1753064 – hw: Target Array Sharing side channel attack

Bug 1753064 - hw: Target Array Sharing side channel attack

Summary: hw: Target Array Sharing side channel attack

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1764062 1764063 1764064 1764065 1764066 1764067 1764068 1764069 1764070 1764071 1764072 1764073 1767754 1771651
Blocks:	1752312
TreeView+	depends on / blocked

Reported:	2019-09-18 01:52 UTC by Wade Mealing
Modified:	2021-10-25 22:11 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-25 22:11:19 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2019:3845	0	None	None	None	2019-11-12 21:37:08 UTC
Red Hat Product Errata	RHEA-2019:3846	0	None	None	None	2019-11-12 22:38:10 UTC

Description Wade Mealing 2019-09-18 01:52:56 UTC

A flaw was found in the implementation of Intel microprocessors Target Array sharing.  A single physical branch prediction unit (hardware) within a single core is shared within two logical processor threads.  

An attacker with local authenticated access can cause the branch prediction unit to use an indirect target on both logical processors.  A flaw in the CPU's indirect target matching would incorrectly match some targets as matching when they did not.

This incorrect matching can be used as an attack vector for an attacker to carry out Spectre-V2 style attack on the impacted processor.

A microcode update will be available that can disable TA sharing between logical processors to change the behaviour effectively mitigating this flaw.

Comment 5 Wade Mealing 2019-11-12 08:23:16 UTC

Acknowledgements:

Red Hat thanks Intel and industry partners for reporting this issue and collaborating on the mitigations for the same.

Comment 6 Prasad Pandit 2019-11-12 09:48:15 UTC

Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov

Comment 7 Prasad Pandit 2019-11-12 09:48:19 UTC

External References:

https://access.redhat.com/solutions/2019-microcode-nov

Comment 8 Prasad Pandit 2019-11-12 09:48:22 UTC

Mitigation:

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.

Comment 9 Prasad Pandit 2019-11-12 18:10:28 UTC

Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771651]

Note You need to log in before you can comment on or make changes to this bug.