IBM Support

MF64553 - LIC MITIGATE SPECTRE AND MELTDOWN VULNERABILITY

PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

LIC MITIGATE SPECTRE AND MELTDOWN VULNERABILITY


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED      PTF/FIX  LEVEL

TYPE PROGRAM  REL  NUMBER   MIN/MAX  OPTION
---- -------- ---  -------  -------  ------
TR   5770999  710  MF99011   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the 'IBM License Agreement for Machine
Code', the terms of which were provided in a printed document that was
delivered with the machine.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.





APAR Error Description / Circumvention

-----------------------------------------------
IBM i is affected by the vulnerabilities known as Spectre and
Meltdown which can enable CPU data cache timing to be
abused to bypass conventional memory security restrictions
to gain access to privileged memory that should be inaccessible.

CVEID: CVE-2017-5753
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex
A57 CPUs could allow a local authenticated attacker to obtain
sensitive information, caused by a bounds check bypass in the
CPU speculative branch instruction execution feature. By
conducting targeted cache side-channel attacks, an attacker
could exploit this vulnerability to cross the syscall boundary
and read data from the CPU virtual memory.
CVSS Base Score: 7.3
CVSS Temporal Score:
See https://exchange.xforce.ibmcloud.com/vulnerabilities/137052
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)

CVEID: CVE-2017-5715
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex
A57 CPUs could allow a local authenticated attacker to obtain
sensitive information, caused by a branch target injection in
the CPU speculative branch instruction execution feature. By
conducting targeted cache side-channel attacks, an attacker
could exploit this vulnerability to leak memory contents into
a CPU cache and read host kernel memory.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/137054
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2017-5754
DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex
A57 CPUs could allow a local authenticated attacker to obtain
sensitive information, caused by a rogue data cache load in the
CPU speculative branch instruction execution feature. By
conducting targeted cache side-channel attacks, an attacker
could exploit this vulnerability to cause the CPU to read kernel
memory from userspace before the permission check for
accessing an address is performed.
CVSS Base Score: 7.3
CVSS Temporal Score:
See https://exchange.xforce.ibmcloud.com/vulnerabilities/137053
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)

CORRECTION FOR APAR MA46856 :
-----------------------------
The Spectre and Meltdown vulnerabilities will be mitigated by
applying this PTF.

CIRCUMVENTION FOR APAR MA46856 :
--------------------------------
None.


Activation Instructions


None.




Special Instructions


This PTF can be loaded and applied independently from Power FW
fixes that have been created to address the Spectre and Meltdown
vulnerabilities, but both IBM i PTFs and available Power FW fixes
are required to mitigate vulnerabilities.


Default Instructions

THIS IS A DELAYED PTF TO BE APPLIED AT IPL TIME.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
     NONE

Summary Information

System.............................. i
Models..............................
Release............................. V7R1M0
Licensed Program............... 5770999
APAR Fixed.......................... MA46856
Superseded by:......................
Recompile........................... N
Library............................. QSYS
MRI Feature ........................ NONE
Cum Level........................... NONE


System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

Document information

More support for: i family

Software version: V7R1M0

Operating system(s): OS/400

Reference #: MF64553

Modified date: 10 January 2018