Processor Speculative Execution and Indirect Branch Prediction Vulnerabilities

Overview

Impact

Successful vulnerability exploitation requires the attacker’s ability to run code on the targeted machine.

HIPswitch & Conductor

HIPswitch and Conductor are purpose-built systems that do not allow remote or local system login, execution/installation of arbitrary code, nor the addition of operating system users. This design does not expose them to Spectre and Meltdown attacks.

HIPApps

HIPclient and HIPserver are exposed to Spectre and Meltdown vulnerabilities through the hardware they are installed on. Work with your operating system and hardware vendors to receive the appropriate mitigation software and/or microcode.

Virtual HIPswitches & Conductor

Virtualized HIPswitch, Virtualized Conductor, and Cloud HIPswitch are vulnerable to Spectre and Meltdown through the hypervisor hardware which hosts them. Work with your hypervisor, cloud, and/or hardware vendors to receive the appropriate mitigation software and microcode.

Affected Products

• None directly
• HIPapps and Virtuals via the host hardware

Remediation

• HIPswitch and Conductor – none
• HIPapps and Virutals: Mitigation updates for the host operating system and/or hardware microcode

References

• https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
• https://spectreattack.com/