Is Spectrum impacted by x86 CPU vulnerabilities?

Document ID : KB000112435
Last Modified Date : 29/08/2018
Show Technical Document Details
Question:
Is Spectrum affected by the following vulnerabilities or the patches required to fix them?

CVE-2018-3615 - Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis

CVE-2018-3620 - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis

CVE-2018-3646 - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Answer:
CA Spectrum (all supported GA versions) are not affected by these vulnerabilities.
The patches can also be installed to resolve the vulnerabilities as Spectrum will function properly with them installed.

If there are any further concerns or questions, please contact CA Spectrum Support.