Synology-SA-18:23 Speculative Store Bypass

Publish Time: 2018-05-22 14:39:53 UTC+8

Last Updated: 2020-02-21 21:18:14 UTC+8

Severity
Moderate
Status
Resolved

Abstract

These vulnerabilities allow local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel or ARM CPU.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2[1] Moderate Upgrade to 6.2.2-24922 or above.
DSM 6.1[2] Moderate Upgrade to 6.2.2-24922 or above.
DSM 6.0[3] Moderate Upgrade to 6.2.2-24922 or above.
DSM 5.2[4] Moderate Upgrade to 6.2.2-24922 or above.
Sky NAS Moderate Will not fix

[1] DS418play, DS218+, DS718+, DS918+, DS1618+, RS2418+, RS2418RP+, DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS1517, DS1817, DS416, DS215+, Virtual DSM

[2] DS418play, DS218+, DS718+, DS918+, DS1618+, RS2418+, RS2418RP+, DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS1517, DS1817, DS416, DS215+, Virtual DSM

[3] DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, DS3615xs, FS3017, DS2015xs, DS1515, DS715, DS416, DS215+, Virtual DSM

[4] DS3611xs, DS3612xs, RS3411RPxs, RS3412RPxs, DS3413xs+, RS10613xs+, RS3614xs+, RS18015xs+, RS18016xs+, RS3614RPxs, DS3615xs, DS2015xs, DS1515, DS715, DS416, DS215+

Mitigation

None

Detail

  • CVE-2018-3639

    • Severity: Moderate
    • CVSS3 Base Score: 5.6
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
  • CVE-2018-3640

    • Severity: Low
    • CVSS3 Base Score: 2.8
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Reference

Revision

Revision Date Description
1 2018-05-22 Initial public release.
2 2019-12-24 Disclosed vulnerability details.
3 2020-02-21 Update for DSM 6.2 is now available in Affected Products.