Summary:

Many modern processors are susceptible to a group of vulnerabilities which are referred to as Meltdown and Spectre.  These vulnerabilities allow unprivileged attackers to abuse CPU data cache timing to leak information out of speculated execution, potentially leading to the arbitrary read of virtual memory across local security boundaries via targeted attacks.  This advisory will be updated as additional information becomes available.


Impact:

Successful exploitation of these vulnerabilities allows unprivileged attackers to abuse CPU data cache timing to leak information out of speculated execution, potentially leading to the arbitrary read of virtual memory across local security boundaries via targeted attacks.  These attacks require the ability to run malicious code directly on the target system.


IronKey EMS Cloud:

IronKey EMS Cloud does not provide mechanisms or allow anyone outside DataLocker Web Operations Administrators to run third-party code.  Additionally, IronKey EMS Cloud runs on private equipment and infrastructure protected against process-to-kernel or process-to-process attacks.  Therefore, IronKey EMS Cloud is not at risk for Meltdown or Spectre attacks.


IronKey EMS On-Prem:

Unlike a general-purpose operating system, IronKey EMS On-Prem does not provide mechanisms to run third-party code.  Due to this behavior, IronKey EMS On-Prem is not affected by either the Spectre or Meltdown attacks.


While IronKey EMS On-Prem is not directly affected by these attacks, these attacks may be possible against the utilized hyper-visor platform.  DataLocker recommends working with your hyper-visor and cloud platform vendors to ensure that your IronKey EMS On-Prem product is running on a secure and patched platform.