Security Advisories

CLAV-SA-0239 SPOILER vulnerability in all modern Intel processors

Back to list
Advisory ID CLAV-SA-0239
Summary SPOILER vulnerability in all modern Intel processors
Updated 2019-03-08
First Published 2019-03-08
Impact   Medium
CVSS URL https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C
CVSS Score 6.7
CVEs None
Affected Products
  • cOS Core
  • cOS Stream
  • InCenter
  • InControl

 

Introduction

SPOILER is a vulnerability that exploits the dependency resolution logic that serves the speculative load functions in a processor to gain information about the physical page mappings. Micro-architectural side-channel attacks such as Rowhammer and cache attacks rely on the reverse engineering of the virtual-to-physical address mapping and are made easier to reproduce with the help of this vulnerability

Security Risks

SPOILER can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in the machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level[2].

The vulnerability affects all modern Intel processors and requires substantial work on the CPU level to fix the underlying root cause the led to it.

Products

cOS Core and cOS Stream are not directly vulnerable as there are no local users that can run arbitrary code.

Hawkeye, when run in its default VM, is not directly vulnerable as there are no local users that can run arbitrary code. It is, however, dependent on the security of the hosting environment.

InControl security is dependent on the security of the underlying Windows environment.

Web-based admin interface security similarly depends on the security of the browser and operating system in use.

Clavister generally recommends that security gateway management be performed on a separate, hardened host, placed in a separate administration-only network segment.

Note that all Clavister products could, when running as virtual machines, be affected by this issue when running on vulnerable hosts. This is beyond Clavister's control and, as always, we recommend everyone to stay up to date on security patches for systems under their control.

Fix Information

There are no known fixes available at the moment.

References 

  1. https://arxiv.org/pdf/1903.00446.pdf
  2. https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
  3. https://www.bleepingcomputer.com/forums/t/692748/spectre-a-like-spoiler-flaw-affects-all-intel-core-cpus/

Contact

  • E-mail: <security@clavister.com>
  • PGP: id 8813E86F, fingerprint A91407250F753C1D27263A7EBE9E30498813E86F
  • WWW: Tickets can also be created through https://www.clavister.com/