MGASA-2019-0333 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

CentOS 7 : kernel (CESA-2019:3834)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

ALPINE-CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

Design/Logic Flaw

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

CVE-2019-11135

CVE-2019-11135 is a TSX Transactional Synchronization Extensions-related vulnerability in Intel CPUs causing potential information disclosure via a side channel when TSX Acknowledges an abort. The connected documents describe a subsequent issue (CVE-2019-19338) in the fix path for CVE-2019-11135 ...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

VMSA-2019-0020 : Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities

a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change MCEPSC Denial-of-Service vulnerability - CVE-2018-12207 VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change MCEPSC. A malicious actor with...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4836)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4836 advisory. - kvm: x86: mmu: Recovery of shattered NX large pages Junaid Shahid Orabug: 29967630 CVE-2018-12207 - kvm: Add helper function for creating VM worker...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4837)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4837 advisory. - x86/tsx: Add config options to set tsx=on|off|auto Michal Hocko Orabug: 30419233 CVE-2019-11135 - x86/speculation/taa: Add documentation for TSX...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4839)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4839 advisory. - x86/tsx: Add config options to set tsx=on|off|auto Michal Hocko Orabug: 30419231 CVE-2019-11135 - x86/speculation/taa: Add documentation for TSX Async Abo...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4838)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4838 advisory. - x86/tsx: Add config options to set tsx=on|off|auto Michal Hocko Orabug: 30419232 CVE-2019-11135 - x86/speculation/taa: Add documentation for TSX Async Abo...

Debian DSA-4564-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. - CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables EPT, a guest VM may manipulate the...

Information Disclosure

kernel is vulnerable to information disclosure. Due to the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occur, a local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort...

RHEL 6 : kernel (RHSA-2019:3836)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3836 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: Machine Check Error on Page Size...