Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. An attacker with local user access may be able to utilize sequences of speculative execution to perform a cache timing side-channel analysis.
CVE(s): CVE-2018-3639, CVE-2018-3640
Affected product(s) and affected version(s):
- IBM QRadar Network Packet Capture 7.3.0 to 7.3.1 Patch 1
- IBM QRadar Network Packet Capture 7.2.8 to 7.2.8 Patch 1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10796134&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
The post IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ibm.co/2RoXIZY
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.