This is regarding the following vulnerabilities discovered by the Google Project Zero team:
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
The below advisory was sent to our Workload Automation AE and Workload Automation DE customers today.
If you did not receive the message below, please sign up here to receive future announcements: https://support.ca.com/irj/portal/hyperSubscription
A CPU design flaw, impacting platforms (e.g. Linux, Windows) supported by our products, was recently discovered by the Google Project Zero team, https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html, that could potentially be exploited compromising access to in-memory data. The respective CPU manufacturers have been working with operating system vendors and system manufacturers to assist them in addressing this. Patches are expected to be released by the various vendors over the next few weeks. It is expected that operating systems and applications could be negatively impacted by performance to some degree. The actual impact is unknown, although some speculate as high as a 30% degradation in performance.
As alluded to above, we do not know what impact these fixes will have upon our Workload Automation solutions. Our review of available data indicates there will be some unknown level of performance degradation. We will be carefully monitoring this in the upcoming weeks.
There are no current changes in our plans regarding performance. We will continue to make incremental performance improvements to our products based on the business impact. Should it be determined the degradation is more severe than anticipated, we would alter our current plans to accelerate performance improvements in the necessary areas, which could result in reprioritization of currently planned projects.
Although this was an unexpected and unfortunate event, we can assure you we will continue to attempt to provide the highest level of support throughout this time of uncertainty.
If you have any questions about this Advisory, please contact CA Support.
CA Support Team