弊社のウェブページの改善のためにクッキーを使用しています。弊社のクッキーポリシーをお読みください。

Synology-SA-18:01 Meltdown and Spectre Attacks

Publish Time: 2018-01-04 13:36:12 UTC+8

Last Updated: 2018-10-16 17:07:33 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

These vulnerabilities allow local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and VisualStation running on an Intel or Arm CPU, even if in Virtual Machine Manager.

Synology rates the overall severity as Moderate because these vulnerabilities can only be exploited via local malicious programs. To secure customers' products against the attacks, we recommend you only install trusted packages.

Regarding Spectre & Meltdown Checker, Synology implements array_index_mask_nospec, minimal ASM retpoline, and Kernel Page Table Isolation (KPTI) to mitigate the vulnerabilities for DSM. Synology will release a software update to address CVE-2017-5715 by implementing Indirect Branch Prediction Barrier (IBPB).

Our customers can mitigate the vulnerabilities in both DSM and SRM by upgrading to 6.2-23739-2 and 1.1.7-6941-1, respectively.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 [1] Moderate Upgrade to 6.2-23739-2 or above. [6]
DSM 6.1 [2] Moderate Upgrade to 6.2-23739-2 or above.
DSM 6.0 [3] Moderate Upgrade to 6.2-23739-2 or above.
DSM 5.2 [4] Moderate Upgrade to 6.2-23739-2 or above.
SkyNAS Moderate Ongoing
SRM 1.1 [5] Moderate Upgrade to 1.1.7-6941-1 or above. [7]
VS960HD Moderate Ongoing
VS360HD Moderate Ongoing
Virtual Machine Manager Moderate Ongoing

[1] DS918+, DS418play, DS718+, DS218+, FS1018, DS3018xs, FS3017, RS3617xs, DS1817+, DS1517+, RS2416RP+, RS2416+, RS18016xs+, DS916+, DS416play, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS218j, DS1517, DS1817, DS116, DS416slim, RS217, RS816, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216, NVR1218, FS2017, RS4017xs+, RS3617xs+, RS3617RPxs, RS18017xs+, DS3617xs, RS1219+, RS818+, RS818rp+, DS1618+, RS2418+, RS2418rp+, RS3618xs, Virtual DSM

[2] DS918+, DS418play, DS718+, DS218+, FS1018, DS3018xs, FS3017, RS3617xs, DS1817+, DS1517+, RS2416RP+, RS2416+, RS18016xs+, DS916+, DS416play, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS218j, DS1517, DS1817, DS116, DS416slim, RS217, RS816, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216, NVR1218, FS2017, RS4017xs+, RS3617xs+, RS3617RPxs, RS18017xs+, DS3617xs, RS818+, RS818rp+, DS1618+, RS2418+, RS2418rp+, RS3618xs, Virtual DSM

[3] FS3017, RS3617xs, RS2416RP+, RS2416+, RS18016xs+, DS916+, DS416play, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS116, DS416slim, RS217, RS816, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216, RS4017xs+, RS3617xs+, RS3617RPxs, RS18017xs+, DS3617xs

[4] RS2416RP+, RS2416+, RS18016xs+, DS716+, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS3413xs+, RS10613xs+, DS3612xs, RS3412xs, RS3412RPxs, DS3611xs, RS3411xs, RS3411RPxs, DS115, DS215j, DS216, DS216j, DS416j, DS414j, DS216play, DS215+, DS416, DS1515, DS2015xs, DS715, NVR216

[5] RT1900ac, RT2600ac

The released fix is available for the affected models listed below.

[6] DS415+, RS815RP+, RS815+, DS1515+, DS1815+, DS1517+, DS1817+, DS2415+, RS2416RP+, RS2416+, RS818RP+, RS818+, RS1219+, DS216+, DS216+II, DS716+, DS716+II, DS416play, DS916+, DS418play, DS218+, DS718+, DS918+, DS1618+, RS2418RP+, RS2418+, RS2818RP+, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, RS3617RPxs, RS3617xs+, DS3617xs, DS3018xs, RS4017xs+, RS18017xs+, RS3618xs, FS1018, FS2017, FS3017, Virtual DSM

[7] RT2600ac

Mitigation

None

Detail

  • CVE-2017-5715

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
  • CVE-2017-5753

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
  • CVE-2017-5754

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Reference

Revision History

Revision Date Description
1 2018-01-04 Initial public release.
2 2018-01-04 Updated affected models of ARM-series DiskStation in Affected Products.
3 2018-01-04 - Updated Abstract.
- Added SRM 1.1 to Affected Products.
- Added VisualStation to Affected Products.
- Updated affected models of Virtual DSM in Affected Products.
4 2018-01-05 Updated affected models of Intel Broadwell-DE series in Affected Products.
5 2018-01-05 Updated Abstract.
6 2018-01-08 Updated Detail and Reference.
7 2018-01-09 Updated Affected Products and Detail.
8 2018-01-09 Updated Abstract and Mitigation.
9 2018-10-16 Updated Abstract and Affected Products.