Summary

Security Advisory ID : BSA-2018-611

Component : HW:CPU

Revision : 1.0: Final

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks. In particular, if an attacker has control of a previously cached value, or the first store and load instructions are accesses onto the stack, an attacker may be able to control future speculative execution and access arbitrary privileged data by using less privileged code with timing side-channel analysis.An attacker with local user access may be able to read arbitrary privileged data or system register values by utilizing cache timing side-channel analysis.

Affected Products

No Brocade Fibre Channel technologyproducts from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to Speculative Store Bypass (SSB) –also known as "Variant 4". However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Revision History