Bounds Check Bypass Store (BCBS) Vulnerability (INTEL-OSS-10002)

Documentation

Product Information & Documentation

000029382

12/06/2018

Protecting our customers’ data and ensuring the security of our products is a top priority for Intel, and we'll continue to work with customers, partners, and researchers to understand and mitigate any vulnerabilities that are identified. 

Background

On January 3, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems. See Facts about Security Research and Intel® Products for more information.

New information

On July 10, 2018, additional research disclosed related variations of these methods. This issue, Bounds Check Bypass Store, is a sub-variant of variant 1 and is mitigated in the same manner as variant 1 – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. Mitigation of this issue does not require a processor microcode update.

Most modern operating systems are impacted. 

End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical. 

Intel has been working in a coordinated manner with the software development community and posted a whitepaper with guidance on how to mitigate Bounds Check Bypass Store. See the whitepaper.

Further details regarding Bounds Check Bypass Store (BCBS) are available in the whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities.

Reach out directly to your OS vendors regarding software updates or questions related to your operating systems. If additional assistance/support is needed, you may contact Intel Customer Support. Refer to Bounds Check Bypass Store or Intel-OSS-10002 when submitting a ticket to Intel.