Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: Straight-Line Speculation (CVE-2020-13844)
Recommended

Wind River Security Vulnerability Notice: Straight-Line Speculation (CVE-2020-13844)

Released: --

Summary

Wind River Security Vulnerability Notice: Straight-Line Speculation (CVE-2020-13844) for Wind River Linux

Affected Product Versions

Wind River Linux 5, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 4

Description

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Affected Windriver Linux releases:

It is an CPU issue, will effect on all software runing on vulnarable CPUs. So, all releases including Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 8, Wind River Linux 7, Wind River Linux 6, Wind River Linux 5, Wind River Linux 4


Affected software components:

gcc: https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html

llvm: http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html

Linux kernel: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8
Please note, the key that mitigate this CVE issue lies on the tool chain that construct binary files, not linux kernel. Linux kernel can only lower the risks.


Affected hardware:

Arm Armv8-A


Mitigation


Check to see if the CPU you are using is based on ARM-v8-A core. If not, just ignore this CVE issue.

NOTE: Linux kernel can'r fully mitigate this CVE issue, it can only lower the risks.


Additional References


CVE-2020-13844

SLS Whitepaper

ARM: Frequently asked questions

ARM: Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism

We will port all necessary patches on all our supporting releases. We will continue to update this web page and once we have any progress you can get it here.

For any questions or requirements, please contact your local WR support team, or mail to security-alert@windriver.com directly.


Changelog

  • 6/16/2020: Initial

Installation Notes

LTS1019

...



LTS1018

...


Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube