Systems Affected
CPU hardware implementations
Overview
National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown (link is external) and Spectre (link is external)— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
Explanation:-
A series of major security vulnerabilities impacting nearly all Intel processors were recently discovered. Dubbed "Meltdown" and "Spectre", these issues could allow an unprivileged process access to kernel
memory. These are hardware-level vulnerabilities, with Intel CPUs being the most impacted, although there is some exposure in AMD-branded CPUs as well.
Description
CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by CERT/CC’s Vulnerability Note VU#584653, the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre, Google Project Zero (link is external), and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.
Impact
Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
Solution
NCCIC encourages users and administrators to refer to their OS vendors for the most recent information. However, the table provided below lists available advisories and patches. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.
After patching, performance may be diminished by up to 30 percent. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.
Additionally, impacts to availability in some cloud service providers (CSPs) have been reported as a result of patches to host OSes. Users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.
The following table contains links to advisories and patches published in response to the vulnerabilities.
MAC:-
Apple today confirmed that it has addressed the recent "Meltdown" vulnerability in previously released iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates, with additional fixes coming to Safari in the near future to defend against the "Spectre" vulnerability
Windows:-
To fix the issue in windows system, Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser
Check Windows Update and ensure KB4056892 is installed for Windows 10
Check your PC OEM website for support information and firmware updates and apply any immediately
Linux:-
Affected Linux Systems
Red Hat Enterprise Linux 5 (including clones such as CentOS/Oracle/Scientific Linux 5)
Red Hat Enterprise Linux 6 (including clones such as CentOS/Oracle/Scientific Linux 6)
Red Hat Enterprise Linux 7 (including clones such as CentOS/Oracle/Scientific Linux 7)
Debian Linux wheezy
Debian Linux jessie
Debian Linux stretch
Deiban Linux buster, sid
SUSE Linux Enterprise 11
SUSE Linux Enterprise 12
OpenSuse Linux based upon SUSE 12/11
Fedora Linux 26
Fedora Linux 27
Amazon Linux AMI (Bulletin ID: ALAS-2018-939)
To fix the vulnerability in linux update the kernal by using yum update.
#sudo yum update
No comments:
Post a Comment