Update spec file to remove ‘modprobe kvm-intel’ and remove --enable-kvm arg to ovmf_vars_generator so qemu will not require kvm kernel module. (Aaron Young)
Update spec file to modprobe kvm_intel module prior to running qemu to enroll default keys. (Aaron Young)
Enroll Oracle cert/key for OL secureboot support. (Aaron Young)
[1:1.2-2.el7]
Change Image.c image load error to DEBUG_WARN from DEBUG_ERROR since it is normal for some images to fail to load if the associated hardware is not present. Such is the case with Ramfb. (Aaron Young) [Orabug: 28868674]
Fix AAVMF build. Pull in OpenSSL code (as is done for x86_64) (Aaron Young)
Update AAVMF change log for version 1.2 (Aaron Young)
[1:1.2-1.el7]
Update spec files and OVMF change log to version 1.2

OSVersionArchitecturePackageVersionFilename
oracle linux7srcedk2< 1.2-5.el7edk2-1.2-5.el7.src.rpm
oracle linux7noarchaavmf< 1.2-5.el7AAVMF-1.2-5.el7.noarch.rpm
oracle linux7srcedk2< 1.2-5.el7edk2-1.2-5.el7.src.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	edk2	< 1.2-5.el7	edk2-1.2-5.el7.src.rpm
oracle linux	7	noarch	aavmf	< 1.2-5.el7	AAVMF-1.2-5.el7.noarch.rpm
oracle linux	7	src	edk2	< 1.2-5.el7	edk2-1.2-5.el7.src.rpm

nessus 70

oraclelinux 4

fedora 4

openvas 22

amazon 1

altlinux 1

suse 8

centos 3

redhat 14

apple 6

vmware 3

ibm 19

msrc 1

ubuntu 9

threatpost 2

kaspersky 1

packetstorm 1

photon 1

zdt 1

thn 1

mageia 3

huawei 2

redhatcve 1

seebug 1

nvidia 3

qualysblog 4

paloalto 1

malwarebytes 1

kitploit 1

cloudfoundry 1

cisco 1

lenovo 2

f5 1

symantec 1

arista 1

virtuozzo 2

citrix 1

nessus

Oracle Linux 7 : edk2 (ELSA-2019-4785)

2023-09-07 00:00:00

Oracle Linux 7 : edk2 (ELSA-2019-4668)

2023-09-07 00:00:00

Amazon Linux 2 : edk2 (ALAS-2019-1273)

2019-08-28 00:00:00

oraclelinux

edk2 security update

2019-09-13 00:00:00

edk2 security update

2020-09-29 00:00:00

ovmf security and enhancement update

2019-08-13 00:00:00

fedora

[SECURITY] Fedora 30 Update: edk2-20190308stable-1.fc30

2019-03-31 00:05:59

[SECURITY] Fedora 29 Update: edk2-20190308stable-1.fc29

2019-04-03 03:31:40

[SECURITY] Fedora 26 Update: webkitgtk4-2.18.5-1.fc26

2018-01-18 21:11:25

openvas

Fedora Update for edk2 FEDORA-2019-bff1cbaba3

2019-05-07 00:00:00

openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:4240-1)

2018-12-23 00:00:00

openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:4254-1)

2018-12-23 00:00:00

amazon

Important: edk2

2019-08-23 03:26:00

altlinux

Security fix for the ALT Linux 10 package edk2 version 20190308-alt1

2019-04-02 00:00:00

suse

Security update for ovmf (moderate)

2018-12-22 18:09:42

Security update for ovmf (moderate)

2018-12-22 18:17:24

Security update for ovmf (important)

2019-03-30 00:00:00

centos

OVMF security update

2019-08-30 03:50:09

kernel, perf, python security update

2018-01-04 11:36:27

kernel, perf, python security update

2018-01-04 19:46:26

redhat

(RHSA-2019:2125) Moderate: ovmf security and enhancement update

2019-08-06 08:03:42

(RHSA-2018:0020) Important: kernel security update

2018-01-04 15:05:39

(RHSA-2018:0016) Important: kernel-rt security update

2018-01-04 05:10:11

apple

About the security content of iOS 11.2.2

2018-01-08 00:00:00

About the security content of iOS 11.2.2 - Apple Support

2018-01-08 10:30:27

About the security content of macOS High Sierra 10.13.2 Supplemental Update

2018-01-08 00:00:00

vmware

VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

2018-01-03 00:00:00

VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

2018-01-03 00:00:00

VMware Virtual Appliance updates address side-channel analysis due to speculative execution

2018-02-08 00:00:00

ibm

Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre.

2018-06-16 22:05:23

Security Bulletin: PowerKVM has released updates in response to the vulnerabilities known as Spectre and Meltdown.

2018-06-18 01:41:07

Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

2018-12-08 04:55:34

msrc

Speculative Execution Bounty Launch

2018-03-15 00:00:04

ubuntu

Linux kernel (Trusty HWE) vulnerabilities

2018-01-23 00:00:00

Linux kernel (KVM) vulnerabilities

2018-01-29 00:00:00

WebKitGTK+ vulnerabilities

2018-01-11 00:00:00

threatpost

Apple Releases Spectre Patches for Safari, macOS and iOS

2018-01-08 16:57:57

Experts Weigh In On Spectre Patch Challenges

2018-01-07 23:21:34

kaspersky

KLA11173 OSI vulnerability in VMware Products

2018-01-09 00:00:00

packetstorm

Spectre Information Disclosure Proof Of Concept

2018-01-04 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0098

2018-01-11 00:00:00

zdt

Multiple CPUs - Spectre Information Disclosure (PoC) Exploit

2018-01-04 00:00:00

thn

New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection

2021-09-13 07:54:00

mageia

Updated webkit2 packages fix security vulnerabilities

2018-01-14 19:54:13

Updated kernel packages fix security vulnerabilities

2018-02-11 21:42:57

Updated nvidia-current packages mitigates security issues

2018-01-13 17:28:36

huawei

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

2018-06-06 00:00:00

Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'

2018-01-06 00:00:00

redhatcve

CVE-2017-5715

2021-07-20 18:54:09

seebug

Reading privileged memory with a side-channel (Meltdown & Spectre)

2018-01-04 00:00:00

nvidia

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

2018-01-05 00:00:00

Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities

2018-01-09 00:00:00

Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

2018-01-04 00:00:00

qualysblog

Meltdown and Spectre Aren’t Business as Usual

2018-01-18 22:22:16

Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack

2018-03-02 14:48:53

Meltdown/Spectre and Qualys Cloud Platform

2018-01-09 02:36:19

paloalto

Information about Meltdown and Spectre findings

2018-01-04 00:00:00

malwarebytes

Meltdown and Spectre fallout: patching problems persist

2018-01-11 14:00:00

kitploit

Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux

2018-01-08 12:43:00

cloudfoundry

USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2018-01-23 00:00:00

cisco

CPU Side-Channel Information Disclosure Vulnerabilities

2018-01-04 22:20:00

lenovo

Reading Privileged Memory with a Side Channel - Lenovo Support US

2018-10-24 12:22:52

Reading Privileged Memory with a Side Channel - US

2018-10-24 12:22:52

Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754

2018-01-04 04:46:00

symantec

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability

2018-01-03 00:00:00

arista

Security Advisory 0031

2018-01-03 00:00:00

virtuozzo

Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)

2018-01-06 00:00:00

Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)

2018-01-08 00:00:00

citrix

Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

2018-01-03 04:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.976 High

EPSS

Percentile

100.0%

JSON

Related for ELSA-2019-4668