Synology-SA-18:23 Speculative Store Bypass
Publish Time: 2018-05-22 14:39:53 UTC+8
Last Updated: 2020-02-21 21:18:14 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
These vulnerabilities allow local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel or ARM CPU.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2[1] | Moderate | Upgrade to 6.2.2-24922 or above. |
| DSM 6.1[2] | Moderate | Upgrade to 6.2.2-24922 or above. |
| DSM 6.0[3] | Moderate | Upgrade to 6.2.2-24922 or above. |
| DSM 5.2[4] | Moderate | Upgrade to 6.2.2-24922 or above. |
| Sky NAS | Moderate | Will not fix |
[1] DS418play, DS218+, DS718+, DS918+, DS1618+, RS2418+, RS2418RP+, DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS1517, DS1817, DS416, DS215+, Virtual DSM
[2] DS418play, DS218+, DS718+, DS918+, DS1618+, RS2418+, RS2418RP+, DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS1517, DS1817, DS416, DS215+, Virtual DSM
[3] DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS416, DS215+, Virtual DSM
[4] DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3614RPxs, DS3615xs, DS2015xs, DS1515, DS715, DS416, DS215+
Mitigation
None
Detail
CVE-2018-3639
- Severity: Moderate
- CVSS3 Base Score: 5.6
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-3640
- Severity: Low
- CVSS3 Base Score: 2.8
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
- Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Reference
- CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
- Side-Channel Vulnerability Variants 3a and 4
- INTEL-SA-00115
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-05-22 | Initial public release. |
| 2 | 2019-12-24 | Disclosed vulnerability details. |
| 3 | 2020-02-21 | Update for DSM 6.2 is now available in Affected Products. |