Bug 1597992 (netspectre)
Summary: | kernel: NetSpectre - observing speculative execution gadgets across network via statistical analysis. | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abhgupta, acaringi, airlied, aquini, bhu, blc, bmasney, brdeoliv, bskeggs, dbaker, dhoward, dvlasenk, esammons, ewk, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, john.j5live, jokerman, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, mchehab, mcressma, mguzik, mjg59, mlangsdo, nmurray, plougher, ptalbert, rt-maint, rvrbovsk, security-response-team, skozina, sparks, steved, sthangav, trankin, walters, williams, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in how CPU's execution mechanisms which allowed local memory to be inferred by measurement and statistical analysis across a network.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:31:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1597990 |
Description
Wade Mealing
2018-07-04 06:00:45 UTC
Acknowledgments: Name: Daniel Gruss Statement: Red Hat Product Security has rated this update as having a security impact of Moderate. All Red Hat products are being evaluated for impact and Red Hat will work with the Linux community to analyze and correct any issues found. Red Hat is currently evaluating the impact of this security flaw on userspace packages, especially the network daemons and remotely accessible technologies like SSH. Successful exploitation of this flaw needs the attacker to have advanced knowledge of the software versions used on the system. For additional information about this flaw including possible mitigations please refer to: https://access.redhat.com/solutions/3545361 Mitigation: The following mitigation can be used to lower the impact/scope of this flaw for userspace applications: 1. Allow only trusted users/ip addresses to access remotely accessible services like SSH, LDAP, SNMP etc. 2. Since the attack involves sending large number of packets to a particular service running on a port, firewalls and some services could be configured to limit the amount of traffic per source IP address. 3. Also actively monitor excessive traffic from a particular IP address, especially in a short time interval. Certain IDS devices/software can do that and block the source of these packets. |