BSA-2018-612

Brocade Security Advisory ID

BSA-2018-612

Initial Publication Date

05/21/2018

Last Updated

05/21/2018

Revision

1.0: Final

Risk Impact

Medium

Workaround

Yes

Component

HW:CPU

Affected CVE

CVE-2018-3640

CVSS Score

2.8

Summary

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may return a speculative register value that is then used in subsequent speculative load instructions. These subsequence speculative loads cause allocations into the cache that may allow a sequence of speculative loads to be used to perform timing side-channel attacks. An attacker with local user access may be able to use timing side-channel analysis to determinethe values stored in system registers.

Affected Products

No Brocade Fibre Channel technologyproducts from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to Rogue System RegisterRead (RSRE) –also known as "Variant3a".However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Revision History

Version Change Date
1.0 Initial Publication May 21, 2018

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.