Technicolor Information for VU#584653

CPU hardware vulnerable to side-channel attacks

Status

Not Affected

Vendor Statement

Both Spectre and Meltdown attacks presupposed “open platforms”, where
additional code can be added by a non-privileged user. The Technicolor products
are not open platforms. Even where 3rd party application can run in containers
and can be managed via Life Cycle Management, these applications are validated
and signed before they can be installed on the platform. Technicolor is
currently working with its vendors to identify if additional layers of
protection are needed. Yet, as the current platforms are closed and have secure
bootloading mechanism in place, there is no risk and no privilege acquired by
an attacker in exploiting such an attack on Technicolor's devices.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.