Synology-SA-18:01 Meltdown and Spectre Attacks

Publish Time: 2018-01-04 13:36:12 UTC+8

Last Updated: 2018-01-09 18:00:16 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

These vulnerabilities allow local users to conduct privilege escalation attacks or obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) or VisualStation that are equipped with Intel or ARM CPU.

Synology rates the overall severity as Moderate because these vulnerabilities can only be exploited via local malicious programs. To secure DSM / SRM / VisualStation against the attacks, we suggest our customers only install trusted packages.

Synology will release a software update to address CVE-2017-5715 for models that use Intel processors and continue to investigate the impact of the other two vulnerabilities. Information will be updated accordingly for this advisory.

Affected Products

Product Severity Fixed Release Availability
DSM 6.1* Moderate Ongoing
DSM 6.0** Moderate Ongoing
DSM 5.2*** Moderate Ongoing
SRM 1.1**** Moderate Ongoing
VisualStation***** Moderate Ongoing

* DS918+, DS418play, DS718+, DS218+, FS1018, DS3018xs, FS3017, RS3617xs, DS1817+, DS1517+, RS2416RP+, RS2416+, RS18016xs+, DS916+, DS416play, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS218j, DS1517, DS1817, DS116, DS416slim, RS217, RS816, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, Virtual DSM, NVR216, NVR1218, FS2017, RS4017xs+, RS3617xs+, RS3617RPxs, RS18017xs+, DS3617xs

** FS3017, RS3617xs, RS2416RP+, RS2416+, RS18016xs+, DS916+, DS416play, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS116, DS416slim, RS217, RS816, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216, RS4017xs+, RS3617xs+, RS3617RPxs, RS18017xs+, DS3617xs

*** RS2416RP+, RS2416+, RS18016xs+, DS716+, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216

**** RT1900ac

***** VS960HD, VS360HD

Mitigation

If you need immediate assistance, please contact security@synology.com.

Detail

  • CVE-2017-5715

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
  • CVE-2017-5753

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
  • CVE-2017-5754

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Reference

Revision History

Revision Date Description
1 2018-01-04 Initial public release.
2 2018-01-04 Updated affected models of ARM-series DiskStation in Affected Products.
3 2018-01-04 - Updated Abstract.
- Added SRM 1.1 to Affected Products.
- Added VisualStation to Affected Produts.
- Updated affected models of Virtual DSM in Affected Products.
4 2018-01-05 Updated affected models of Intel Broadwell-DE series in Affected Products.
5 2018-01-05 Updated Abstract.
6 2018-01-08 Updated Detail and Reference.
7 2018-01-09 Updated Affected Products and Detail.
8 2018-01-09 Updated Abstract and Mitigation.