Investors Investors >
 
 

Cavium Response to Recent Processor Security Threat Findings

As widely reported recently in the media, Google Project Zero researchers have indicated that in processor systems with speculative execution, malicious applications in user space that have lower access privileges could access privileged memory, including that of the kernel. This attack mechanism has three variants as detailed in the published findings.

Cavium Architects have extensively analyzed the three variants and assessed the vulnerability exposure for our processor cores to attacks based on these threats.  The threat and the response to the three variants differ by microprocessor microarchitecture and are detailed below.  Cavium processors currently in volume production are not susceptible to any of the three variants, including Meltdown which has significant performance impact on other architectures. Due to differences in Cavium's architecture, we believe there is a near zero risk to Cavium processors at this time.

Cavium Processor Product Family

Google Project Zero 'Spectre' Threat Variant 1: Bounds Check Bypass
(CVE-2017-5753)

Google Project Zero 'Spectre' Threat Variant 2: Branch Target Injection (CVE-2017-5715)

Google Project Zero 'Meltdown' Variant 3: Rogue Data Cache Load
(CVE-2017-5754)

OCTEON (MIPS64)

Not impacted

Not impacted

Not impacted

OCTEON TX (ARMv8)

Not impacted

Not impacted

Not impacted

THUNDERX (ARMv8)

Not impacted

Not impacted

Not impacted

THUNDERX2 (ARMv8)
(sampling)

Threat applies – resolved by software patch.  Software updates will be available from Linux Distribution and System Partners

Threat applies – resolved by software patch. Software updates will be available from Linux Distribution and System Partners

Not impacted

Cavium will monitor this regularly and will update this document if and when we have any new findings that affect our processor cores and require mitigation.

Update as of May 21, 2018

On May 21, 2018 Google Project Zero researchers disclosed an additional Security threat that exploits a CPU technology known as memory disambiguation.  This attack mechanism is detailed in this posting.

Cavium Architects have extensively analyzed this variant and have assessed the vulnerability exposure for our processor cores to attacks based on this threat.  The threat and the response to the threat differs by microprocessor microarchitecture and are detailed below.  

Cavium Processor Product Family

Google Project Zero ‘Spectre’ Variant 4: 

Speculative Bypassing of Stores

(CVE-2018-3639)

OCTEON (MIPS64)

Not impacted

OCTEON TX (ARMv8)

Not impacted

THUNDERX (ARMv8)

Not impacted

THUNDERX2 (ARMv8)

 

Threat applies – resolved by software patch.  Software updates will be available from Linux Distribution and System Partners

Cavium will monitor this regularly and will update this document if and when we have any new findings that affect our processor cores and require mitigation.

01/15/2018

All contents are Copyright © 2000 - 2011 Cavium. All rights reserved.