SUSE: Security Advisory (SUSE-SU-2018:2304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-2) (Spectre)

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandlin...

Fresh Spectre Variants Come to Light

Two new speculative execution bugs have earned researchers a $100,000 bug bounty from Intel. MIT’s Vladimir Kiriansky and independent researcher Carl Waldspurger uncovered what they call Spectre1.1 and a subset, Spectre1.2, collectively referred to as Variant 4 of Spectre by Intel and ARM. Like t...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:1487-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for xen (important)

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka "Memory Disambiguation" bsc1092631 This feature can be controlled by the "ssbd=on/off" commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 vHPET interrupt...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" bnc1087082. A new boot commandline...

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said. Intel introduced hardware-based safeguards to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit

Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot...

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandline...

SUSE-SU-2018:1374-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandline...

AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass

AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

Speculative Store Bypass

ISSUE DESCRIPTION Contemporary high performance processors may use a technique commonly known as Memory Disambiguation, whereby speculative execution may proceed past unresolved stores. This opens a speculative sidechannel in which loads from an address which have had a recent store can observe a...