MiracleLinux 7 : qemu-kvm-1.5.3-156.el7.3 (AXSA:2018-3206:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3206:05 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...

USN-6331-1 linux-azure vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

SUSE-SU-2023:0692-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads bsc1208286. Bugfixes: - Fixed launch-xenstore error bsc1205792 - Fixed issues in VMX bsc1027519...

CVE-2018-3639

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US

No description provided...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

January 8, 2019—KB4480970 (Monthly Rollup)

January 8, 2019—KB4480970 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

November 13, 2018—KB4467680 (OS Build 10240.18036)

November 13, 2018—KB4467680 OS Build 10240.18036 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution side-channel...

SUSE-SU-2018:2401-1 Security update for xen

This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

August 14, 2018—KB4343885 (OS Build 15063.1266)

August 14, 2018—KB4343885 OS Build 15063.1266 Note This release also contains updates for Windows 10 Mobile OS Build 15063.1266 released August 14, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...

SUSE-SU-2018:2104-1 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606466 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fro...

SUSE-SU-2018:2095-1 Security update for the Linux Kernel (Live Patch 31 for SLE 12)

This update for the Linux Kernel 3.12.61-52119 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

Updated java-1.8.0-openjdk packages fix security vulnerability

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: libvirt security update

An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Analysis and mitigation of speculative store bypass (CVE-2018-3639)

In January, 2018, Microsoft published an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. In this blog post, we will provide a technical analysis of an additional subclass of speculative executio...

Ubuntu 14.04 LTS / 16.04 LTS : Intel Microcode regression (USN-3531-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3531-2 advisory. USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability ...