Unauthorized Memory Disclosure through CPU
Side-Channel Attacks ("Meltdown" and "Spectre")
Overview
Vulnerabilities exist in multiple modern CPU architectures that could permit an attacker to read the contents of memory. GX products are not affected but the operating system it runs on can be.
Affected GX Software products
None
Details
Full details of the "Meltdown" and "Spectre" vulnerabilities can be found at the following URLs:
https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
GX products are software products running on various CPU architectures which might be affected by the vulnerabilities. However, GX products only allow authenticated users to add additional code to the platform. To exploit specified vulnerability, an attacker would require that ability. Achieving code execution would require the presence of second, unrelated vulnerability or other software on the system which allows not authenticated users to add their own code to the system. It is likely that such a vulnerability would already allow compromise of the system without the need for further exploits.
Resolution
To reduce the risks of exploitation of these vulnerabilities, updating the operating systems is strongly advised. Take into account that the current patches provided by Microsoft and the various Linux distributions are reporting a performance penalty after the patch installation. For GX Cloud customers the OS patches will automatically be installed within the nearest update windows. The platform of the GX Cloud environment is already up to date. Full details about this can be found at the following URL:
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Comments
0 comments
Article is closed for comments.