Wiwynn Statement on CPU Hardware Vulnerable to Speculative Store Bypass Attacks (INTEL SA-00115)
Wiwynn believe strongly in the value of coordinated disclosure and routinely work with Intel and others in the industry to understand and mitigate any issues that are identified. As is our typical process, we provide details on potential issues and the appropriate solutions, as mitigations are made available.
Wiwynn have been notified about an industry-wide potential security issue consisted of two variants, CVE-2018-3639 (Variant 4) and CVE-2018-3640 (Variant 3a). They are derivatives of the side channel security issue which was disclosed by Google Project Zero in January.
The security vulnerabilities affected Wiwynn’s Intel-based servers. Mitigations will occur through updates to Operating System (OS), Virtual Machine Manager (VMM) and firmware. Wiwynn have been working closely with Intel for the appropriate mitigations and will release updated BIOS following Intel’s microcode update schedule. More updates will continue to roll out over the next few weeks. Customers can contact firstname.lastname@example.org for further supports.
In the meantime, we highly recommend customers also consult with operating system vendors for OS upgrade and allocate resources for required validation.
External references for more details:
Back to List