Gigabyte Technology : Speculative Execution Vulnerabilities in ARM and x86 CPUs
January 17, 2018 at 07:44 pm IST
Share
Security researchers have recently uncovered security issues known by two names, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, and CVE-2017-5715). These issues apply to all modern processors and affect nearly all computing devices and operating systems. All GIGABYTE systems are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious software to be installed in your systems, GIGABYTE recommend downloading software only from trusted sources.
Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from GIGABYTE. Intel has provided a high level statement here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/
Resources
CPU Models
Recovery BIOS Release Time
Intel Xeon Scalable Processors
Done
Intel Xeon W Processors
TBD
Intel Xeon Processor E3-1200 v6 Product Family
Done
Intel Xeon Processor E5 v4 Product Family
TBD
Intel Xeon Processor D-1500 Product Family
TBD
Intel Atom Processor C3000 Series
TBD
Intel Pentium and Celeron Processor N3000 Product Families
TBD
Intel Atom Processor E3800 Product Family and Intel Celeron Processor N2807/N2930/J1900
TBD
AMD EPYC Series
Solve by OS updates
Cavium ThunderX Product Family
Not impact by this event
Background
The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once-possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.
The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory-including that of the kernel-from a less-privileged user process such as a malicious software running on a system.
Gigabyte Technology Co. Ltd. published this content on 17 January 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 17 January 2018 14:14:10 UTC.
Original documenthttps://www.gigabyte.com/Press/News/1587
Public permalinkhttp://www.publicnow.com/view/6766FB5533EFDC025B164804D2FD69AD5C8D1253
Gigabyte Technology Co., Ltd. is a Taiwan-based company principally engaged in the production, processing and sales of information technology (IT) products. The Company provides computer motherboards, three dimensional (3D) display graphic cards, laptops, tablet personal computers (PCs), servers, smart phones, broadband network devices and wireless communication products, computer peripherals and network storage products. It distributes its products mainly within Taiwan, as well as to the rest of Asia, Europe and the Americas.