安全研究

安全漏洞
多个CPU硬件信息泄露漏洞(CVE-2018-3639)

发布日期:2018-05-21
更新日期:2018-05-24

受影响系统:
Intel Corporation Xeon CPU
Intel Corporation Atom Processor
Intel Pentium Processor
Intel Celeron Processor
描述:
BUGTRAQ  ID: 104232
CVE(CAN) ID: CVE-2018-3639

CPU hardware是运行在中央处理器中用于管理和控制CPU的固件。

系统中微处理器若利用推测执行,且在当前内存写队列完成之前,执行推测内存读,则实现中存在安全漏洞,可使本地攻击者通过旁道分析,利用该漏洞读取内存信息。包括IBM、Microsoft、Dell、Cisco、AMD、RedHat等多家厂商系统受到影响。

<*来源:vendor
  
  链接:https://www.kb.cert.org/vuls/id/180049
*>

建议:
厂商补丁:

Intel
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://security-center.intel.com/

参考信息:
MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
CONFIRM:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
CONFIRM:http://support.lenovo.com/us/en/solutions/LEN-22133
CONFIRM:http://xenbits.xen.org/xsa/advisory-263.html
CONFIRM:https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
CONFIRM:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
CONFIRM:https://support.citrix.com/article/CTX235225
CONFIRM:https://security.netapp.com/advisory/ntap-20180521-0001/
CONFIRM:https://www.synology.com/support/security/Synology_SA_18_23
CISCO:20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
REDHAT:RHSA-2018:1630
URL:https://access.redhat.com/errata/RHSA-2018:1630
REDHAT:RHSA-2018:1647
URL:https://access.redhat.com/errata/RHSA-2018:1647
REDHAT:RHSA-2018:1655
URL:https://access.redhat.com/errata/RHSA-2018:1655
REDHAT:RHSA-2018:1660
URL:https://access.redhat.com/errata/RHSA-2018:1660
REDHAT:RHSA-2018:1629
URL:https://access.redhat.com/errata/RHSA-2018:1629
REDHAT:RHSA-2018:1632
URL:https://access.redhat.com/errata/RHSA-2018:1632
REDHAT:RHSA-2018:1633
URL:https://access.redhat.com/errata/RHSA-2018:1633
REDHAT:RHSA-2018:1635
URL:https://access.redhat.com/errata/RHSA-2018:1635
REDHAT:RHSA-2018:1636
URL:https://access.redhat.com/errata/RHSA-2018:1636
REDHAT:RHSA-2018:1642
URL:https://access.redhat.com/errata/RHSA-2018:1642
REDHAT:RHSA-2018:1643
URL:https://access.redhat.com/errata/RHSA-2018:1643
REDHAT:RHSA-2018:1644
URL:https://access.redhat.com/errata/RHSA-2018:1644
REDHAT:RHSA-2018:1645
URL:https://access.redhat.com/errata/RHSA-2018:1645
REDHAT:RHSA-2018:1646
URL:https://access.redhat.com/errata/RHSA-2018:1646
REDHAT:RHSA-2018:1648
URL:https://access.redhat.com/errata/RHSA-2018:1648
REDHAT:RHSA-2018:1649
URL:https://access.redhat.com/errata/RHSA-2018:1649
REDHAT:RHSA-2018:1650
URL:https://access.redhat.com/errata/RHSA-2018:1650
REDHAT:RHSA-2018:1651
URL:https://access.redhat.com/errata/RHSA-2018:1651
REDHAT:RHSA-2018:1652
URL:https://access.redhat.com/errata/RHSA-2018:1652
REDHAT:RHSA-2018:1653
URL:https://access.redhat.com/errata/RHSA-2018:1653
REDHAT:RHSA-2018:1654
URL:https://access.redhat.com/errata/RHSA-2018:1654
REDHAT:RHSA-2018:1656
URL:https://access.redhat.com/errata/RHSA-2018:1656
REDHAT:RHSA-2018:1657
URL:https://access.redhat.com/errata/RHSA-2018:1657
REDHAT:RHSA-2018:1658
URL:https://access.redhat.com/errata/RHSA-2018:1658
REDHAT:RHSA-2018:1659
URL:https://access.redhat.com/errata/RHSA-2018:1659
REDHAT:RHSA-2018:1661
URL:https://access.redhat.com/errata/RHSA-2018:1661
REDHAT:RHSA-2018:1662
URL:https://access.redhat.com/errata/RHSA-2018:1662
REDHAT:RHSA-2018:1663
URL:https://access.redhat.com/errata/RHSA-2018:1663
REDHAT:RHSA-2018:1664
URL:https://access.redhat.com/errata/RHSA-2018:1664
REDHAT:RHSA-2018:1665
URL:https://access.redhat.com/errata/RHSA-2018:1665
REDHAT:RHSA-2018:1666
URL:https://access.redhat.com/errata/RHSA-2018:1666
REDHAT:RHSA-2018:1667
URL:https://access.redhat.com/errata/RHSA-2018:1667
REDHAT:RHSA-2018:1668
URL:https://access.redhat.com/errata/RHSA-2018:1668
REDHAT:RHSA-2018:1669
URL:https://access.redhat.com/errata/RHSA-2018:1669
REDHAT:RHSA-2018:1674
URL:https://access.redhat.com/errata/RHSA-2018:1674
REDHAT:RHSA-2018:1675
URL:https://access.redhat.com/errata/RHSA-2018:1675
REDHAT:RHSA-2018:1676
URL:https://access.redhat.com/errata/RHSA-2018:1676
REDHAT:RHSA-2018:1686
URL:https://access.redhat.com/errata/RHSA-2018:1686
REDHAT:RHSA-2018:1688
URL:https://access.redhat.com/errata/RHSA-2018:1688
REDHAT:RHSA-2018:1689
URL:https://access.redhat.com/errata/RHSA-2018:1689
REDHAT:RHSA-2018:1690
URL:https://access.redhat.com/errata/RHSA-2018:1690
UBUNTU:USN-3651-1
URL:https://usn.ubuntu.com/3651-1/
UBUNTU:USN-3652-1
URL:https://usn.ubuntu.com/3652-1/
UBUNTU:USN-3653-1
URL:https://usn.ubuntu.com/3653-1/
UBUNTU:USN-3653-2
URL:https://usn.ubuntu.com/3653-2/
UBUNTU:USN-3654-1
URL:https://usn.ubuntu.com/3654-1/
UBUNTU:USN-3654-2
URL:https://usn.ubuntu.com/3654-2/
UBUNTU:USN-3655-2
URL:https://usn.ubuntu.com/3655-2/
CERT:TA18-141A
URL:https://www.us-cert.gov/ncas/alerts/TA18-141A
CERT-VN:VU#180049
URL:https://www.kb.cert.org/vuls/id/180049
BID:104232
URL:http://www.securityfocus.com/bid/104232
SECTRACK:1040949
URL:http://www.securitytracker.com/id/1040949

浏览次数:2991
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客