Skip to main content
Skip table of contents

ISN 2019-03: Zombieload, RIDL, Fallout

Announced 22 May 2019

Score: Low

A security issue affects Intel-based devices running the following IGEL software products:

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Windows 10 Enterprise IoT

Details

Several vulnerabilities (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091) affect the speculative execution features of Intel microprocessors. They can enable an attacker’s code to read data from other parts of the processor, which by design should be inaccessible to it. In principle, this would allow stealing information from a different process, user or virtual machine.

However, IGEL operating systems do not run virtual machines, do not support multi-user operation and do only run preinstalled code from a read-only file system. Therefore, the impact on IGEL operating systems is low.

Update Instructions

IGEL is preparing IGEL OS 11, IGEL OS 10 and IGEL W10 firmware versions with security fixes. This ISN will be updated to inform customers when these versions become available.

IGEL W10        4.04.100 (upcoming)

IGEL OS 10     10.06.100 (upcoming)

IGEL OS 11     11.02.100 (upcoming)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.