An industry-wide, hardware-based security vulnerability was disclosed yesterday.The problem affect many processor types, covering Xeon, AMD and ARM variants.
So far, there are three known variants of the issue:- Variant 1: bounds check bypass (CVE-2017-5753)
- Variant 2: branch target injection (CVE-2017-5715)
- Variant 3: rogue data cache load (CVE-2017-5754)
Besides physical/private cloud systems, this issue affects public cloud providers, and as such they have taken appropriate steps for risk mitigation.Refer to the enclosed links for additional information.
Project Zero: https://googleprojectzero.blogspot.mk/2018/01/reading-privileged-memory-with-side.html
Microsoft Security Tech Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Microsoft Azure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
No comments:
Post a Comment