Applies To:
Most modern processors and operating systems.
Summary:
Venafi has investigated the impact of a newly disclosed class of vulnerabilities, called “speculative execution side-channel attacks” and that affect most modern processors and operating systems. These vulnerabilities are referred to as Meltdown and Spectre.
Spectre attack:
- CVE-2017-5753
- CVE-2017-5715
Meltdown attack:
- CVE-2017-5754
Impact
- Information Disclosure
- Privilege Escalation
Mitigation
These vulnerabilities require operating system updates to address. We recommend updating OS, Firmware, and, if Venafi Trust Protection Platform is hosted in a virtual machine, your virtualization software, as soon as updates are made available.
More Info:
To exploit these vulnerabilities, an attacker must be able to run specially crafted code on an affected system. Although the CPU and operating systems underlying Venafi Trust Protection Platform (VTPP) and Venafi Agent may be affected by these vulnerabilities, VTPP and Venafi Agent are not designed to permit arbitrary code or scripts in user space under regular conditions, and thus are not themselves vulnerable. No vector to exploit the vulnerabilities is provided.
Customers running custom drivers or extensions are advised to only run customized code from trusted providers.
Comments