MyCERT Advisories, Alerts and Summaries for the year 2018
MA-691.012018: MyCERT Alert - CPU Hardware Side-Channel Attacks Vulnerability
Date Published: 4/1/2018
MyCERT is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Malaysia National Cyber Security Agency (NACSA) has released an alert regarding this matter. Users may refer to the URL below for details:
CPU hardware implementations are vulnerable to side-channel attacks referred to as ‘Meltdown’ and ‘Spectre’. Both vulnerabilities take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These hardware flaws allow programs to steal data which is currently processed on the computer. The issues are organized into three (3) variants:
|1.||Variant 1||CVE-2017-5753||Bounds Check Bypass||Spectre|
|2.||Variant 2||CVE-2017-5715||Branch Target Injection||Spectre|
|3.||Variant 3||CVE-2017-5754||Rogue Data Cache Load||Meltdown|
Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory and bypassing KASLR.
4.0 Affected Products
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Users and administrators are encouraged to review the below URLs for more information and refer to CPU, OS & application vendors for necessary patches.
Generally, MyCERT advises users of this product to be updated with the latest security announcements made by the vendor and follow best practice security policies to determine which updates should be applied.
enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Handphone: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT