← Revision 9 as of 2018-02-15 23:39:26
|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
|=== Information leak via speculative execution side channel attacks ===
In January 2018, [[https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html|security researchers announced]] a new class of side channel attacks that impact most processors, including processors from Intel, AMD, ARM and IBM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory.
To address the issue in Debian, updates to the kernel, processor microcode, hypervisor, and various other userspace packages will be needed. These updates are being announced in Debian Long Term Security Announcements as they are available.
There are three separate vulnerabilities involved:
[[https://security-tracker.debian.org/tracker/CVE-2017-5753|CVE-2017-5753]] Spectre Variant 1 Bounds Check Bypass
[[https://security-tracker.debian.org/tracker/CVE-2017-5715|CVE-2017-5715]] Spectre Variant 2 Branch Target Injection
[[https://security-tracker.debian.org/tracker/CVE-2017-5754|CVE-2017-5754]] Meltdown Variant 3 Rogue Data Cache Load
The Spectre and Meltdown vulnerabilities have varying impacts in different environments, and the mitigations available can be difficult to understand. We've prepared a Technical FAQ to help answer many common questions.
This article will be updated periodically with new information as it becomes available, until the issues have been resolved.