Spectre / Meltdown Vulnerability Statement
Introduction
Document Number
ENG-010588
Purpose
This document defines the Spectre / Meltdown Vulnerability Statement for Tellabs OLAN.
Applies To
All Tellabs OLAN products, Tellabs 1150, Tellabs 1134, Tellabs 1131.
Vulnerability Description
The Project Zero team at google has released three possible security flaws that are known collectively as Spectre and Meltdown. The three variants are:
- Variant 1: bounds check bypass (CVE-2017-5753)
- Variant 2: branch target injection (CVE-2017-5715)
- Variant 3: rogue data cache load (CVE-2017-5754)
Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at:
Spectre (variants 1 and 2) https://spectreattack.com/spectre.pdf
Meltdown (variant 3) https://meltdownattack.com/meltdown.pdf
At a high level, essentially with sufficient cleverness and a lot of brute force, you can force the processor to speculatively load a particular branch, execute it, then view the cache.
Spectre is a hardware issue and is a problem with the design of the processor and is primarily x86. The issue is that the hardware doesn’t clear the cache when swapping between different executions of speculative branch prediction. If you are very clever, you can read information from the "other side" to snoop on other processes. The process has to be pretty clever to guide the branch prediction to the right state to "leak information. Spectre and Meltdown are variants of this exploit that allow access to protected kernel memory space.
Meltdown is a variant of this, but is a software only variant and a patch has been provided for the Windows OS where it was "detected".
Tested Processors - The following processors were tested by the authors of the vulnerability report.
- Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" in the rest of this document)
- AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" in the rest of this document)
- AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" in the rest of this document)
- An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" in the rest of this document)
Tellabs Vulnerability Statement
The response as it relates to GPON is as follows:
1) The OLT/ONTs are not susceptible to these vulnerabilities as the only software running on the OLT is Tellabs generated software. Unlike a PC where all types of software can be running, Tellabs tightly controls all software on the OLT and we digitally sign each load. No software can run on the OLT that is not digitally signed by our development group. All changes to our software are code inspected before introduction into the load. Our software is regularly scanned for vulnerabilities to ensure none are introduced into the load. So even if we had vulnerable hardware, it is not possible for exploit software to get onto OLT.
2) At this time there is no evidence that Spectre affects PPC variants which is the processor family used on OLAN.
3) The EMS does run on Intel processors, so customers will need to follow the manufacturer and OS guidance on Spectre / Meltdown. There are patches currently for Meltdown for both Windows, and VMWare (if the EMS is virtualized), please note that both the VM and OS must both be patched. Meltdown patches should be applied to machines when they are available. The original guidance for Spectre is selecting a processor that does not have this flaw, but it appears that this is changing. There is reportedly a fix in the works in software for the Spectre issue from Intel, but customers will need to keep themselves informed about this.
Send feedback on this topic to Tellabs.