The H3C Technical Solution Bulletin for Speculative Store Bypass (Variant 4) Security Vulnerability(CVE-2018-3639)

 

Background

On May 21. 2018, the vulnerability was disclosed, referred to as Speculative Store Bypass (SSB) or Variant 4. While this vulnerability shares many similarities with the recently disclosed Side-Channel Analysis Method , also known as Spectre and Meltdown, this is a new vulnerability requiring new and unique mitigations. Like the other variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. The Speculative Store Bypass or Variant 4 vulnerability impacts microprocessor architectures from multiple CPU vendors, including Intel and AMD. The vulnerability numbers is CVE-2018-3639.

Impact

An attack that exploits the vulnerability requires malicious code to run on the system.

H3C Products

H3C R&D team quickly investigated the H3C products after the vulnerabilities were publicly disclosed.

We found below products are in impact scope:

l IMC

l SDN products

l Storage products

l H3C Server products

Solution for H3C Products

For product solutions, please contact H3C Service Hotline: +852 2907 0456 or email: service_hk@h3c.com.