Kernel: speculative bounds check bypass store

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an...

CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

UBUNTU-CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis...

UBUNTU-CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

BSA-2018-687

Security Advisory ID : BSA-2018-687 Component : Kernel Revision : 1.0: Final Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault L1TF also known as Foreshadow. This method impacts select microprocessor products supporting Intel® Software Guard...

Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as Spectre and Meltdown

Summary IBM Cloud Manager is affected by security vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...

EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1201)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QEMU aka Quick Emulator, when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...

Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEI...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Important product update: Fixes for CVE-2018-3639 and CVE-2018-1087 in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 26 (6.0.12-3707)

This hotfix provides security fixes for the hypervisor part of Virtuozzo 6.0 Update 12. Vulnerability id: CVE-2018-1087 A flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack...

RHEL 6 : Virtualization (RHSA-2018:1688) (Spectre)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit

Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

KVA Shadow: Mitigating Meltdown on Windows

On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post...

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown

In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities. The limited time program is open until December 31, and offers up to $250,000 for identifying new categories of speculative execution...