Central Processor Unit (CPU) Architectural Design Flaws
IBM Security X-Force is aware of the CPU vulnerability disclosed by Google. In response to the disclosure of vulnerabilities, the IBM X-Force has raised the current internet threat level to AlertCon 2.
IBM has been made aware of the CPU vulnerability disclosed by Google and is working across the ecosystem on remediations. The most immediate action you can take to protect yourself is to prevent execution of unauthorized software on any system that handles sensitive data and to continue to monitor the PSIRT blog for continuous updates as they become available.
We have the industry's most extensive capabilities, expertise and technologies to mitigate vulnerabilities, from chips, to operating systems, encryption, databases and applications, to one of the world's largest commercial cybersecurity businesses, which monitors 35B events per day for clients, and the industry's preeminent Research team. All are available to help you manage this situation.
In response to the disclosure of vulnerabilities in CPU Architecture disclosed by Google’s Project Zero team, the IBM X-Force has raised the current internet threat level to AlertCon 2.
The vulnerabilities, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, involve an architectural feature built into CPUs to enhance system performance.
An X-Force Exchange collection has been created to track this situation and additional information will be provided as X-Force continues to research these vulnerabilities. The current threat level will also continue to be evaluated and will be updated as the situation plays out.
You may use the dW Answers forum for any other questions related to this vulnerability. Post your question using the tag CPUVulnerability at https://developer.ibm.com/answers/topics/CPUVulnerability/
PSIRT blog - Potential CPU Security Issue
IBM X-Force Exchange: Central Processor Unit CPU Architectural Design Flaws
QRadar Support Flash: QRadar Meltdown/Spectre CVEs support considerations
Security Bulletin: IBM Security Guardium has released patch in response to the vulnerability known as Spectre
Google Security blog: Today's CPU vulnerability: what you need to know
|Security||i2 Analyst's Notebook|
|Security||i2 Analyst's Notebook Premium|
|Security||i2 Enterprise Insight Analysis|
|Security||IBM BigFix family|
|Security||IBM BigFix Inventory|
|Security||IBM BigFix Platform|
|Security||IBM Intelligent Video Analytics|
|Security||IBM QRadar Network Security|
|Security||IBM SecureWay Firewall|
|Security||IBM Security Access Manager for Mobile|
|Security||IBM Security Access Manager for Web|
|Security||IBM Security Directory Integrator|
|Security||IBM Security Directory Server|
|Security||IBM Security Guardium|
|Security||IBM Security Identity and Access Manager|
|Security||IBM Security Identity Governance and Intelligence|
|Security||IBM Security Identity Manager|
|Security||IBM Security Key Lifecycle Manager|
|Security||IBM Security Network Intrusion Prevention System|
|Security||IBM Security Network Protection|
|Security||IBM Security QRadar Risk Manager|
|Security||IBM Security QRadar SIEM|
|Security||IBM Security QRadar Vulnerability Manager|
|Security||IBM Security SiteProtector System|
|Security||IBM Security zSecure Admin|
|Security||IBM Security zSecure Alert|
|Security||IBM Security zSecure Audit|
More support for:
IBM Security Access Manager
Software version: Version Independent
Operating system(s): Platform Independent
Reference #: 2012320
Modified date: 28 February 2018