.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products
Advisory Content
Article Number
000035890
CVE ID
000035890
Article Summary
RSA is aware of the new side-channel analysis attacks (also known as
Meltdown and Spectre) affecting many modern microprocessors that were published by a team of security researchers on January 3, 2018. An unprivileged attacker with local user access to the system could potentially leverage these attacks to read privileged memory data that would otherwise be inaccessible.
RSA has completed investigation of the impact of these issues on our products. This article will be updated with remediation steps as they become available for impacted products.
RSA recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied.
- Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
- Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
- Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load
RSA has completed investigation of the impact of these issues on our products. This article will be updated with remediation steps as they become available for impacted products.
RSA recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied.
Link to Advisories
- Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- AMD Update: http://www.amd.com/en/corporate/speculative-execution
- Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- Research papers: https://meltdownattack.com