April 12, 2021
RE: CVE-2020-28588 and Implications for INSIGHT DLP Appliances
Dear INSIGHT Appliance Customer:
As you may be aware, on March 29, 2021, the Oracle Linux team made the following vulnerability disclosure (CVE-2020-28588). The summary of this disclosure is that this security vulnerability only affects ARM 32 bit-systems. A local user could use this flaw to read three 64 bits uninitialized values, but cannot control which values. The highest threat from this vulnerability is to confidentiality. Please note that this vulnerability does not affect INSIGHT Appliances, as INSIGHT Appliances utilize a 64-bit systems architecture.
The INSIGHT Development team is aware of this exploit. Although it does not affect INSIGHT Appliances, the dev team has been running tests to study the impact this could have for our customers. Due to the secure environment and restrictions implemented on all INSIGHT Appliances the identified exploit does not exist for INSIGHT Appliances.
If you have any questions or concerns, please contact the INSIGHT Support Team.
INSIGHT Support Team