Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3655-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3655-1 advisory. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a...

Ubuntu 17.10 : Linux kernel vulnerabilities (USN-3653-1) (Spectre)

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3653-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3653-2 advisory. USN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandline...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3654-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3654-1 advisory. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a...

Researchers Say More Spectre-Related CPU Flaws On Horizon

After another speculative execution side channel-related flaw has been disclosed in processors, security experts say that more may be on the horizon. Researchers on Monday disclosed Variant 4, a new speculative execution side channel category flaw that allows attackers to read privileged data...

SUSE-SU-2018:1368-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandline...

Intel Responds to Spectre-Like Flaw In CPUs

Intel acknowledged that its processors are vulnerable to another dangerous speculative execution side channel flaw that could give attackers unauthorized read access to memory. The new vulnerability, disclosed by Google Project Zero and Microsoft’s Security Response Center, is called Variant 4, a...

SUSE-SU-2018:1374-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandline...

DEBIAN-CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

Design/Logic Flaw

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

ALPINE-CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

CVE-2018-3640

CVE-2018-3640 affects macOS EFI/Hypervisor components on macOS High Sierra 10.13.6 and Mojave 10.14, where systems with speculative execution and speculative reads of system registers may leak information via a side‑channel. The root cause is speculative execution side‑channel disclosures; a micr...

CVE-2018-3639

CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

CVE-2018-3640

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read RSRE, Variant 3a...

SUSE-SU-2018:1377-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandli...