Security Advisories

CLAV-SA-0139 Possible kernel memory leak in Intel chips (Meltdown and Spectre)

Back to list
Advisory ID CLAV-SA-0139
Summary Possible kernel memory leak in Intel chips (Meltdown and Spectre)
Updated 2019-02-08
First Published 2019-02-08
Impact   High
CVSS URL https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CVSS Score 7.9
CVEs
Affected Products
  • cOS Core
  • cOS Stream
  • InCenter

 

Introduction

The Meltdown and Spectre vulnerabilities allow unprivileged code to access sensitive operating system data, allowing further compromise to systems. Clavister hardware appliances are unaffected, however virtualized installs could be.

Security Risks

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents [4].

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system [4].

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre [4].

Products

cOS Core and cOS Stream are not directly vulnerable as there are no local users that can run arbitrary code.

Hawkeye, when run in its default VM, is not directly vulnerable as there are no local users that can run arbitrary code.

Hawkeye security is however, as always, dependent on the security of the hosting environment.

Web-based admin interface security similarly depends on the security of the browser and operating system in use.
Clavister generally recommends that security gateway management be performed on a separate, hardened host, placed in a separate administration-only network segment.

Note that all Clavister products could, when running as virtual machines, be affected by this issue when running on vulnerable hosts. This is beyond Clavister's control and, as always, we recommend everyone to stay up to date on security patches for systems under their control.

Performance

cOS Core and cOS Stream performance is unaffected on appliance hardware.

Available patches for this issue on VM hosts may however degrade performance of Clavister products when running as virtual machines on these hosts as the VM itself slows down.

Fix Information

  • Security patches were applied to the following versions of Hawkeye:
    • 1.02.03
    • 1.20.03 

Security Patches

Updated Clavister products are available from https://www.clavister.com/

References 

  1. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
  2. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00088.html
  3. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
  4. https://meltdownattack.com/
  5. https://nvd.nist.gov/vuln/detail/CVE-2017-5753 
  6. https://nvd.nist.gov/vuln/detail/CVE-2017-5715
  7. https://nvd.nist.gov/vuln/detail/CVE-2017-5754 
  8. https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ 
  9. https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/ 

Contact

  • E-mail: <security@clavister.com>
  • PGP: id 8813E86F, fingerprint A91407250F753C1D27263A7EBE9E30498813E86F
  • WWW: Tickets can also be created through https://www.clavister.com/