+++ UPDATE +++
SYSGO team members credited for discovery of Spectre variant
In a new Vulnerability Note (VU#180049) dated May 21, cert.org describes two new variants of the Spectre vulnerability. Variant 4 or Speculative Store Bypass (SSB) has been discovered by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) and is listed under CVE-2018-3639. Discovery of Variant 3a, Rogue System Register Read (RSRE) or CVE-2018-3640 is credited to Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO GmbH who reported it to Intel. Intel rates this problem as medium. Rogue System Register Read allows a local attacker to read certain CPU registers or arbitrary privileged data via cache timing side-channel analysis.
The discovery of the new vulnerability by SYSGO developers once again emphasizes the deep expertise and the dedication of the entire staff while they strive to offer customers much more than just reliable code. The appreciation by Intel for this discovery shows that SYSGO engineers are at the forefront of technology itself as well as of security. We at SYSGO will continue to have a holistic view of our customers' needs and requirements, keeping our software platforms safe, secure and certifiable.
Security Vulnerability Notice
SYSGO has been made aware by various chip vendors about latest vulnerability possibilities on hardware from Intel, AMD, ARM, and PowerPC, called "Spectre" and "Meltdown". While Spectre affects hardware from all vendors, Meltdown mainly affects Intel x86 architectures. These vulnerabilities can be used to allow programs access to data in the memory of other running programs or operating systems, e.g. passwords, messages or other personal data, or to read arbitrary locations from protected memory regions. Currently no publically known security attacks had been recorded.
There are three main variants of the exploits, as detailed by Google in their blogpost, that explain in detail the mechanisms:
- Variant 1, Spectre: bounds check bypass (CVE-2017-5753)
- Variant 2, Spectre: branch target injection (CVE-2017-5715)
- Variant 3, Meltdown: rogue data cache load (CVE-2017-5754)
Details of affected ARM processors can be found here:
Intel’s statement can be found here:
Since getting informed about these issues end of December 2017 SYSGO is working on a technical analysis checking the situation and preparing software patches where needed.
More details from our ELinOS team are available here.