Is Spectrum impacted by x86 CPU vulnerabilities?

book

Article ID: 112435

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction



Is Spectrum affected by the following vulnerabilities or the patches required to fix them?

CVE-2018-3615 - Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis

CVE-2018-3620 - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis

CVE-2018-3646 - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Environment

Release:
Component: SPCAEM

Resolution

CA Spectrum (all supported GA versions) are not affected by these vulnerabilities.
The patches can also be installed to resolve the vulnerabilities as Spectrum will function properly with them installed.

If there are any further concerns or questions, please contact CA Spectrum Support.