Safety Instructions for Spectre-NG (Spectre Next Generation)

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

As of 03.05.2018, information on further security vulnerabilities in Intel processors was published. In this article you will find information about the security vulnerabilities known as Spectre-NG and how to secure systems.

We will update this article as soon as new information becomes available.

Further information

Several of the newly discovered vulnerabilities are classified as high risk. Further details can be found in the linked Intel Security Advisories and CVEs.

Known vulnerabilities (as of 14.08.2018):

Affected CPUs

Information about the affected CPUs can be found in the Intel Security Advisories (INTEL-SA-00***) linked above. AMD has published information and protective measures for Spectre V4 (Speculative Store Bypass). AMD processors are currently not vulnerable to the Spectre V3a vulnerability.[1]

Problem solving

To fix the vulnerabilities, both operating system updates and Intel microcode updates are required. The new patches are rolled out in multiple waves. Manufacturers have announced security updates and have already made them available for some motherboards.[2][3]

Affected systems from Thomas-Krenn

The article BIOS security updates shows the status of the available UEFI firmware/BIOS security updates for mainboards from Thomas-Krenn.

Further information

References

  1. AMD Processor Security [...] We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date. [...] (amd.com, 21.05.2018)
  2. Security Vulnerabilities Regarding Side Channel Speculative Execution and Indirect Branch Prediction Information Disclosure (www.supermicro.com)
  3. ASUS to provide CPU microcode updates addressing potential security vulnerabilities for speculative execution side-channel analysis methods (asus.com, 21.05.2018)

Changelog

  • Version 1.0, 03.05.2018: Initial version with first information based on the articles of heise.de.
  • Version 1.1, 04.05.2018: Intel statement on additional security issues added.
  • Version 1.2, 07.05.2018: Coordinated publication postponed, currently planned for 21 May 2018, postponement until 10 July 2018 possible.
  • Version 1.3, 22.05.2018: Published information about CVE-2018-3639 and CVE-2018-3640 added.
  • Version 1.4, 15.06.2018: Published information about CVE-2018-3665 added.
  • Version 1.5, 10.07.2018: Added information about BIOS updates, link to an article with a tabular list of all motherboards.
  • Version 1.6, 11.07.2018: Information about Spectre V1 supplement - Bounds Check Bypass Store added.
  • Version 1.7, 16.08.2018: Information about Foreshadow L1 Terminal Fault added (INTEL-SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646), more references to external sources.


Foto Thomas Niedermeier.jpg

Author: Thomas Niedermeier

Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.


Foto Werner Fischer.jpg

Author: Werner Fischer

Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.


Related articles

Intel ARK Product Database
INTEL-SA-00087 Safety Instructions for Intel SPI Flash
Safety instructions for Meltdown and Spectre