Technicolor Information for VU#584653
CPU hardware vulnerable to side-channel attacks
Both Spectre and Meltdown attacks presupposed “open platforms”, where
additional code can be added by a non-privileged user. The Technicolor products
are not open platforms. Even where 3rd party application can run in containers
and can be managed via Life Cycle Management, these applications are validated
and signed before they can be installed on the platform. Technicolor is
currently working with its vendors to identify if additional layers of
protection are needed. Yet, as the current platforms are closed and have secure
bootloading mechanism in place, there is no risk and no privilege acquired by
an attacker in exploiting such an attack on Technicolor's devices.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.