AnsweredAssumed Answered

open ticket

Question asked by Michael Peterson on Jan 5, 2018
Latest reply on Jan 5, 2018 by Nathan Furze

There is a micro-architectural (hardware) implementation issue affecting many modern microprocessors which can be mitigated in the Linux kernel alone or in combination with a microcode update. An unprivileged attacker can use this flaw to bypass restrictions to gain read access to privileged memory which would otherwise be inaccessible. There are three known CVEs for this issue related to Intel, AMD, and ARM architectures - additional vulnerabilities for other architectures also exist, such as POWER (both big and little endian, V8 and V9). For more information, please review the ‘Overview’ and ‘Impact’ tabs on the article below: The vulnerability has been assigned CVE-2017-5754, CVE-2017-5753 & CVE-2017-5715. This issue was publicly disclosed on Wednesday, January 3, 2018 and is rated as Important [1].

Does this affect the RSA Secure ID?

Is there a patch or upgrade to remediate this issue? 

Outcomes