Main Vulnerability Database SB20180404114

SB20180404114 - Speculative Store Bypass in openjdk8 (Alpine package)

Published: April 4, 2018

Security Bulletin ID SB20180404114

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Speculative Store Bypass (CVE-ID: CVE-2018-3639)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ded1603ed10749cd90f410f5eba30e91d1c93c6e
https://git.alpinelinux.org/aports/commit/?id=a062ffc9e8b823fecbae65d23dae5f9c4b72b7f9
https://git.alpinelinux.org/aports/commit/?id=abd4eb399ba5d7a42b64764eded97622c6be29c2
https://git.alpinelinux.org/aports/commit/?id=b40f23f8d0765c072759e2a479ed8d550deab9aa
https://git.alpinelinux.org/aports/commit/?id=0a5db24a9098c540a6a120e62a594f36b5218a26
https://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4
https://git.alpinelinux.org/aports/commit/?id=66ff4f8a6b71dd204bc568c21c45941d612402c2
https://git.alpinelinux.org/aports/commit/?id=bafb572dda2d0814641af68fa0cceff256bc3705
https://git.alpinelinux.org/aports/commit/?id=519be0a2d18ff557306f965c717c58763d8e711a
https://git.alpinelinux.org/aports/commit/?id=afa60b4355e66c59078ac08cf7997c5f9c4d9f48