BSA-2018-611
Summary
Security Advisory ID : BSA-2018-611
Component : HW:CPU
Revision : 1.0: Final
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks. In particular, if an attacker has control of a previously cached value, or the first store and load instructions are accesses onto the stack, an attacker may be able to control future speculative execution and access arbitrary privileged data by using less privileged code with timing side-channel analysis.An attacker with local user access may be able to read arbitrary privileged data or system register values by utilizing cache timing side-channel analysis.
Affected Products
No Brocade Fibre Channel technologyproducts from Broadcom are currently known to be affected by this vulnerability.
Note
Brocade Manageability products are not vulnerable to Speculative Store Bypass (SSB) –also known as "Variant 4". However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 21, 2018 |