openSUSE Security Update : xen (openSUSE-2018-1331) (Foreshadow)

This update for xen fixes the following issues : XEN was updated to the Xen 4.9.3 bug fix only release bsc1027519 - CVE-2018-17963: qemudeliverpacketiov accepted packet sizes greater than INTMAX, which allows attackers to cause a denial of service or possibly have unspecified other impact...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:2436-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3775-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3775-1 advisory. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness ...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3776-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3776-1 advisory. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local...

CVE-2018-15572

An issue was found in the way modern x86 microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization and prediction of return addresses via Return Stack Buffer RSB. RSB is a small on chip structure that holds list of return addresses, use...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-1) (Foreshadow)

This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:2434-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Foreshadow- L1 Terminal Fault: VMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE:...

Foreshadow- L1 Terminal Fault: OS/SMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. CVE: CVE-2018-3620 Last updated: Aug. 1...

Information disclosure

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis...

Information disclosure

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis...

CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...