BSA-2018-601

Brocade Security Advisory ID

BSA-2018-601

Initial Publication Date

05/08/2018

Last Updated

05/08/2018

Revision

1.0: Final

Risk Impact

Medium

Workaround

No

Component

Kernel

Affected CVE

CVE-2018-8897

CVSS Score

6.5

Summary

In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS... More details can be found in the researcher's paper.

An authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions.

Affected Products

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to POP SS/MOV SS Vulnerability. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Revision History

Version Change Date
1.0 Initial Publication May 8, 2018

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.