Bug 1753064 - hw: Target Array Sharing side channel attack
Summary: hw: Target Array Sharing side channel attack
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1764062 1764063 1764064 1764065 1764066 1764067 1764068 1764069 1764070 1764071 1764072 1764073 1767754 1771651
Blocks: 1752312
TreeView+ depends on / blocked
 
Reported: 2019-09-18 01:52 UTC by Wade Mealing
Modified: 2021-10-25 22:11 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-25 22:11:19 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:3845 0 None None None 2019-11-12 21:37:08 UTC
Red Hat Product Errata RHEA-2019:3846 0 None None None 2019-11-12 22:38:10 UTC

Description Wade Mealing 2019-09-18 01:52:56 UTC
A flaw was found in the implementation of Intel microprocessors Target Array sharing.  A single physical branch prediction unit (hardware) within a single core is shared within two logical processor threads.  

An attacker with local authenticated access can cause the branch prediction unit to use an indirect target on both logical processors.  A flaw in the CPU's indirect target matching would incorrectly match some targets as matching when they did not.

This incorrect matching can be used as an attack vector for an attacker to carry out Spectre-V2 style attack on the impacted processor.

A microcode update will be available that can disable TA sharing between logical processors to change the behaviour effectively mitigating this flaw.

Comment 5 Wade Mealing 2019-11-12 08:23:16 UTC
Acknowledgements:

Red Hat thanks Intel and industry partners for reporting this issue and collaborating on the mitigations for the same.

Comment 6 Prasad Pandit 2019-11-12 09:48:15 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov

Comment 7 Prasad Pandit 2019-11-12 09:48:19 UTC
External References:

https://access.redhat.com/solutions/2019-microcode-nov

Comment 8 Prasad Pandit 2019-11-12 09:48:22 UTC
Mitigation:

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.

Comment 9 Prasad Pandit 2019-11-12 18:10:28 UTC
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771651]


Note You need to log in before you can comment on or make changes to this bug.