Bug 1580340 (CVE-2018-3640)

Summary: CVE-2018-3640 hw: cpu: speculative register load
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aquini, bhu, blc, carnil, dhoward, fhrbata, hannsj_uhl, hkrzesin, hwkernel-mgr, iboverma, jkacur, jross, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, mvanderw, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, security-response-team, skozina, sparks, thomas, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An industry-wide issue was found in the way many modern microprocessor handle speculative access of system registers inaccessible to unprivileged user. It relies on the presence of a precisely-defined instruction sequence in the privileged code which allows speculative load of system registers and that such register value could be subsequently used in speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged system registers by conducting targeted cache side-channel attacks.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:26:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1566865    

Description Prasad Pandit 2018-05-21 10:12:40 UTC 
An industry-wide issue was found in the way many modern microprocessor handle
speculative access of system registers inaccessible to unprivileged user.

It relies on the presence of a precisely-defined instruction sequence in the
privileged code which allows speculative load of system registers and that such
register value could be subsequently used in speculatively executed instructions that never actually commit (retire).

As a result, an unprivileged attacker could use this flaw to read privileged
system registers by conducting targeted cache side-channel attacks.

Reference:
----------
  -> https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
Comment 2 Prasad Pandit 2018-05-21 19:14:00 UTC 
External References:

https://access.redhat.com/solutions/3452311
Comment 3 Eric Christensen 2018-05-21 22:14:22 UTC 
Statement:

This is a hardware issue and is not currently planned to be mitigated in software (in the Linux kernel). As such, we do not plan to provide mitigations for this issue in the kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2.

Future CPU vendor microcode updates may address this issue.