CVE-2018-3639
現代のマイクロプロセッサーの設計でロードとストア命令 (一般的に使用されるパフォーマンス最適化) の投機的実行を実装する方法において、業界全体にわたる問題が発見されました。これは、権限を必要とするコード内における、正確に定義された命令シーケンスの存在と、最近メモリーが書き込こまれたアドレスから読み取られるメモリーが古い値を参照し、実際にはコミット (リタイア) されていない、投機的に実行された命令に関してマイクロプロセッサーのデータキャッシュを更新することに依存します。この結果、権限のない攻撃者はこの不具合を使用して対象とするキャッシュのサイドチャネル攻撃を実行することで、権限を必要とするメモリーを読み取ることが可能になります。
Find out more about CVE-2018-3639 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat セキュリティーレスポンスチームは、この問題を認識しています。更新は、利用可能になり次第リリースされます。追加情報については、Red Hat ナレッジベースの以下のアーティクルを参照してください。https://access.redhat.com/security/vulnerabilities/ssbd
CVSS v3 metrics
| CVSS3 Base Score | 5.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host) | RHSA-2018:1710 | 2018-05-23 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2018:1711 | 2018-05-23 |
| Red Hat Virtualization 4 (rhvm-setup-plugins) | RHSA-2018:1674 | 2018-05-22 |
| Red Hat OpenStack Platform 12.0 (qemu-kvm-rhev) | RHSA-2018:1643 | 2018-05-22 |
| Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2018:2001 | 2018-06-26 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (qemu-kvm) | RHSA-2018:1661 | 2018-05-22 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (qemu-kvm-rhev) | RHSA-2018:1686 | 2018-05-22 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (libvirt) | RHSA-2018:1668 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) | RHSA-2018:1737 | 2018-05-29 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2018:1642 | 2018-05-22 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2018:1655 | 2018-05-21 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2018:1654 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 7.2 (kernel) | RHSA-2018:1637 | 2018-05-29 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (qemu-kvm) | RHSA-2018:1656 | 2018-05-22 |
| Red Hat Enterprise Linux 7 (kernel-alt) | RHSA-2018:1967 | 2018-06-26 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (vdsm) | RHSA-2018:1675 | 2018-05-22 |
| Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2018:1650 | 2018-05-21 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:1965 | 2018-06-26 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2018:1651 | 2018-05-21 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (kernel) | RHSA-2018:1637 | 2018-05-29 |
| Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2018:1648 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (qemu-kvm) | RHSA-2018:1658 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (kernel) | RHSA-2018:1640 | 2018-05-29 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (qemu-kvm) | RHSA-2018:1662 | 2018-05-22 |
| Red Hat OpenStack Platform 10 (qemu-kvm-rhev) | RHSA-2018:1644 | 2018-05-22 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2018:1854 | 2018-06-19 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) | RHSA-2018:1711 | 2018-05-23 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (kernel) | RHSA-2018:1639 | 2018-05-29 |
| Red Hat Enterprise Linux 7 (libvirt) | RHSA-2018:1997 | 2018-06-26 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) | RHSA-2018:1738 | 2018-05-29 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:2003 | 2018-06-26 |
| Red Hat Virtualization 4 (org.ovirt.engine-root) | RHSA-2018:1676 | 2018-05-22 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2018:2060 | 2018-06-27 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (libvirt) | RHSA-2018:1667 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) | RHSA-2018:1826 | 2018-06-12 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (qemu-kvm) | RHSA-2018:1663 | 2018-05-22 |
| Red Hat OpenStack Platform 8.0 (Liberty) (qemu-kvm-rhev) | RHSA-2018:1646 | 2018-05-22 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (qemu-kvm) | RHSA-2018:1658 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 7.2 (libvirt) | RHSA-2018:1668 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (libvirt) | RHSA-2018:1652 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) | RHSA-2018:1635 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (libvirt) | RHSA-2018:2006 | 2018-06-26 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (libvirt) | RHSA-2018:1666 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 7.2 (qemu-kvm) | RHSA-2018:1661 | 2018-05-22 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:1629 | 2018-05-22 |
| Red Hat Enterprise Linux 6 (qemu-kvm) | RHSA-2018:1660 | 2018-05-21 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (qemu-kvm) | RHSA-2018:1661 | 2018-05-22 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:1630 | 2018-05-21 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (libvirt) | RHSA-2018:1664 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (libvirt) | RHSA-2018:1665 | 2018-05-22 |
| Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2018:1649 | 2018-05-22 |
| Red Hat Enterprise Linux 6 (libvirt) | RHSA-2018:1669 | 2018-05-22 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) | RHSA-2018:1641 | 2018-05-29 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (libvirt) | RHSA-2018:1668 | 2018-05-22 |
| Red Hat OpenStack Platform 9.0 (qemu-kvm-rhev) | RHSA-2018:1645 | 2018-05-22 |
| Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2018:1647 | 2018-05-21 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) | RHSA-2018:1636 | 2018-05-22 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (kernel) | RHSA-2018:1639 | 2018-05-29 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (qemu-kvm) | RHSA-2018:1657 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (libvirt) | RHSA-2018:1653 | 2018-05-22 |
| RHEV Manager 3 (org.ovirt.engine-root) | RHSA-2018:1688 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) | RHSA-2018:1638 | 2018-05-29 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (libvirt) | RHSA-2018:1666 | 2018-05-22 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (qemu-kvm) | RHSA-2018:1659 | 2018-05-22 |
| RHEV Manager 3 (rhevm-setup-plugins) | RHSA-2018:1689 | 2018-05-22 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (kernel) | RHSA-2018:1637 | 2018-05-29 |
| Red Hat Enterprise Linux 7 (libvirt) | RHSA-2018:1632 | 2018-05-22 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host) | RHSA-2018:1696 | 2018-05-23 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (vdsm) | RHSA-2018:1690 | 2018-05-22 |
| Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2018:1633 | 2018-05-22 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | ovirt-guest-agent | 影響あり |
| Red Hat Virtualization 4 | ovirt-engine | 影響あり |
| Red Hat Virtualization 4 | rhev-hypervisor-ng | 影響あり |
| Red Hat Virtualization 4 | rhevm-setup-plugins | 影響あり |
| Red Hat OpenStack Platform 11.0 (Ocata) | qemu-kvm-rhev | 影響あり |
| Red Hat Enterprise Linux 7 | microcode_ctl | 影響あり |
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | 影響あり |
| Red Hat Enterprise Linux 6 | microcode_ctl | 影響あり |
| Red Hat Enterprise Linux 5 | kernel | 影響あり |
| Red Hat Enterprise Linux 5 | microcode_ctl | 影響あり |
| RHEV Manager 3 | rhev-hypervisor-ng | 影響あり |
| RHEV Manager 3 | rhev-hypervisor | 影響あり |
| RHEV Manager 3 | vdsm | 影響あり |
| RHEV Manager 3 | ovirt-engine | 影響あり |
Acknowledgements
Red Hat は、この問題の報告について Microsoft Security Response Center (MSRC) の Ken Johnson 氏と Google Project Zero (GPZ) Jann Horn 氏に謝意を表します。External References
- https://access.redhat.com/security/vulnerabilities/ssbd
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf
- https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf