ID

VAR-201808-0957

CVE

CVE-2018-3646

TITLE

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

DESCRIPTION

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. The microcode updates mentioned there are not yet available in a form distributable by Debian. For the stable distribution (stretch), these problems have been fixed in version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlt14mwACgkQEMKTtsN8 Tjb2LhAAokwmlGxyJPC3EGG9aOLKNv23G9OzLLNRm+cy150WAMgBio+bR2CAgkfX qu/ftFPLeKfIRbo9nLBFHQLMKlmDdFzLeicXe7GtnKcAMkt0Wp+rYIj66TMkjrMg 2kJI68ECc5Rqj3fMZ+dgkxSHzhylUGG70mEIBf2D22Y72kkIfc3EzBuu2wxaaOTP t7Q7JkYDv9WV/6gw8Ok2vIrQcq95jtZgDSL1ZHHg6VTukHnXP2SU1rMfRCguTCtc 5JYAgWJ1GWFWt3d6FQnk7SWwJf3pHEVNg0lGpRJdu4qperQ3EhQNeJlGq8adm/Zf QQUT9T6vsU5cefgelIRSLxFZ9bDobxXXNaox3FqB4tslkJLhTRluCvilJpWuNpH5 7S6xti5neGuHORfIkcS1PmOEx2gDkKWTgotiBx04yU3q+/zr0Ob+K2jxZXe4z2uU sqEq8pdjCnkE03cljPbfPeutyucS3xDFpFVoXlRqgRNMdZ7jzVSP6qayt3iQIa/E djVQ2ptHxux5Zapg5Ngr2ASBdyIw+2GLVUKQCeqM+EjMXjRBaJv8DPxWwO4nkC4d eliy9RxErtQpgHIZKHVmTjoRlh/OH4KAdHZT2Y+Gfv1DVA6TL5cPiQ9e0ZunNNaK vtXyOzjNPVPZa+2MEq9FTFIkDsR8Ncl/JCzp0bx5uVaV/ovX0A8=reP+ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2390-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2390 Issue date: 2018-08-14 CVE Names: CVE-2017-0861 CVE-2017-15265 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10901 CVE-2018-1000004 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm ppc64: kernel-2.6.32-754.3.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm kernel-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-headers-2.6.32-754.3.5.el6.ppc64.rpm perf-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-headers-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.3.5.el6.s390x.rpm perf-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-15265 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10901 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3Me0NzjgjWX9erEAQhkDBAAjGcoEad9NOtCUJqgDcVHLArXg9OKAloW +BaoAYrYtzH3h9teocV6U3mYaxhwu2Cd13JlbKJsc8BLRzHUSZpwxjcsewCzjx2u dotwAksPej7L3U/U5YPSJ37r/OP+ni7trT1dtEmCI578QHFZB6+4/qK/1aYM+biQ EI0BoaSMV6RDo9u+U6zPgk8L7ugMhWs2PCXbtV7koyg563tasvo5jWlfVYNVD1fz cKTzsTwVQwirynWa2mvtaI+vaslYX3x9Zn6dJ2VEzpD4w6tU54/sViaetmLnSOir ZVdtkeO0pdEBO2YUr+Igc+ZOtLdGpzOjkQVQMBG+YE6bDdynYYFrxkPcNPeB1f1K 2bTNHA/FnirFDOII3JuYEqg8TXdh8NYRZ4a8rqchGo2JCeh5Q5LnhJDYWJv2HbTW TZUQY/nStRfWVpygQJV72GJENICnRVjjQ5D569KFBopnK0iXWLpxlf3dmp5Lvdg2 0rBVnnclfQCQVxZvOiZ3s0wkA9d0o7v4pDN2YgTRDlU4nzI3xE4jh0Sevsn4tVco ePUubCuxhjQfxJswBPoZA8Al3GGlSxOMKFHO6HscnnAh6YL5LVusx4PpJt4Y3tjW Vf8Rk4bFbn+M0RtVM+vnFGjWAr7w6iKvRya8y0LzElfAtpeedcnuxfJGtecT73IZ /6fv2MlabwY=kAUc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3742-3 August 21, 2018 linux-lts-trusty regressions ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM Details: USN-3742-2 introduced mitigations in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. We apologize for the inconvenience. Original advisory details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2017-18344) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-156-generic 3.13.0-156.206~precise1 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.156.146 linux-image-generic-lts-trusty 3.13.0.156.146 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Details on the vulnerability and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Due to the high complexity of the fixes and the need for a corresponding CPU microcode update for a complete fix, we are unable to livepatch these CVEs. Please plan to reboot into an updated kernel as soon as possible. References: CVE-2018-3620, and CVE-2018-3646 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack

AFFECTED PRODUCTS