000016369 - Remediation for the FLUSH+RELOAD attack on RSA BSAFE

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 2, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000016369
Applies ToRSA Product Set: BSAFE
RSA Product/Service Type: C Toolkit, Java Toolkit
Platform: x86 Processor
CauseFlush+Reload is a potential cache side-channel attack that monitors access to data in shared pages.

The Flush+Reload attack is a variant of the Prime+Probe attack that relies on sharing pages between the attacker and the victim programs.  With shared pages, the attacker program can ensure that a specific memory line is evicted from the whole cache hierarchy.  The attacker uses this to monitor access to the memory line.

In order to exploit this vulnerability, the attacker must have access to the machine (in order to run a process) and the attack is only successful when the machine uses an Intel x86 processor.

For more information, refer to the document entitled Flush+Reload: a High Resolution, Low Noise, L3 CacheSide-Channel Attack.

ResolutionThe BSAFE toolkits are not susceptible to the specific vulnerability described in CVE-2014-0076.  However, after further investigation, it appears that the BSAFE toolkits may be potentially vulnerable to a specially crafted attack that is similar to the Flush+Reload side-channel attack.  At this time, there are no known workarounds or fix for the BSAFE toolkits to mitigate against any attack that might be similar to the Flush+Reload side-channel attack.  RSA is targeting to remediate this issue in the CCME 4.5 and Crypto-J 6.2 releases and will update the support team periodically of any changes.
Legacy Article IDa65295