107 matches found
WebAssembly Changes Could Ruin Meltdown/Spectre Browser Patches
Upcoming changes to the WebAssembly Wasm format may defang the browser patches for infamous side-channel attacks Meltdown and Spectre. Wasm was invented to improve execution speed for porting desktop applications to web-based environments; programs are compiled in Wasm and then can easily be run ...
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. Vulnerability ID:...
Security update for the Linux Kernel (important)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot...
Microsoft Guidance for Speculative Store Bypass
Executive summary On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities known as Spectre and Meltdown involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21s...
Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests
Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...
SUSE-SU-2018:0705-1 Security update for microcode_ctl
This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws boo1085207 CVE-2017-5715 - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 100014...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4020)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4020 advisory. - x86: Use PREDCMD MSR when ibpb is enabled Konrad Rzeszutek Wilk Orabug: 27369777 CVE-2017-5715 CVE-2017-5753 - x86/spec: Dont print the Missing...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)
The remote OracleVM system is missing necessary patches to address critical security updates : - Revert 'kernel.spec: Require the new microcodectl.' Brian Maly - xen-blkback: add pendingreq allocation stats Ankur Arora Orabug: 27386890 - xen-blkback: move indirect req allocation out-of-line Ankur...
Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips
Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” sai...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0115-1) (Meltdown) (Spectre)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpectreAttack': Local...
Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities
NVIDIA GeForce Experience GFE response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018 publication of novel information...
In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...
Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
Jetson L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks that...
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
Jetson and Tegra L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure...
Meltdown and Spectre: what you need to know
UPDATE as of 1/12/18: Several vendors have produced patches for Meltdown and Spectre, however performance problems dog the fixes. Details on the patches were published here. UPDATE as of 1/04/18: Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the...
SUSE-SU-2018:0010-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpectreAttack': Local attackers...
SUSE-SU-2018:0012-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpecŧreAttack': Local attackers...
Citrix XenServer Multiple Security Updates
Important Note Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues XS71ECU1009, XS72E013 and XS73E001, Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these n...