K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646

Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...

K35558453: Intel SGX L1 Terminal Fault vulnerability CVE-2018-3615

Security Advisory Description Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

K70675920: August 2018 Intel security vulnerability announcement

Security Advisory Description On 14-Aug-2018, Intel announced the discovery of the following vulnerabilities: CVE-2018-3615 Foreshadow CVE-2018-3620 Foreshadow-NG CVE-2018-3646 Foreshadow-NG For the complete announcement from Intel, refer to the following link: Note : The following link takes you...

Slackware: Security Advisory (SSA:2018-240-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as...

openSUSE Security Update : ucode-intel (openSUSE-2019-622) (Foreshadow) (Spectre)

ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and is part of the mitigations for CVE-2018-3639 Spectre v4 and CVE-2018-3646 L1 Terminal fault. bsc1104134 bsc1087082 bsc1087083 bsc1089343 Processor Identifier Version Products Mode...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmentedwritestd doesn't propagate access correctly. As such, during userspa...

Security Updates for Windows 10 / Windows Server 2019 (February 2019) (Spectre) (Meltdown) (Foreshadow)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address the following vulnerabilities: - Spectre Variant 3a CVE-2018-3640: Rogue System Register Read RSRE. - Spectre Variant 4 CVE-2018-3639: Speculative Store Bypass SSB - L1TF CVE-2018-3620,...

Security Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address the following vulnerabilities: - Spectre Variant 3a CVE-2018-3640: Rogue System Register Read RSRE. - Spectre Variant 4 CVE-2018-3639: Speculative Store Bypass SSB - L1TF CVE-2018-3620,...

RSA Conference 2019: Picking Apart the Foreshadow Attack

SAN FRANCISCO – Starting off with a bang with Spectre and Meltdown, 2018 was the year of speculative execution vulnerabilities in CPUs, which wreaked havoc in the IT industry. One of these attacks, dubbed Foreshadow, could allow unauthorized disclosure of information. Foreshadow impacts the Intel...

Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By...

Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646)

Summary There are multiple vulnerabilities that affect the IBM OS Image for Red Hat Linux Systems in IBM PureApplication System. IBM has released Version 2.2.5.3 for IBM PureApplication System, in response to CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646. The products that are identified for th...

Oracle Solaris Critical Patch Update : jan2019_SRU11_4_3_5_0 (Foreshadow) (Spectre)

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated...

Fedora 28 : kernel / kernel-headers (2018-f8cba144ae) (Foreshadow)

The 4.17.14-202 build contains patches for the 'foreshadow ' security issue that were missing from the 201 builds. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and form...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:2409-1) (Foreshadow)

This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...

Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620)

Summary IBM QRadar Network Security has addressed the following CPU vulnerability. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution featur...

OracleVM 3.4 : xen (OVMSA-2018-0282) (Foreshadow) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0282 for details. C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2018-0282...

OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details. C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2018-0272...

OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0271 for details. C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2018-0271...