Meltdown and Spectre vulnerabilities

Document ID : KB000009243
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

PRODUCT(S) AFFECTED: CA Data Protection                                          RELEASES: all

 

PROBLEM DESCRIPTION:

CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 have been recently identified in industry-wide "multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update."

Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Cause:

SYMPTOMS:
"An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Additional exploits for other architectures are also known to exist. These include IBM System Z, POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian)."

Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Resolution:

PROBLEM RESOLUTION:
There is currently no resolution to this issue.  Customers are advised to apply vendor-provided patches as they become available.

As more information becomes available from third-party vendors, CA will issue additional notifications to advise customers of potential resolutions and next steps for updating any CA components if necessary.

Additional Information:

IMPACT:
No specific impact to this product set.