Detections
Analytics

F5 Networks BIG-IP : Lazy FP state restore vulnerability (K21344224)

medium Nessus Plugin ID 118641

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.1.2 / 14.0.0.3 / 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K21344224 advisory.

 System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.(CVE-2018-3665)A Floating-Point (FP) state information leakage flaw was found in the way the Linux kernel saves and restores the FP state during task switch. Linux kernels that follow the Lazy FP Restore scheme are vulnerable to the FP state information leakage issue. An unprivileged, local attacker can use this flaw to read FP state bits by conducting targeted cache side- channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.ImpactThis vulnerability requires an attacker to induce speculative execution of code to acquire privileged information, then leak that information via a micro-architectural side-channel. Intel Core processors are affected. AMD processors are not affected.F5 is investigating the impact of this vulnerability on our products. F5 is focused on providing patched releases as soon as we have fully tested and verified fixes.
 F5 will update this article with the most current information as soon as it is confirmed.BIG-IPThis vulnerability requires an attacker who can provide and run binary code of their choosing on the BIG-IP platform. This raises a high bar for attackers attempting to target BIG-IP systems over a network and would require an additional, un-patched, user-space remote code execution vulnerability to exploit these new issues.The only administrative roles on a BIG-IP system that can execute binary code or exploitable analogs, such as JavaScript, are the Administrator, Resource Administrator, Manager, and iRules Manager roles. The Administrator and Resource Administrator roles already have nearly complete access to the system and all secrets on the system that are not protected by hardware-based encryption. The Manager and iRules Manager roles have access restrictions, but they can install new iRulesLX code. A malicious authorized Manager or iRules Manager can install malicious binary code to exploit these information leaks and gain more privileged access. F5 recommends limiting these roles to trusted employees.To determine the processor type used by each platform and if the platform is affected by thisvulnerability, refer to the following table.Note: In the following table, only one entry is shown for platform models that may have several variants. For example, BIG-IP 11000, BIG-IP 11050, BIG-IP 11050F, and BIG-IP 11050N are allincluded in the table as BIG-IP 110x0. Some platforms may have multiple vendor processors, such as the iSeries platforms, which have one or more Intel Core processors and may have a vulnerable ARM processor in one or more subsystems. F5 does not believe that ARM processors in these subsystems are accessible to attackers, unless some other code-execution vulnerability is present, but the information is being provided out of an abundance of caution.ModelProcessor typeVulnerable to CVE-2018-3665 Lazy FP state restoreVIPRION B21x0IntelN*VIPRION B2250IntelN*VIPRION B4100AMDNVIPRION B4200AMDNVIPRION B43x0IntelN*VIPRION B44x0IntelN*BIG-IP2xx0IntelYBIG-IP4xx0IntelN*BIG-IP5xx0IntelN*BIG- IP7xx0IntelN*BIG-IP10xx0IntelN*BIG-IP 110x0AMDNBIG-IP12xx0IntelN*BIG-IPi2x00Intel, ARMN*BIG- IPi4x00Intel, ARMN*BIG-IPi5x00Intel, ARMN*BIG-IPi7x00Intel, ARMN*BIG-IPi10x00Intel, ARMN*BIG-IP 800IntelYBIG-IP 1600IntelYBIG-IP 3600IntelYBIG-IP 3900IntelN*BIG-IP6400AMDNBIG-IP6900AMDNBIG- IP89x0AMDN*Intel Xeon based processors are not vulnerable to this issue.Note: Platform models that have reached End of Technical Support (EoTS) will not be evaluated. For more information, refer toK4309: F5 platform lifecycle support policy.BIG-IQ and Enterprise ManagerTo determine the processor type used by each platform and if the platform is affected by thisvulnerability, refer to the following table.ModelProcessor typeVulnerable to CVE-2018-3665 Lazy FP state restoreBIG-IQ 7000IntelYEnterprise Manager 4000IntelYNote: Platform models that have reached EoTS will not be evaluated. For more information, refer toK4309: F5 platform lifecycle support policy.ARXTo determine the processor type used by each platform and if the platform is affected by thisvulnerability, refer to the following table.ModelProcessor typeVulnerable to CVE-2018-3665 Lazy FP state restoreARX 1500+IntelY*ARX 2500IntelY*ARX 4000/4000+IntelY**The specified platforms contain the affected processor. However, F5 identifies the ARX software vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.Note: Platform models that have reached EoTS will not be evaluated. For more information, refer toK4309: F5 platform lifecycle support policy.Traffix SDCSystems with microprocessors that use speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access by way of a side-channel analysis.LineRateSystems with microprocessors that use speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access by way of a side-channel analysis.For products withNonein theVersions known to be vulnerablecolumn in the following table, there is no impact.

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K21344224.

See Also

https://my.f5.com/manage/s/article/K21344224

Plugin Details

Severity: Medium

ID: 118641

File Name: f5_bigip_SOL21344224.nasl

Version: 1.8

Type: Local

Published: 11/2/2018

Updated: 5/29/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2018-3665

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_webaccelerator

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/21/2018

Vulnerability Publication Date: 6/21/2018

Reference Information

CVE: CVE-2018-3665