IBM Support

Central Processor Unit (CPU) Architectural Design Flaws

Flash (Alert)


Abstract

IBM Security X-Force is aware of the CPU vulnerability disclosed by Google. In response to the disclosure of vulnerabilities, the IBM X-Force has raised the current internet threat level to AlertCon 2.

Content

IBM has been made aware of the CPU vulnerability disclosed by Google and is working across the ecosystem on remediations. The most immediate action you can take to protect yourself is to prevent execution of unauthorized software on any system that handles sensitive data and to continue to monitor the PSIRT blog for continuous updates as they become available.

We have the industry's most extensive capabilities, expertise and technologies to mitigate vulnerabilities, from chips, to operating systems, encryption, databases and applications, to one of the world's largest commercial cybersecurity businesses, which monitors 35B events per day for clients, and the industry's preeminent Research team. All are available to help you manage this situation.

In response to the disclosure of vulnerabilities in CPU Architecture disclosed by Google’s Project Zero team, the IBM X-Force has raised the current internet threat level to AlertCon 2.

The vulnerabilities, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, involve an architectural feature built into CPUs to enhance system performance.

An X-Force Exchange collection has been created to track this situation and additional information will be provided as X-Force continues to research these vulnerabilities. The current threat level will also continue to be evaluated and will be updated as the situation plays out.

You may use the dW Answers forum for any other questions related to this vulnerability. Post your question using the tag CPUVulnerability at https://developer.ibm.com/answers/topics/CPUVulnerability/

PSIRT blog - Potential CPU Security Issue
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/

IBM X-Force Exchange: Central Processor Unit CPU Architectural Design Flaws
https://exchange.xforce.ibmcloud.com/collection/Central-Processor-Unit-CPU-Architectural-Design-Flaws-c422fb7c4f08a679812cf1190db15441

QRadar Support Flash: QRadar Meltdown/Spectre CVEs support considerations
http://www.ibm.com/support/docview.wss?uid=swg22012578

Security Bulletin: IBM Security Guardium has released patch in response to the vulnerability known as Spectre
http://www.ibm.com/support/docview.wss?uid=swg22013322

Google Security blog: Today's CPU vulnerability: what you need to know
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Cross reference information
Segment Product Component Platform Version Edition
Security i2 Analyst's Notebook
Security i2 Analyst's Notebook Premium
Security i2 Analyze
Security i2 Enterprise Insight Analysis
Security i2 iBase
Security IBM BigFix family
Security IBM BigFix Inventory
Security IBM BigFix Platform
Security IBM Intelligent Video Analytics
Security IBM QRadar Network Security
Security IBM SecureWay Firewall
Security IBM Security Access Manager for Mobile
Security IBM Security Access Manager for Web
Security IBM Security Directory Integrator
Security IBM Security Directory Server
Security IBM Security Guardium
Security IBM Security Identity and Access Manager
Security IBM Security Identity Governance and Intelligence
Security IBM Security Identity Manager
Security IBM Security Key Lifecycle Manager
Security IBM Security Network Intrusion Prevention System
Security IBM Security Network Protection
Security IBM Security QRadar Risk Manager
Security IBM Security QRadar SIEM
Security IBM Security QRadar Vulnerability Manager
Security IBM Security SiteProtector System
Security IBM Security zSecure Admin
Security IBM Security zSecure Alert
Security IBM Security zSecure Audit

Document information

More support for: IBM Security Access Manager

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 2012320

Modified date: 28 February 2018