Beginning of this page.
Jump to main content.

Please note that JavaScript and style sheet are used in this website,
Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original.
Even in such a case, however, the contents can be used safely.

Site menu starts here.
Skip site menu.
End of site menu.
Displaying present location in the site.
End of menu.

About Mitigating Processor Vulnerability (Side-channel Attack)

Updated: November 30, 2018
Published: January 24, 2018

Thank you for your continued patronage for NEC Express5800 series products.

New Vulnerabilities (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) have been recently found in processors supporting speculative execution and out-of-order execution features. These vulnerabilities could allow malicious programs to steal data stored in memory from the affected products.

Previously, this page addressed processors targeted with similar feature functions (referenced below).
Due to the similarities of these new vulnerabilities, countermeasures need to be taken in terms of both the system BIOS and the operating system.

January 2018(CVE-2017-5715、CVE-2017-5753、CVE-2017-5754)
May 2018(CVE-2018-3639、CVE-2018-3640)

Since August of 2018, details regarding these new vulnerabilities, countermeasures and announcements as well as details as to the current situation have been made available on this page. We will continue to release additional information as it becomes available.

Information on the vulnerabilities

  • The following vulnerabilities could allow an attacker to obtain memory data from the affected products illegally.
  • Unless a malicious program is executed on a system, these vulnerabilities should not affect the system.

Vulnerabilities Reported in August 2018 (CVE-2018-3615、CVE-2018-3620、CVE-2018-3646)

     Relevant information:
     CERT/CC Vulnerability Note VU# 982149
       Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
       https://www.kb.cert.org/vuls/id/982149

     Press release published by Intel Corporation
       Security Exploits and Intel Products
       https://newsroom.intel.com/press-kits/security-exploits-intel-products/
        (Aug. 14, 2018: Protecting Our Customers through the Lifecycle of Security Threats)

Vulnerabilities reported in May 2018 (CVE-2018-3639, CVE-2018-3640)

     Relevant information:
     CERT/CC Vulnerability Note VU# 180049
       CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
       https://www.kb.cert.org/vuls/id/180049

     Press release published by Intel Corporation
       Security Exploits and Intel Products
       https://newsroom.intel.com/press-kits/security-exploits-intel-products/
        (May 21, 2018: Addressing New Research for Side-Channel Analysis)

Vulnerabilities reported in January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

     Relevant information:
     CERT/CC Vulnerability Note VU#584653
       CPU hardware vulnerable to side-channel attacks
       https://www.kb.cert.org/vuls/id/584653

     Press release published by Intel Corporation
       Security Exploits and Intel Products
       https://newsroom.intel.com/press-kits/security-exploits-intel-products/
        (Jan. 3, 2018: Intel Responds to Security Research Findings)

Solution

For any of the vulnerabilities stated above, it is necessary to update the system BIOS of the applicable products and to apply a patch to the current operating system.

Top of this page