Retour
-
Titre
Is TPAM affected by the Spectre vulnerability (CVE-2017-5753 & CVE-2017-5754) or Meltdown (CVE-2017-5715)? -
Description
Is TPAM affected by the Spectre vulnerability (CVE-2017-5753 & CVE-2017-5754) or Meltdown (CVE-2017-5715)?
-
Résolution
It has been widely reported that two major flaws in computer chips, called Meltdown and Spectre, could allow attackers to read sensitive data from most computing devices. The TPAM appliance hardware and operating system contain the vulnerable components, however the TPAM architecture provides mitigations which prevent the vulnerability from being exploited.
Specifically, in order to exploit the vulnerability, the attacker must be able to execute specifically crafted code that allows it to read areas of processor cache that were pre-loaded with data to perform speculative execution. Since TPAM is a completely locked-down appliance which provides no ability to load or execute arbitrary applications, this flaw cannot be exploited.
We will continue to monitor the efforts of the chip makers and O/S providers to correct or fully-mitigate the flaw, and will test those patches in our environment. Once we have established that those patches are successful without causing harmful side-effects, we will issue a patch through the normal TPAM OS Patch release process. -
Demande de changement
9940