SECURITY VULNERABILITY RESPONSE INFORMATION

Meltdown and Spectre: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3639, and CVE-2018-3640

Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.

Download the Spectre and Meltdown FAQ

Impacted Products

The Meltdown and Spectre vulnerabilities, CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, as well as recently announced variants, CVE-2018-3639, and CVE-2018-3640, are being addressed by the Security Response Team. These security vulnerabilities potentially allow for the gathering of sensitive data improperly from computing devices. These exploits could affect a variety of processors from different vendors.

Meltdown and Spectre are tracked under the CVE entries:

We have determined that some Wind River products are impacted, including the following:

  • VxWorks
  • Wind River Linux
  • Wind River Pulsar Linux
  • Wind River Titanium Cloud (including Titanium Server)

Customers with questions about vulnerabilities should contact Wind River Customer Support or their local Wind River representative for information regarding a software workaround solution for this vulnerability.

REMEDIATION

The following is a list of Wind River products impacted by CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3639, and CVE-2018-3640 security vulnerabilities (a.k.a. Meltdown and Spectre). For versions of products not listed, please contact Wind River Customer Support or your Wind River sales representative.

Product

Impacted

Versions

Remediation

VxWorks
Yes
6.9, 7, Virtualization Profile
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511457
Wind River Linux
Yes
6, 7, 8, 9, LTS
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511447
Wind River Pulsar Linux
Yes
8
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511447
Wind River Titanium Server
Yes
15, 16
Wind River VxWorks MILS Platform
Yes
3.0.0.1, 3.0 Multi-core Edition
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511457
Wind River VxWorks 653 Platform
Yes
1.8.9.1, 2.1, 2.2, 2.3, 2.4, 2.5, 3.0, 4.0
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511457
VxWorks Cert
Yes
6.6.4.1
Please see the Wind River security notice at https://knowledge.windriver.com/Content_Lookup?id=K-511457
Wind River Simics
No
All
Wind River Helix Device Cloud
No
All
Wind River Helix CarSync
No
All
** You need an account to access the Knowledge Library. If you don't have a valid Knowledge Library account, please contact local customer support.

We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network.

You Can’t Afford a Security Breach

This is just one of the more than 6,000 security vulnerabilities that our Security Response Team analyzes annually, and only one of the more than 1,000 annually for which we have produced a fix and rolled it out to all of our current customers.

Our support and maintenance practices and processes provide the most tangible proof of value when choosing Wind River products.
Learn more about Wind River Security practices at www.windriver.com/products/linux/security.

Customers are urged to keep their support and maintenance contracts current, and to install the latest available updates to their installed products. If you don’t know if your support and maintenance contract is current, make sure to contact your Wind River representative.