Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.
The latest reported vulnerabilities, CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, also referred to as Meltdown and Spectre, are being addressed by the Security Response Team. These security vulnerabilities potentially allow for the gathering of sensitive data improperly from computing devices. These exploits could affect a variety of processors from different vendors.
Meltdown and Spectre are tracked under the CVE entries:
We have determined that some Wind River products are impacted, including the following:
- Wind River Linux
- Wind River Pulsar Linux
- Wind River Titanium Cloud (including Titanium Server)
- Wind River Helix CarSync
Customers with questions about vulnerabilities should contact Wind River Customer Support or their local Wind River representative for information regarding a software workaround solution for this vulnerability.
The following is a list of Wind River products impacted by CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 security vulnerabilities (a.k.a. Meltdown and Spectre). For versions of products not listed, please contact Wind River Customer Support or your Wind River sales representative.
We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network.