Last Modified:
Nothing groundbreaking here, I am just collating advisories and press releases from vendors as I find them that relate to the recently disclosed issues regarding speculative execution side-channel vulnerabilities. This is also being referred to as Spectre (variants 1 & 2) and Meltdown (variant 3). If you have any additions/corrections, please let me know in the comments, and I’ll update this post.
Disclaimer: This is my personal blog & post. This post is not an official statement or communication from Microsoft. For Microsoft’s official guidance, please see the links in the “Microsoft” section below.
Research
Vendor | Info | Article |
Blog | https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html | |
GPZ Blog | https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html | |
GPZ Bugtracker | https://bugs.chromium.org/p/project-zero/issues/detail?id=1272 | |
More Details | https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html | |
Researchers | Meltdown | https://meltdownattack.com/ |
Researchers | Spectre | https://spectreattack.com/ |
Microsoft
Advisories & Communications
CPU Makers
Hardware OEMs
Client OEMs
Vendor | Info | Article |
HP | Security Advisory | https://support.hp.com/document/c05869091 |
Dell | Security Advisory | www.dell.com/support/meltdown-spectre |
Lenovo | Security Advisory | https://support.lenovo.com/us/en/solutions/len-18282 |
Asus | Security Advisory | https://www.asus.com/News/YQ3Cr4OYKdZTwnQK |
Acer | https://us.answers.acer.com/app/answers/detail/a_id/53104 | |
VAIO | https://solutions.vaio.com/3316 | |
Samsung | Pending | |
Fujitsu | http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html | |
LG | Pending | |
Panasonic | https://pc-dl.panasonic.co.jp/itn/vuln/g18-001.html | |
Toshiba | https://support.toshiba.com/support/viewContentDetail?contentId=4015952 | |
Huawei | Pending | |
Xiaomi | Pending |
Server OEMs
Vendor | Info | Article |
HPE | Security Advisory | http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html |
Dell | Security Advisory | http://www.dell.com/support/article/us/en/04/sln308588/ |
Lenovo | Security Advisory | https://support.lenovo.com/us/en/solutions/len-18282 |
Huawei | Security Advisory | http://www.huawei.com/au/psirt/security-notices/huawei-sn-20180104-01-intel-en |
Fujitsu | Security Advisory | http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html |
Cisco | Security Advisory | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel |
IBM | Blog | https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/ |
Other OEMs
Vendor | Info | Article |
F5 | Security Advisory | https://support.f5.com/csp/article/K91229003 |
Fortinet | Security Advisory | https://fortiguard.com/psirt/FG-IR-18-002 |
Juniper | Security Advisory | https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=METADATA |
NetApp | Security Advisory | https://security.netapp.com/advisory/ntap-20180104-0001/ |
Raspberry Pi | Blog | https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/ |
Cloud Providers
Virtualization
Vendor | Info | Article |
Citrix | https://support.citrix.com/article/CTX231399 | |
VMWare | https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html | |
Xen | Advisory | https://xenbits.xen.org/xsa/advisory-254.html |
Xen | FAQ | https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ |
Operating Systems
Browsers
Vendor | Info | Article |
Google Chrome | Security Info | https://www.chromium.org/Home/chromium-security/ssca |
Mozilla Firefox | Blog | https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ |
Apple Safari | Security Info | https://support.apple.com/en-us/HT208403 |
WebKit | Rendering Engine Info | https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/ |
Mobile Devices
Vendor | Info | Article |
Android | https://source.android.com/security/bulletin/2018-01-01 | |
Apple | iOS 11.2.2 | https://support.apple.com/en-us/HT208401 |
Databases
Vendor | Article |
Postgresql | https://www.postgresql.org/message-id/[email protected] |
Oracle | Pending |
MySQL | Pending |
Antivirus
(Hat tip to Kevin Beaumont: https://twitter.com/GossiTheDog/status/948889660780175360 (Direct GDocs Link: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true))
SaaS
Vendor | Article |
Salesforce | https://help.salesforce.com/articleView?id=Spectre-and-Meltdown-Vulnerabilities&language=en_US&type=1 |
1Password | https://blog.agilebits.com/2018/01/04/same-as-it-ever-was-theres-no-reason-to-melt-down/ |
Dropbox | Pending |
BoxHQ | Pending |
Other
Vendor | Info | Article |
LLVM | http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html | |
MITRE | CVE-2017-5715 | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715 |
MITRE | CVE-2017-5753 | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753 |
MITRE | CVE-2017-5754 | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754 |
CERTS
Benchmarks & Performance Impacts
Benchmark Tests
Vendor | Info | Article |
Phoronix | VM Performance Showing Mixed Impact with Linux 4.15 KPTI Patches | https://www.phoronix.com/scan.php?page=article&item=linux-kpti-kvm&num=1 |
Phoronix | Initial Benchmarks of the Performance Impact Resulting From Linux’s x86 Security Changes | https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1 |
Phoronix | Further Analyzing The Intel CPU “x86 PTI Issue” on More Systems | https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1 |
Discussion on Benchmarking | https://www.reddit.com/r/Amd/comments/7o0m37/requesting_benchmarks_on_amd_processors_before/ | |
TechSpot | Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch | https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/ |
OSX Reverser | Measuring OS X Meltdown Patches Performance | https://reverse.put.as/2018/01/07/measuring-osx-meltdown-patches-performance/ |
Vendor Performance Assessments
Vendor | Info | Article |
RedHat | Performance Impacts – Describing the performance impacts to security patches | https://access.redhat.com/articles/3307751 |
Protecting our Google Cloud customers from new vulnerabilities without impacting performance | https://www.blog.google/topics/google-cloud/protecting-our-google-cloud-customers-new-vulnerabilities-without-impacting-performance/ |