BSA-2018-611

Brocade Security Advisory ID

BSA-2018-611

Initial Publication Date

05/21/2018

Last Updated

05/21/2018

Revision

1.0: Final

Risk Impact

Medium

Workaround

Yes

Component

HW:CPU

Affected CVE

CVE-2018-3639

CVSS Score

5.6

Summary

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks. In particular, if an attacker has control of a previously cached value, or the first store and load instructions are accesses onto the stack, an attacker may be able to control future speculative execution and access arbitrary privileged data by using less privileged code with timing side-channel analysis.An attacker with local user access may be able to read arbitrary privileged data or system register values by utilizing cache timing side-channel analysis.

Affected Products

No Brocade Fibre Channel technologyproducts from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to Speculative Store Bypass (SSB) –also known as "Variant 4". However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Revision History

Version Change Date
1.0 Initial Publication May 21, 2018

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.