漏洞信息详情

Intel和ARM CPU芯片信息泄露漏洞

漏洞简介

ARM Cortex-A75是英国ARM公司的一款CPU(中央处理器)产品。Intel Xeon E5-1650等都是美国英特尔(Intel)公司的CPU(中央处理器)产品。

Intel和ARM CPU芯片存在信息泄露漏洞,该漏洞源于处理器数据边界机制中存在缺陷。本地攻击者可通过滥用‘错误推测执行’利用该漏洞读取读取内存信息。以下产品和版本受到影响:ARM Cortex-A75;Intel Xeon E5-1650 v3,v2,v4版本;Xeon E3-1265l v2,v3,v4版本;Xeon E3-1245 v2,v3,v5,v6版本;Xeon X7542等

漏洞公告

目前部分厂商已提供了该漏洞的解决方案,详情请关注厂商安全公告:

Intel:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Amazon:

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

ARM:

https://developer.arm.com/support/security-update

Google:

https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html

https://www.chromium.org/Home/chromium-security/ssca

Red Hat:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Xen:

http://xenbits.xen.org/xsa/advisory-254.html

Mozilla:

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

VMware:

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

AMD:

https://www.amd.com/en/corporate/speculative-execution

Linux Kernel:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf

参考网址

来源:www.kb.cert.org

链接:https://www.kb.cert.org/vuls/id/584653

来源:googleprojectzero.blogspot.com

链接:https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

来源:CONFIRM

链接:https://01.org/security/advisories/intel-oss-10003

漏洞信息快速查询

相关漏洞

更多