Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) vulnverabiltieis and the Portal - any action needed?

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Performance Manager Portal


    COMPONENT:

    BMC PM Portal


    APPLIES TO:

    BMC Performance Manager Portal 2.9.+



    QUESTION:

    Two major vulnerabilities (known as Meltdown, CVE-2017-5754, and Spectre, CVE-2017-5753 & CVE-2017-5715) have been revealed that affect almost all modern CPUs on January 3, 2018. Meltdown allows any application to access all system memory, including memory allocated for the kernel.  Spectre allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel.  The vulnerabilities are known to be exploitable on servers, workstations, mobile devices, IoT environments, and browsers.


    ANSWER:

     

       
                                         
                                                                     
                
                BMC is aware of these vulnerabilities, and have been working closely with our vendors and product teams to address them on applicable systems and products as soon as patches are available, and in accordance with BMC customer support process.  BMC will continue to closely monitor this evolving situation, and will provide additional details and maintenance notifications, as needed.           
       
      
      
       
                                                
    Answer                                                                 
                
                OS & hardware vendors will be the ones handling patches/microcode/firmware for this, not BMC.

    As of the time of this writing, no code fix has been provided by those vendors. 
    For the latest news, check here:

    https://communities.bmc.com/blogs/application-security-news/2018/01/11/update-cpu-vulnerabilities-meltdown-cve-2017-5754-and-spectre-cve-2017-5753-cve-2017-5715
              
       
      

     


    Article Number:

    000148761


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles