CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)

The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes...

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel...

CVE-2018-3665

CVE-2018-3665 affects systems using Intel Core-based CPUs with Lazy FP state restore enabled. A local attacker could exploit speculative execution side channels to read FP/SIMD state from other processes or the kernel. Public details in connected docs show Linux kernel mitigations (disable Lazy F...

USN-3690-1: AMD Microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

Oracle Linux 7 : kernel (ELSA-2018-1852)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1852 advisory. 3.10.0-862.3.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4134 advisory. - x86/fpu: Make eager FPU default Mihai Carabas Orabug: 28156176 CVE-2018-3665 - KVM: Fix stack-out-of-bounds read in writemmio Wanpeng Li Orabug:...

Intel Core Microprocessors Information Disclosure Vulnerability

Intel Core-based microprocessors are the Core family of central processing unit products CPUs from the U.S. company Intel. An information disclosure vulnerability exists in Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain values about other processes stored...

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel...

Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Intel's Security...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libvirt vulnerability and update (USN-3680-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3680-1 advisory. Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allo...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU update (USN-3679-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3679-1 advisory. Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow...

USN-3680-1: libvirt vulnerability and update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

USN-3679-1: QEMU update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

Security update for qemu (important)

This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

Updated libvirt packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...

SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1389-1) (Spectre)

This update for kvm fixes the following issues: This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

Security update for qemu (important)

This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prio...