Meltdown and Spectre
From SpinetiX Support Wiki
This article is related to Security.
Meltdown and Spectre vulnerabilities: impact on SpinetiX products
Updated on 29/May/2018
Based on the recent discoveries about vulnerabilities in various computer processors, known as Meltdown and Spectre, SpinetiX is conducting an ongoing assessment of their applicability to its products. This article documents the current status.
The variants of processor vulnerabilities to cache timing side channel attacks that have been identified are the following:
- Variant 1: bounds check bypass (CVE-2017-5753), also known as Spectre-V1.
- Variant 2: branch target injection (CVE-2017-5715), also known as Spectre-V2.
- Variant 3: rogue data cache load (CVE-2017-5754), also known as Meltdown.
- Subvariant 3a: rogue system register read (CVE-2018-3640), also known as Spectre-NG.
- Variant 4: speculative store bypass (CVE-2018-3639), also known as Spectre-NG.
Following the analysis of ARM (https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability) we can confirm that:
- The ARM 926EJ-S processor used on HMP100, HMP130 and HMP200 products is vulnerable to neither Spectre nor Meltdown.
- The ARM Cortex-A8 processor used on DiVA, HMP300 and HMP350 products is vulnerable only to Spectre, it is not vulnerable to Meltdown nor Spectre-NG.
Therefore, no SpinetiX products are vulnerable to Meltdown (CVE-2017-5754) or Spectre-NG (CVE-2018-3639 and CVE-2018-3640). HMP100, HMP130 and HMP200 products are not vulnerable to Spectre (CVE-2017-5753 and CVE-2017-5715). However, DiVA, HMP300 and HMP350 products are vulnerable to Spectre (CVE-2017-5753 and CVE-2017-5715).
These vulnerabilities can allow to steal data which is resident in memory by using a cache timing side-channel attack. This method is dependent on being able to run malware locally on the target device, which means it is important for device owners to follow good security practices by keeping the firmware up to date, having protected their devices with good passwords and having a sound policy for content acquisition and authoring.
As explained above, the extent to which the Spectre vulnerabilities can be exploited on HMP300 and HMP350 products is very limited and even more so on DiVA. Customers which are nevertheless concerned by this should make sure that Web Page Layers are used to load trusted and well-known sites only, or that all Web Page Layers be removed from the content. Customers should also ensure that good security practices are followed for content authoring and that devices are properly protected with good passwords.
SpinetiX is working to include security mitigations in a firmware to be released in the future and will communicate when it is available.