CPU-Sicherheitslücken Spectre-NG: Updates und Info-Links
Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick.
Am 21. Mai haben Intel, Microsoft, Google Project Zero (GPZ), Red Hat und andere Firmen erste Updates und Informationen zu den Sicherheitslücken Spectre V3a (CVE-2018-3640, Rogue System Register Read, RSRE) und Spectre V4 (CVE-2018-3639, Speculative Store Bypass, SSB) bereitgestellt. Hier sammeln wir Links zu solchen Seiten.
Unter der Bezeichnung Spectre Next Generation (Spectre-NG) wurden Anfang Mai acht neue Sicherheitslücken in Prozessoren von Intel, AMD, ARM und IBM bekannt. Damals lagen c't und heise Security exklusive Informationen dazu vor. Am 21. Mai erschienen die ersten offiziellen Informationen zu Spectre V3a und Spectre V4 [1].
Für Spectre V1, V2 und Meltdown (GPZ V3) verweisen wir auf die ältere Berichterstattung auf c't.de und heise online. Zu drei weiteren Spectre-NG-Lücken sind derzeit keine weiteren Informationen bekannt.
| Die CPU-Sicherheitslücken Meltdown und Spectre | ||
| (Google-)Name | Kurzbezeichnung | CVE-Nummer |
| Spectre V1 | Bounds Check Bypass | CVE-2017-5753 |
| Spectre V1.1 | Bounds Check Bypass Store | CVE-2018-3693 |
| Spectre V1.2 | Read-only Protection Bypass | k.A. |
| Spectre V2 | Branch Target Injection (BTI) | CVE-2017-5715 |
| Meltdown (GPZ V3) | Rogue Data Cache Load | CVE-2017-5754 |
| Spectre-NG: | ||
| Spectre V3a | Rogue System Register Read (RSRE) | CVE-2018-3640 |
| Spectre V4 | Speculative Store Bypass (SSB) | CVE-2018-3639 |
| k.A. | Lazy FP State Restore | CVE-2018-3665 |
| k.A. | Foreshadow (L1 Terminal Fault - SGX) | CVE-2018-3615 |
| k.A. | L1 Terminal Fault - OS Kernel, SMM | CVE-2018-3620 |
| k.A. | L1 Terminal Fault - Virtual Machines | CVE-2018-3646 |
| Spectre-Varianten via Return Stack Buffer (RSB) | ||
| "Spectre v5" | ret2spec [3] | k.A. |
| k.A. | SpectreRSB | k.A. |
| sonstige | ||
| k.A. | BranchScope | CVE-2018-9056 |
| k.A. | SGXPectre [4] | k.A. |
| k.A. | NetSpectre [5] | k.A. |
| zu drei weiteren Spectre-NG-Lücken fehlen noch Informationen | ||
| GPZ steht für Google Project Zero, Spectre V1 und V2 werden auch GPZ V1 und GPZ V2 genannt | ||
Hier nun die Info- und Update-Seiten der Hersteller:
Amazon Cloud (AWS)
L1 Terminal Fault Speculative Execution Issue [10]
AMD
“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms [11]
Arch Linux
FS#58700 - [linux][linux-firmware][libvirt][qemu][intel-ucode] CVE-2018-3639 CVE-2018-3640 [12]
ARM
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism [13]
Bundesamt für Sicherheit in der Informationstechnik (BSI)
Spectre-NG: Weitere Sicherheitslücken in Prozessoren [14]
CERT (US-CERT)
Vulnerability Note VU#180049 [15]
Intel Side-Channel L1TF Vulnerability [17]
Vulnerability Note VU#982149 [18]
CERT-Bund
Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen [19]
Check Point
Cisco
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018 [22]
Cisco-Produkte offenbar nicht anfällig für CPU-Lücken Foreshadow/L1TF [23]
Citrix
Citrix XenServer Security Update for CVE-2018-3639 [24]
Cyberus Technology
Intel LazyFP vulnerability: Exploiting lazy FPU state switching [25]
Debian
Dell
Dell EMC
DragonFlyBSD
Kernel - Additional cpu bug hardening part 1/2 [31]
F5 Networks
K70675920: August 2018 Intel security vulnerability announcement [32]
Fedora
Bug 1580713 - CVE-2018-3639 kernel: hw: cpu: speculative store bypass [fedora-all] [33]
FreeBSD
SpeculativeExecutionVulnerabilities [35]
Fujitsu (Japan)
CVE-2018-3639, CVE-2018-3640 [37]
Google Cloud
Protecting against the new “L1TF” speculative vulnerabilities [38]
Google Chromium
speculative execution, variant 4: speculative store bypass [39]
HPE
Huawei
Security Notice -Statement on the Side-Channel Vulnerability Variants 3a and 4 [42]
Security Advisory - CPU Side Channel Vulnerability "L1TF" [43]
IBM
Potential Impact on Processors in the POWER Family [44]
Intel
Intel-SA-00115: Q2 2018 Speculative Execution Side Channel Update [45]
Blog: Addressing New Research for Side-Channel Analysis [46]
Intel-SA-00145: Lazy FP state restore [47]
Intel-SA-00161: L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, L1 Terminal Fault: VMM [48]
Linux Kernel
4.17 post-rc6 – Merge speculative store buffer bypass fixes from Thomas Gleixner [49]; die wesentlichen der in diesem Merge enthaltenen Spectre-v4-Korrekturen für x86-Systeme sind auch in Linux 4.16.11 [50], 4.14.43 [51] und 4.9.102 [52] eingeflossen.
4.17 post-rc6 – powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit [53]
4.18 pre-rc1 – ARM64: ssbd: Add global mitigation state accessor [54], ssbd: Introduce thread flag to control userspace mitigation [55], ssbd: Skip apply_ssbd if not using dynamic mitigation [56], arm64: ssbd: Add prctl interface for per-thread mitigation [57] & Add 'ssbd' command-line option [58]
4.18 pre-rc1 – x86/bugs: Add AMD's SPEC_CTRL MSR usage [59] & x86/bugs: Add AMD's variant of SSB_NO [60]
4.10 pre-rc1 – x86/fpu: Default eagerfpu=on on all CPUs [61]
x86/bugs: protect against userspace-userspace spectreRSB [62]
Kernel und Distributionen schützen vor Prozessorlücke Foreshadow/L1TF [63]
Microsoft
Analysis and mitigation of speculative store bypass (CVE-2018-3639) [64]
ADV180012: Microsoft Guidance for Speculative Store Bypass [65]
ADV180013: Microsoft Guidance for Rogue System Register Read [66]
ADV180016: Microsoft Guidance for Lazy FP State Restore [67]
Surface devices and the new speculative execution side-channel vulnerabilities (May 2018) [68]
ADV180018 | Microsoft Guidance to mitigate L1TF variant [70]
MITRE
Lenovo
Speculative Execution Side Channel Variants 4 and 3a [77]
Lenovo Security Advisory: LEN-24163, L1 Terminal Fault Side Channel Vulnerabilities [78]
NetApp
Speculative Execution Side Channel Vulnerabilities in NetApp Products [79]
Intel SA-00161 L1 Terminal Fault Vulnerabilities in NetApp Products [80]
NIST
OpenBSD
OpenBSD schaltet Hyper-Threading ab [82]
Oracle
Processor vulnerabilities CVE-2018-3640 (“Spectre v3a”) and CVE-2018-3639 (“Spectre v4”) [84]
QEMU
Speculative store buffer bypass mitigation [85]
Quanta QCT
Meltdown and Spectre Vulnerabilities [86]
New security vulnerabilities, CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646 [87]
Red Hat
Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 [88]
Bug 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass [89]
Bug 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore [90]
L1TF - L1 Terminal Fault Attack - CVE-2018-3620 & CVE-2018-3646 [91]
Suse
SUSE Addresses Spectre Variant 4 [92]
SUSE addresses the “L1 Terminal Fault” issue [93]
Synology
Synology-SA-18:23 Speculative Store Bypass [94]
Synology-SA-18:45 L1 Terminal Fault [95]
Thomas-Krenn
Sicherheitshinweise zu Spectre-NG [96]
Ubuntu
USN-3654-1: Linux kernel vulnerabilities [98]
VMware
VMware Performance Impact for CVE-2018-3639 and CVE-2018-3640 (55210) [101]
Wiwynn
Xen
Xen Security Advisory CVE-2018-3639 / XSA-263 [104]
Xen Security Advisory XSA-267: CVE-2018-3665 [105]
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externes Video (Kaltura Inc.) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Kaltura Inc.) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung [106].
URL dieses Artikels:
https://www.heise.de/-4053268
Links in diesem Artikel:
[1] https://www.heise.de/news/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html
[2] https://www.heise.de/news/Spectre-NG-Foreshadow-gefaehrdet-Intel-Prozessoren-4137209.html
[3] https://www.heise.de/news/CPU-Luecken-ret2spec-und-SpectreRSB-entdeckt-4119197.html
[4] https://www.heise.de/news/Spectre-Attacken-auch-auf-Sicherheitsfunktion-Intel-SGX-moeglich-3983848.html
[5] https://www.heise.de/news/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html
[6] https://www.heise.de/hintergrund/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html
[7] https://www.heise.de/hintergrund/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
[8] https://www.heise.de/hintergrund/CPU-Sicherheitsluecken-Spectre-NG-Updates-und-Info-Links-4053268.html
[9] https://www.heise.de/meinung/Kommentar-Hallo-Intel-mein-Vertrauen-schwindet-4041485.html
[10] https://aws.amazon.com/security/security-bulletins/AWS-2018-019/
[11] https://www.amd.com/en/corporate/security-updates
[12] https://bugs.archlinux.org/task/58700
[13] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
[14] https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Spectre-NG_18052018.html
[15] https://www.kb.cert.org/vuls/id/180049
[16] https://www.us-cert.gov/ncas/alerts/TA18-141A
[17] https://www.us-cert.gov/ncas/current-activity/2018/08/14/Intel-Side-Channel-Vulnerability
[18] https://www.kb.cert.org/vuls/id/982149
[19] https://www.cert-bund.de/signed/advisoryshort/CB-K18-0682
[20] https://www.cert-bund.de/advisoryshort/CB-K18-0867
[21] https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122205
[22] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
[23] https://www.heise.de/news/Patches-Cisco-Produkte-offenbar-nicht-anfaellig-fuer-CPU-Luecken-Foreshadow-L1TF-4139080.html
[24] https://support.citrix.com/article/CTX235225
[25] http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html
[26] https://security-tracker.debian.org/tracker/CVE-2018-3639
[27] https://security-tracker.debian.org/tracker/CVE-2018-3640
[28] https://security-tracker.debian.org/tracker/CVE-2018-3665
[29] http://www.dell.com/support/article/de/de/debsdt1/sln309853/microprocessor-side-channel-vulnerabilities-cve-2018-3639-and-cve-2018-3640-impact-on-dell-pcs-and-thin-client-products?lang=en
[30] http://www.dell.com/support/article/de/de/debsdt1/sln309851/microprocessor-side-channel-vulnerabilities-cve-2018-3639-and-cve-2018-3640-impact-on-dell-emc-poweredge-servers-storage-sc-series-ps-series-and-powervault-md-series-and-networking-products?lang=en
[31] https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e5aace14a443f92cdfe7f6d36df9f7dc6f86b76b
[32] https://support.f5.com/csp/article/K70675920
[33] https://bugzilla.redhat.com/show_bug.cgi?id=1580713
[34] https://bodhi.fedoraproject.org/updates/FEDORA-2018-f8cba144ae
[35] https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities
[36] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:09.l1tf.asc
[37] http://www.fmworld.net/biz/common/info/201805sca/
[38] https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities
[39] https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
[40] https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=5222346&docLocale=en_US&docId=emr_na-a00047324en_us
[41] https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03874en_us
[42] http://www.huawei.com/en/psirt/security-notices/huawei-sn-20180522-01-cpu-en
[43] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
[44] https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
[45] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
[46] https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
[47] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
[48] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
[49] https://git.kernel.org/torvalds/c/3b78ce4a34b761c7fe13520de822984019ff1a8f
[50] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1696999.html
[51] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1696996.html
[52] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1696995.html
[53] https://git.kernel.org/torvalds/c/a048a07d7f4535baa4cbad6bc024f175317ab938
[54] https://git.kernel.org/torvalds/c/c32e1736ca03904c03de0e4459a673be194f56fd
[55] https://git.kernel.org/torvalds/c/9dd9614f5476687abbff8d4b12cd08ae70d7c2ad
[56] https://git.kernel.org/torvalds/c/986372c4367f46b34a3c0f6918d7fb95cbdf39d6
[57] https://git.kernel.org/torvalds/c/9cdc0108baa8ef87c76ed834619886a46bd70cbe
[58] https://git.kernel.org/torvalds/c/a43ae4dfe56a01f5b98ba0cb2f784b6a43bafcc6
[59] https://git.kernel.org/torvalds/c/6ac2f49edb1ef5446089c7c660017732886d62d6
[60] https://git.kernel.org/torvalds/c/24809860012e0130fbafe536709e08a22b3e959e
[61] https://git.kernel.org/torvalds/c/58122bf1d856a4ea9581d62a07c557d997d46a19
[62] http://lkml.iu.edu/hypermail/linux/kernel/1807.3/00872.html
[63] https://www.heise.de/news/Linux-Kernel-und-Distributionen-schuetzen-vor-Prozessorluecke-Foreshadow-L1TF-4137264.html
[64] https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
[65] https://portal.msrc.microsoft.com/de-de/security-guidance/advisory/ADV180012
[66] https://portal.msrc.microsoft.com/de-de/security-guidance/advisory/ADV180013
[67] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016
[68] https://blogs.technet.microsoft.com/surface/2018/05/22/surface-devices-and-the-new-speculative-execution-side-channel-vulnerabilities-may-2018/
[69] https://support.microsoft.com/de-de/help/4073757/protect-your-windows-devices-against-spectre-meltdown
[70] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
[71] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3615
[72] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3620
[73] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
[74] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
[75] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3646
[76] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665
[77] https://support.lenovo.com/de/en/solutions/len-22133
[78] https://support.lenovo.com/de/en/solutions/len-24163
[79] https://security.netapp.com/advisory/ntap-20180521-0001/
[80] https://security.netapp.com/advisory/ntap-20180815-0001/
[81] https://nvd.nist.gov/vuln/detail/CVE-2018-3639
[82] https://www.heise.de/news/Spectre-NG-Luecken-OpenBSD-schaltet-Hyper-Threading-ab-4087035.html
[83] https://linux.oracle.com/cve/CVE-2018-3639.html
[84] https://blogs.oracle.com/oraclesecurity/processor-vulnerabilities-cve-2018-3640-and-cve-2018-3639
[85] https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04799.html
[86] https://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00115
[87] https://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00161
[88] https://access.redhat.com/security/vulnerabilities/ssbd
[89] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-3639
[90] https://bugzilla.redhat.com/show_bug.cgi?id=1585011
[91] https://access.redhat.com/security/vulnerabilities/L1TF
[92] https://www.suse.com/c/suse-addresses-spectre-variant-4/
[93] https://www.suse.com/c/suse-addresses-the-l1-terminal-fault-issue/
[94] https://www.synology.com/en-global/support/security/Synology_SA_18_23
[95] https://www.synology.com/en-global/support/security/Synology_SA_18_45
[96] https://www.thomas-krenn.com/de/wiki/Sicherheitshinweise_zu_Spectre-NG_(Spectre_Next_Generation)
[97] https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3639.html
[98] https://usn.ubuntu.com/3654-1/
[99] https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3665.html
[100] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
[101] https://kb.vmware.com/s/article/55210
[102] https://www.vmware.com/security/advisories/VMSA-2018-0020.html
[103] http://www.wiwynn.com/english/company/newsinfo/2054
[104] http://xenbits.xen.org/xsa/advisory-263.html
[105] https://xenbits.xen.org/xsa/advisory-267.html
[106] https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html
[107] mailto:ciw@ct.de
[108] mailto:ciw@ct.de
Copyright © 2018 Heise Medien