AAEON Security Announcement

2018-01-31

Meltdown & Spectre – Intel Side-Channel Vulnerability

Overview

The Intel Security Center recently announced that computing devices fitted with microprocessors that make use of speculative execution and indirect branch prediction processes could allow attackers with local user access via side-channel analysis to gain unauthorized disclosure of information. Such attacks are also known as “Meltdown and Spectre.”

We want to assure our customers that we are following this issue, and our engineers are actively working with our partners to mitigate the risk of data theft and provide a permanent solution. Customers should also be aware that AAEON has not received any information to indicate that these vulnerabilities have been used as part of any real-world attacks.

AAEON Guidelines

Software developers have already designed patches and updates that tackle Meltdown and Spectre, and AAEON recommends that you investigate measures put forward by both Microsoft and open source communities.

1. Microsoft’s Security TechCenter has recommended that customers install the January 2018 Windows security updates to guard against the following vulnerabilities related to speculative execution side-channel attacks:

  • CVE-2017-5753 - Bounds check bypass
  • CVE-2017-5715 - Branch target injection
  • CVE-2017-5754 - Rogue data cache load

For more information, visit the Security TechCenter
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Open source communities have developed patches for protection against Meltdown and Spectre. For more information, visit the following links
https://github.com/hannob/meltdownspectre-patches
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

2. AAEON is working closely with Intel and our BIOS vendor to update its firmware. Please contact your AAEON representative to access your firmware.

3. To protect yourself against all forms of malware, we also advise you to always follow safe computing practices, including:

  • Installing firmware, driver, and security software updates whenever available
  • Implementing both hardware and software firewalls
  • Never installing software or programs you're not familiar with
  • Avoiding websites you're not familiar with
  • Never using the same password on multiple websites
  • Following guidelines to set strong passwords

Unaffected Products

AAEON engineers have verified that the following products are unaffected by this issue:

  • ACP-1103
  • AEC-6612
  • AEC-6613
  • AEC-6940
  • AHP-2153
  • AIOT-X1000
  • GENE-CV05
  • PICO-CV01
  • PFM-CVS

Additional information about unaffected products can be found in the table below.

Product family (titles use former Intel codenames) Processors that may be used in this family
AAEON Pineview product family https://ark.intel.com/products/codename/32201/Pineview#@embedded
AAEON Cedarview product family https://ark.intel.com/products/codename/37505/Cedarview#@embedded

Affected Products

Based on Intel’s findings and work carried out by AAEON engineers, we are able to present a clear outline of our product range, detailing which product families are affected by this issue and when we expect to release firmware to safeguard other products against this vulnerability. Customers should be aware that the dates given are provisional and could be changed as new developments occur.

Product family (many titles use former Intel codenames) Product series / processors that may be used in this family Vulnerable to side-channel attacks Firmware schedule
AAEON UP family UP series, UP2 series Yes 9-Feb
AAEON Apollo Lake product family https://ark.intel.com/products/codename/80644/Apollo-Lake#@embedded Yes 9-Feb
AAEON Braswell product family https://ark.intel.com/products/codename/66094/Braswell#@embedded Yes Q1
AAEON Bay Trail product family https://ark.intel.com/products/codename/55844/Bay-Trail#@embedded Yes Q1
AAEON Kaby Lake product family https://ark.intel.com/products/codename/82879/Kaby-Lake#@embedded Yes Q2*
AAEON Skylake product family https://ark.intel.com/products/codename/37572/Skylake#@embedded Yes Q2*
AAEON Broadwell product family https://ark.intel.com/products/codename/38530/Broadwell#@embedded Yes Q2*
AAEON Haswell product family https://ark.intel.com/products/codename/42174/Haswell#@embedded Yes Q2*
AAEON Ivy Bridge product family https://ark.intel.com/products/codename/29902/Ivy-Bridge#@embedded Yes Q2*
AAEON Sandy Bridge product family https://ark.intel.com/products/codename/29900/Sandy-Bridge#@embedded Yes Q2*
AAEON Arrandale product family https://ark.intel.com/products/codename/32724/Arrandale#@embedded Yes By request
* The schedule may be updated depending on further information from Intel about current sighting issues.

For information about AAEON products not covered in this table, please contact AAEON directly.

For more information about Intel Side-Channel Vulnerability, please refer to Intel’s official announcement page.

Thank you for choosing AAEON boards and systems. We appreciate your custom and want to assure you that we will always be committed to delivering secure computing solutions.