漏洞信息详情

CPU硬件和Operating system 信息泄露漏洞

漏洞简介

CPU hardware是一套运行在CPU(中央处理器)中用于管理和控制CPU的固件。Operating system是一套用于管理和控制计算机硬件与软件资源的计算机程序。

CPU硬件和Operating system中存在安全漏洞,该漏洞源于处理器数据边界机制中存在缺陷。本地攻击者可通过滥用‘错误推测执行’利用该漏洞读取内存信息。以下厂商的CUP硬件和操作系统受到影响:Apple;Google;Intel;Linux Kernel;Microsoft;Mozilla。(AMD和ARM尚未确定)

漏洞公告

目前部分厂商已提供了该漏洞的解决方案,详情请关注厂商安全公告:

Intel:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Amazon:

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

ARM:

https://developer.arm.com/support/security-update

Google:

https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html

https://www.chromium.org/Home/chromium-security/ssca

Red Hat:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Xen:

http://xenbits.xen.org/xsa/advisory-254.html

Mozilla:

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

VMware:

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

AMD:

https://www.amd.com/en/corporate/speculative-execution

Linux Kernel:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf

参考网址

来源:www.kb.cert.org

链接:https://www.kb.cert.org/vuls/id/584653

来源:googleprojectzero.blogspot.com

链接:https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

来源:CONFIRM

链接:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

漏洞信息快速查询

相关漏洞

更多