploiting side channels in a modern web browser. These techniques would
likewise increase the difficulty of exploiting a side channel in a browser
based on SSB.
Intel has released Beta microcode updates to operating system vendors,
equipment manufacturers, and other ecosystem partners adding support for
Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by
providing a means for system software to completely inhibit a Speculative Store
Bypass from occurring if desired. This is documented in whitepapers located at
Intel’s Software Side-Channel Security site. Most major operating system and
hypervisors will add support for Speculative Store Bypass Disable (SSBD)
starting as early as May 21, 2018.
The microcode updates will also address Rogue System Register Read (RSRR) –
CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return
data under certain conditions. This is documented in whitepapers located at
Intel’s Software Side-Channel Security site. No operating system or hypervisor
changes are required to support the RDMSR change.
It is expected beta microcode updates will be fully production qualified in the
coming weeks. Intel recommends end users and systems administrators check with
their OEM and system software vendors and apply any available updates as soon
as practical." [1]
REFERENCES
[1] Q2 2018 Speculative Execution Side Channel Update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWwNl5Yx+lLeg9Ub1AQhTgw/8DGXRdu39MWJKiN8lh+76Zc+ouQKiaTpt
uSUfv5biUUCH3kGN5/qGLzHth6nL/rHUE+uwwS0hQQ+lPzoTtgbUp/qAX+G+Jly/
THcWY7JOndGjvVBXafQEigbINRfkZAXZN9VbWDpBxKw1BaNWQPzIKeKDZjCHXcWU
6MFviOM1BYmdEPRdGnFOloofZL12zgMJ4qOf2BUy+iIYe+FeUvlQqbFDwzpYkVAM
dFTC/nLB1mCvFNC8YMUjm2KUZKSN+DpDBEx/d1RNCzZ+rzh/S9v4uA5L4YGmKHkW
mv1wt1vWDtKd16B1RB4vZ/VyaYR9w/oTkwYtFUFfU829SdA9FA8lDUWqyrATth4X
qiAvIB/hKDn084OPoru6OMoMC78AyTc81PkOkx2UM2aqPQDVrKxApAUa261jxJKS
QSl035znjOo/xL9bi8VB36DuRRgU+Ca1m/ijZUGPR1AzHmv9b3B2u4qGa/1XAF8W
QeYzgp/gVokHYdhqv+T468TQYQY0EcEK/uSMHPs72SG08Us5C9w6sZeUl5ofbA20
AhY/qHwgpsVA6jNrahF6vEaqJBGHzrTX7OVOFU8UHVIhJhqTpv8RJr/qioqDDtRQ
suxAGvBuh+OD9NmTlGR1lG4QwhDJ11Q1x0BhZUUULYhqhRogGwL9IVi9HOB/+pFb
iA5yaFK5Jsc=
=3So6
-----END PGP SIGNATURE-----