TA18-141A: Side-Channel Vulnerability Variants 3a and 4

["US-CERT" <US-CERT () ncas us-cert gov>]

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



TA18-141A: Side-Channel Vulnerability Variants 3a and 4 [ https://www.us-cert.gov/ncas/alerts/TA18-141A ] 05/21/2018 
04:54 PM EDT 
Original release date: May 21, 2018

Systems Affected

CPU hardware implementations

Overview

On May 21, 2018, new variantsknown as Spectre 3A and 4of the side-channel central processing unit (CPU) hardware 
vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information 
on affected systems.

Description

CPU hardware implementations known as Spectre and Meltdown [ https://www.us-cert.gov/ncas/alerts/TA18-004A ]are 
vulnerable to side-channel attacks. Meltdown is a bug that "melts" the security boundaries normally enforced by the 
hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a 
CPU to reveal its data.

Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system 
parameters via side-channel analysis and obtain sensitive information.

Spectre Variant 4 is a vulnerability that exploits speculative bypass. When exploited, Variant 4 could allow an 
attacker to read older memory values in a CPUs stack or other memory locations. While implementation is complex, this 
side-channel vulnerability could allow less privileged code to


  * Read arbitrary privileged data; and 
  * Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard 
side-channel methods. 

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:


  * Variant 1: Bounds Check Bypass  CVE-2017-5753 
  * Variant 2: Branch Target Injection  CVE-2017-5715 
  * Variant 3: Rogue Data Cache Load  CVE-2017-5754 
  * Variant 3a: Rogue System Register Read  CVE-2018-3640  
  * Variant 4: Speculative Store Bypass  CVE-2018-3639 

Impact

Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on 
affected systems.

Solution

*Mitigation*

NCCIC recommends users and administrators


  * Refer to their hardware and software vendors for patches or microcode, 
  * Use a test environment to verify each patch before implementing, and 
  * Ensure that performance is monitored for critical applications and services. 
  * Consult with vendors and service providers to mitigate any degradation effects, if possible. 
  * Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system 
patching and mandatory rebooting, if applicable. 

References

  * Google Project Zero Blog [ https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 ] 
  * Bounds Check Bypass  CVE-2017-5753 
  * Branch Target Injection  CVE-2017-5715 
  * Rogue Data Cache Load  CVE-2017-5754 
  * Rogue System Register Read  CVE-2018-3640 
  * Speculative Store Bypass  CVE-2018-3639 
  * TA18-004A  Meltdown and Spectre Side-Channel Vulnerability Guidance [ https://www.us-cert.gov/ncas/alerts/TA18-004A 
] 

Revision History

  * May 21, 2018: Initial version 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]