|Applies To||RSA Product Set: BSAFE|
RSA Product/Service Type: C Toolkit, Java Toolkit
Platform: x86 Processor
|Cause||Flush+Reload is a potential cache side-channel attack that monitors access to data in shared pages.|
The Flush+Reload attack is a variant of the Prime+Probe attack that relies on sharing pages between the attacker and the victim programs. With shared pages, the attacker program can ensure that a specific memory line is evicted from the whole cache hierarchy. The attacker uses this to monitor access to the memory line.
In order to exploit this vulnerability, the attacker must have access to the machine (in order to run a process) and the attack is only successful when the machine uses an Intel x86 processor.
For more information, refer to the document entitled Flush+Reload: a High Resolution, Low Noise, L3 CacheSide-Channel Attack.
|Resolution||The BSAFE toolkits are not susceptible to the specific vulnerability described in CVE-2014-0076. However, after further investigation, it appears that the BSAFE toolkits may be potentially vulnerable to a specially crafted attack that is similar to the Flush+Reload side-channel attack. At this time, there are no known workarounds or fix for the BSAFE toolkits to mitigate against any attack that might be similar to the Flush+Reload side-channel attack. RSA is targeting to remediate this issue in the CCME 4.5 and Crypto-J 6.2 releases and will update the support team periodically of any changes.|
|Legacy Article ID||a65295|