ISN 2019-03: Zombieload, RIDL, Fallout
Announced 22 May 2019
Score: Low
A security issue affects Intel-based devices running the following IGEL software products:
- IGEL OS 11
- IGEL OS 10
- IGEL Windows 10 Enterprise IoT
Details
Several vulnerabilities (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091) affect the speculative execution features of Intel microprocessors. They can enable an attacker’s code to read data from other parts of the processor, which by design should be inaccessible to it. In principle, this would allow stealing information from a different process, user or virtual machine.
However, IGEL operating systems do not run virtual machines, do not support multi-user operation and do only run preinstalled code from a read-only file system. Therefore, the impact on IGEL operating systems is low.
Update Instructions
IGEL is preparing IGEL OS 11, IGEL OS 10 and IGEL W10 firmware versions with security fixes. This ISN will be updated to inform customers when these versions become available.
IGEL W10 4.04.100 (upcoming)
IGEL OS 10 10.06.100 (upcoming)
IGEL OS 11 11.02.100 (upcoming)