ISN 2019-03: Zombieload, RIDL, Fallout

Overview

Score: Low

A security issue affects Intel-based devices running the following IGEL software products:

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Windows 10 Enterprise IoT

Details

Several vulnerabilities (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091) affect the speculative execution features of Intel microprocessors. They can enable an attacker’s code to read data from other parts of the processor, which by design should be inaccessible to it. In principle, this would allow stealing information from a different process, user or virtual machine.

However, IGEL operating systems do not run virtual machines, do not support multi-user operation and do only run preinstalled code from a read-only file system. Therefore, the impact on IGEL operating systems is low.


Update Instructions

IGEL is preparing IGEL OS 11, IGEL OS 10 and IGEL W10 firmware versions with security fixes. This ISN will be updated to inform customers when these versions become available.

IGEL W10        4.04.100 (upcoming)

IGEL OS 10     10.06.100 (upcoming)

IGEL OS 11     11.02.100 (upcoming)

Last update: May 23, 2019