IBM Support

MA46856 - LIC MITIGATE SPECTRE AND MELTDOWN VULNERABILITY

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 APAR (Authorized Program Analysis Report)

Abstract

LIC MITIGATE SPECTRE AND MELTDOWN VULNERABILITY

Error Description

TBD                                                            

Problem Summary

****************************************************************
* PROBLEM: (MA46856) Licensed Program = 5770999 for i 7.1,     *
*                                        i 7.2, and i 7.3      *
*           Security                                           *
****************************************************************
* USERS AFFECTED: All IBM i operating system users.            *
****************************************************************
* RECOMMENDATION: Apply LIC PTF MF64553 for i 7.1.             *
*                 Apply LIC PTF MF64552 for i 7.2.             *
*                 Apply LIC PTF MF64551 for i 7.3.             *
****************************************************************
IBM i is affected by the vulnerabilities known as Spectre and  
Meltdown which can enable CPU data cache timing to be          
abused to bypass conventional memory security restrictions      
to gain access to privileged memory that should be inaccessible.
                                                               
CVEID: CVE-2017-5753                                            
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex        
A57 CPUs could allow a local authenticated attacker to obtain  
sensitive information, caused by a bounds check bypass in the  
CPU speculative branch instruction execution feature. By        
conducting targeted cache side-channel attacks, an attacker    
could exploit this vulnerability to cross the syscall boundary  
and read data from the CPU virtual memory.                      
CVSS Base Score: 7.3                                            
CVSS Temporal Score:                                            
See https://exchange.xforce.ibmcloud.com/vulnerabilities/137052
for the current score                                          
CVSS Environmental Score*: Undefined                            
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)    
                                                               
CVEID: CVE-2017-5715                                            
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex        
A57 CPUs could allow a local authenticated attacker to obtain  
sensitive information, caused by a branch target injection in  
the CPU speculative branch instruction execution feature. By    
conducting targeted cache side-channel attacks, an attacker    
could exploit this vulnerability to leak memory contents into  
a CPU cache and read host kernel memory.                        
CVSS Base Score: 6.5                                            
CVSS Temporal Score: See                                        
https://exchange.xforce.ibmcloud.com/vulnerabilities/137054    
for the current score                                          
CVSS Environmental Score*: Undefined                            
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)    
                                                               
CVEID: CVE-2017-5754                                            
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex        
A57 CPUs could allow a local authenticated attacker to obtain  
sensitive information, caused by a rogue data cache load in the
CPU speculative branch instruction execution feature. By        
conducting targeted cache side-channel attacks, an attacker    
could exploit this vulnerability to cause the CPU to read kernel
memory from userspace before the permission check for          
accessing an address is performed.                              
CVSS Base Score: 7.3                                            
CVSS Temporal Score:                                            
See https://exchange.xforce.ibmcloud.com/vulnerabilities/137053
for the current score                                          
CVSS Environmental Score*: Undefined                            
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)    

Problem Conclusion

The Spectre and Meltdown vulnerabilities will be mitigated by  
applying                                                        
this PTF.                                                      

Temporary Fix

                       *********                                
                       * HIPER *                                
                       *********                                

Comments

Circumvention


PTFs Available

R710 MF67822  1000

R720 MF64552  8032

R730 MF64551  8025

Affected Modules


         
         

Affected Publications

Summary Information

Status............................................CLOSED PER
HIPER...........................................Yes
Component..................................9400DG300
Failing Module..........................RCHMGR
Reported Release...................R730
Duplicate Of..............................




IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1; 7.2; 7.3","Product":{"code":"SG15Q","label":"APARs - OS\/400 General"},"Component":"9400DG3","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1; 7.2; 7.3","Product":{"code":"SG16C","label":"APARs - IBM i 7.1 environment"},"Component":"9400DG3","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1; 7.2; 7.3","Product":{"code":"SG16E","label":"APARs - IBM i 7.2 environment"},"Component":"9400DG3","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1; 7.2; 7.3","Product":{"code":"SG16G","label":"APARs - IBM i 7.3 environment"},"Component":"9400DG3","Edition":""}]

Document Information

Modified date:
28 October 2020