Follow

Info: Speculative execution side-channel attacks (Meltdown & Spectre)

Applies To:

Most modern processors and operating systems.

Summary:

Venafi has investigated the impact of a newly disclosed class of vulnerabilities, called “speculative execution side-channel attacks” and that affect most modern processors and operating systems. These vulnerabilities are referred to as Meltdown and Spectre.

Spectre attack:

  • CVE-2017-5753
  • CVE-2017-5715

Meltdown attack:

  • CVE-2017-5754

Impact

  • Information Disclosure
  • Privilege Escalation

Mitigation

These vulnerabilities require operating system updates to address. We recommend updating OS, Firmware, and, if Venafi Trust Protection Platform is hosted in a virtual machine, your virtualization software, as soon as updates are made available.

More Info:

To exploit these vulnerabilities, an attacker must be able to run specially crafted code on an affected system. Although the CPU and operating systems underlying Venafi Trust Protection Platform (VTPP) and Venafi Agent may be affected by these vulnerabilities, VTPP and Venafi Agent are not designed to permit arbitrary code or scripts in user space under regular conditions, and thus are not themselves vulnerable. No vector to exploit the vulnerabilities is provided.

 

Customers running custom drivers or extensions are advised to only run customized code from trusted providers.

 

 

Was this article helpful?
1 out of 1 found this helpful

Comments