发布者认证信息(营业执照和身份证)未完善,请登录后完善信息登录
总算理解云安全日报201225:华为云服务等相关产品发现信息泄露漏洞,需要尽快升级
总算理解云安全日报201225:华为云服务等相关产品发现信息泄露漏洞,需要尽快升级

总算理解云安全日报201225:华为云服务等相关产品发现信息泄露漏洞,需要尽快升级

作者:yhttedit   2021-11-18 06:24:44  点击:19

详情

英特尔和安全研究人员先前公开披露了三个新的cpu侧通道漏洞(CVE-2018-3615,CVE-2018-3620和CVE-2018-3646)。成功利用这些漏洞可能使本地攻击者可以在特定情况下读取其他进程的内存。研究人员将这些漏洞命名为“ Foreshadow”和“ Foreshadow-NG”。它们在业界也被称为L1终端故障(L1TF)。

12月23日,华为发布了安全更新,修复了旗下云服务等相关产品中存在的信息泄露漏洞.以下是漏洞详情:

漏洞详情

来源:/en/psirt/security-advisories/huawei-sa--01-cpu-en

CVE-2018-3615,CVE-2018-3620,CVE-2018-36464  漏洞级别:重要

具有利用推测性执行和地址转换的微处理器的系统可以允许通过终端页面错误和副信道分析通过本地用户访问而将L1数据高速缓存中存在的信息未经授权地泄露给攻击者。

受影响产品,版本及修复方案

  产品名称

受影响版本

         修复版本

1288H V5

Versions earlier than V100R005C00SPC117 (BIOS V081)

V100R005C00SPC117 (BIOS V081)

2288H V5

Versions earlier than V100R005C00SPC117 (BIOS V081)

V100R005C00SPC117 (BIOS V081)

Agile Controller-Campus

V100R001C00

V100R003C30SPC100

V100R002C00

V100R002C10

BH620 V2

Versions earlier than V100R002C00SPC302 (BIOS V370)

V100R002C00SPC302(BIOS V370)

BH621 V2

Versions earlier than V100R002C00SPC301 (BIOS V370)

V100R002C00SPC301 (BIOS V370)

BH622 V2

Versions earlier than V100R002C00SPC309 (BIOS V521)

V100R002C00SPC309 (BIOS V521)

BH640 V2

Versions earlier than V100R002C00SPC307 (BIOS V521)

V100R002C00SPC307 (BIOS V521)

CH242 V3

Versions earlier than V100R001C00SPC331 (BIOS V358)

V100R001C00SPC331 (BIOS V358)

EulerOS

V200R007C00

V200R007C00SPC200

FusionCube

V100R002C02

V100R002C30

V100R002C70

FusionSphere OpenStack

V100R006C00RC3B036

V100R006C30SPC100

V100R006C10SPC112

UVP KVM

GTSOFTX3000

V200R002C20

V200R002C20SPC600

HUAWEI MateBook X Pro (MACH-W19/ MACH-W29)

Versions earlier than BIOS

BIOS

RH1288 V2

Versions earlier than V100R002C00SPC640 (BIOS 520)

V100R002C00SPC640 (BIOS 520)

RH1288A V2

Versions earlier than V100R002C00SPC710 (BIOS V521)

V100R002C00SPC710 (BIOS V521)

RH2265 V2

Versions earlier than V100R002C00SPC510 (BIOS V519)

V100R002C00SPC510 (BIOS V519)

RH2268 V2

Versions earlier than V100R002C00SPC609 (BIOS V519)

V100R002C00SPC609 (BIOS V519)

RH2285 V2

Versions earlier than V100R002C00SPC511 (BIOS V521)

V100R002C00SPC511 (BIOS V521)

RH2285H V2

Versions earlier than V100R002C00SPC511 (BIOS V521)

V100R002C00SPC511 (BIOS V521)

RH2288 V2

Versions earlier than V100R002C00SPC610 (BIOS 520)

V100R002C00SPC610 (BIOS 520)

RH2288A V2

Versions earlier than V100R002C00SPC710  (BIOS V521)

V100R002C00SPC710  (BIOS V521)

RH2288E V2

Versions earlier than V100R002C00SPC302 (BIOS V519)

V100R002C00SPC302 (BIOS V519)

RH2288H V2

Versions earlier than V100R002C00SPC620 (BIOS 520)

V100R002C00SPC620 (BIOS 520)

RH2485 V2

Versions earlier than V100R002C00SPC713 (BIOS V521)

V100R002C00SPC713 (BIOS V521)

V500R002C00

V600R006C10SPC800

UC Audio Recorder

V100R001C01

eSpace Audio Recorder V100R001C01SPC100

V100R001C02

eSpace Audio Recorder V100R001C02SPC300

VP9630

V600R006C10

V600R019C00

VP9660

V600R006C10

V600R019C00

eLog

V200R003C10

V200R005C00SPC208

V200R003C20

eSpace U2980

V100R001C01

V100R001C10SPC601

V100R001C02

V100R001C10

V200R003C00

eSpace UMS

V200R002C00

V200R002C00SPC300

iManager NetEco

V600R007C00

iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260

V600R007C10

V600R007C11

V600R007C12

V600R007C20

V600R007C30

V600R007C40

V600R007C50

V600R007C60

V600R008C00

V600R008C10

V600R008C20

V600R008C30

iManager NetEco 6000

V600R007C40

iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260

V600R007C60

V600R007C80

V600R007C90

V600R008C00

 

客户应联系华为技术支持中心(Huawei TAC)请求升级。有关TAC的联系信息,请访问华为全球网站/cn/psirt/report-vulnerabilities。

查看更多漏洞信息 以及升级请访问官网:

/en/psirt/all-bulletins

相关分类
分类列表
请在电脑上注册登陆
请在电脑上注册登陆 网址:https://www.zxb2b.com/