CVE-2018-3639 – Speculative Store Bypass (SSB) / CVE-2018-3640 – Rogue System Register Read (RSRE)

[l2dy]

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 https://access.redhat.com/security/vulnerabilities/ssbd

Red Hat has been made aware of a vulnerability that exists in modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and a microcode update. An unprivileged attacker can use this flaw to bypass restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. This issue has been assigned CVE-2018-3639 and is also referred to as “Variant 4” or “Speculative Store Bypass”. This issue is known to affect CPUs of various microarchitectures from: AMD, ARM, IBM POWER8, POWER9, and SystemZ series, and Intel processors. All currently supported versions of Red Hat Enterprise Linux, Red Hat OpenShift, Red Hat Virtualization, and Red Hat OpenStack Platform are affected.

A malicious, unprivileged user could use this flaw to read privileged system memory and/or memory outside of a sandboxed environment like a web-browser or JIT execution run times.

To fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers, but at a future time Red Hat will release the tested and signed updates as we receive them.

This issue was disclosed to the public May 21, 2018.

• [x] Linux Kernels (linux-kernel, linux-kernel-lts, linux-kernel-libre)
• [x] Qemu
• [x] LibVirt
• [x] Intel Microcode
• [x] OpenJDK, Java SE

[l2dy]

According to https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html, there's also CVE-2018-3640, but no fix observed for that yet.

[MingcongBai]

Edited original comment to include progress indicator.

[liushuyu]

Any progress update?

[l2dy]

Cross-References: LSN-2018-0005

[MingcongBai]

Fix commits (so far) as follows:

• Qemu: https://github.com/AOSC-Dev/aosc-os-abbs/commit/50014281698619e201f9f7994b67ab0e16b48b3c
• Linux Kernel LTS: https://github.com/AOSC-Dev/aosc-os-abbs/commit/1e3e1344735da1ef5bf2e13975c8d4450b699747
• Linux Kernel Libre: https://github.com/AOSC-Dev/aosc-os-abbs/commit/026ab4d4aaf90539f8b47c321f6c4c6bfc923003, https://github.com/AOSC-Dev/aosc-os-abbs/commit/47ce450158124be69a2a06b3c0cb873cd2edaeb9, https://github.com/AOSC-Dev/aosc-os-abbs/commit/ec8b1e58772753e769dc9be3a6a14b3eb9416d15, https://github.com/AOSC-Dev/aosc-os-abbs/commit/ca1c9a3cd8109fcb9dc4df7c0a1bb4b7c6bb4eb2, and https://github.com/AOSC-Dev/aosc-os-abbs/commit/40532654cad8f3e0bf45823f4afdacd34f985858

[l2dy]

Use AOSA-2018-0287 for qemu. Use AOSA-2018-0288 for linux-kernel-lts. Use AOSA-2018-0289 for linux-kernel-libre.

[l2dy]

intel-ucode: security update to 20180703

https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File

[MingcongBai]

AOSA for Intel Ucode please.

[l2dy]

Use AOSA-2018-0305 for intel-ucode.

[l2dy]

Note that the Intel microcode update fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4).

[l2dy]

Cross-References: LSN-2018-0005

Note that LSN-2018-0005 is from libvirt.

[MingcongBai]

LibVirt addressed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/eeb94397d586cdda952544f3196ba2b4ad009373.

[l2dy]

Use AOSA-2018-0347 for libvirt.

[MingcongBai]

@liushuyu Could you report back with the Java SE/JDK issue?

[MingcongBai]

All issues should have been fixed with the newest packages in Stable. Closing.