Vulnerability Note VU#976534
L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker.
Common L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, as described in "Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack" by Yarom and Falkner.
By manipulating memory stored in the L3 cache by a target process and observing timing differences between requests for cached and non-cached memory, an attacker can derive specific information about the target process. The paper demonstrates an attack against GnuPG on an Intel Ivy Bridge platform that recovers over 98% of the bits of an RSA private key.
A local attacker can derive the contents of memory shared with another process on the same L3 cache (same physical CPU). Virtualization and cryptographic software are examples that are likely to be vulnerable.
Apply an Update
Disable Memory Page De-duplication
Vendor Information (Learn More)
Any shared cache architecture may be susceptible to side-channel or timing attacks. CPU vendors are listed as "Not Affected" since the cache architecture is functioning as designed. It is generally up to an operating system or application to take appropriate measures to protect sensitive information.
|Vendor||Status||Date Notified||Date Updated|
|libgcrypt||Affected||16 Aug 2013||16 Aug 2013|
|Linux KVM||Affected||15 Aug 2013||16 Aug 2013|
|Red Hat, Inc.||Affected||13 Sep 2013||13 Sep 2013|
|VMware||Affected||16 Aug 2013||03 Sep 2013|
|Xen||Affected||16 Aug 2013||03 Sep 2013|
|AMD||Not Affected||16 Aug 2013||29 Oct 2013|
|Cryptlib||Not Affected||16 Aug 2013||03 Sep 2013|
|GnuTLS||Not Affected||16 Aug 2013||03 Sep 2013|
|Intel Corporation||Not Affected||16 Aug 2013||03 Sep 2013|
|OpenSSL||Not Affected||16 Aug 2013||03 Sep 2013|
|Amazon||Unknown||16 Aug 2013||03 Sep 2013|
|Attachmate||Unknown||16 Aug 2013||03 Sep 2013|
|Certicom||Unknown||16 Aug 2013||16 Aug 2013|
|Crypto++ Library||Unknown||16 Aug 2013||16 Aug 2013|
|EMC Corporation||Unknown||16 Aug 2013||16 Aug 2013|
CVSS Metrics (Learn More)
Thanks to Yuval Yarom and Katrina Falkner for reporting this vulnerability and for help writing this document.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-4242
- Date Public: 05 Sep 2013
- Date First Published: 01 Oct 2013
- Date Last Updated: 01 Nov 2013
- Document Revision: 39