blob: 2d25521653deeb917351858e03ef27279e87eb2c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
---
breadcrumbs:
- - /chromium-os
- Chromium OS
page_name: containers-update
title: L1TF on Chrome OS (a.k.a. Foreshadow & CVE-2018-3646)
---
# Vulnerability Description
Software running in a virtualized operating system may exploit a bug in the
Extended Page Tables implementation to read arbitrary physical memory. This
allows guest operating systems to access memory contents belonging to the host
OS that are meant to be protected from access. This may allow malicious guests
to steal sensitive data from other applications running on the machine.
# Chrome OS response
The vast majority of Chrome OS users are unaffected given that Chrome OS
currently only uses virtualization for running Linux App Containers (aka
Termina), which is under development and only available in Beta, Dev, and Canary
update channels of Chrome OS. Users who don't use the Linux App Containers
feature don't need to take action at this point.
Chrome OS will not release the Linux apps for Chrome OS feature to the stable
channel before September, at which point users will have received the necessary
mitigations in Chrome OS 69 via auto-updates. No further action by stable
channel users are expected to be necessary. Beta, Dev, and Canary channel users
will receive fixes as soon as possible now that public patches are available.
Beta, Dev, and Canary users concerned about the attack in the meantime may
temporarily stop using Linux App Containers.
# Affected devices and Patch Status
Chrome OS devices with Core Intel CPUs running virtual machines are affected.
All listed devices have fixes in Dev, Canary, Beta and Stable builds.
* Google Pixelbook
* HP Chromebox G2
* Samsung Chromebook Plus (V2)
* Acer Chromebox CXI3
* HP Chromebook x2
* ASUS Chromebox 3
* ViewSonic NMP660 Chromebox
* CTL Chromebox CBx1
* Toshiba Chromebook 2 (2015 Edition)
* Acer Chromebook 11 (C740)
* Acer Chromebox CXI2
* Acer Chromebook 15 (C910 / CB5-571)
* Acer Chromebox CXI3
* Dell Chromebook 11
For code names, see our [main device
page](/chromium-os/developer-information-for-chrome-os-devices).
|
