ID

VAR-201808-1002


CVE

CVE-2018-5390


TITLE

TCP implementations vulnerable to Denial of Service

Trust: 0.8

sources: CERT/CC: VU#962459

DESCRIPTION

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. 7) - aarch64, noarch, ppc64le 3. 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report 1629636 - CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() 6. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#1594915) 4. (BZ#1616431) * Previously, preemption was enabled too early after a context switch. If a task was migrated to another CPU after a context switch, a mismatch between CPU and runqueue during load balancing sometimes occurred. Consequently, a runnable task on an idle CPU failed to run, and the operating system became unresponsive. This update disables preemption in the schedule_tail() function. As a result, CPU migration during post-schedule processing no longer occurs, which prevents the above mismatch. The operating system no longer hangs due to this bug. (BZ#1618466) 4. CVE-2018-13405 Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u1. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltolY5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T1cBAAhxrsiYuYMiQj9x+shNxxp6gWEXpDoOCwU0cXzZ2lii2uSPzP5TsIQey3 3nBjPCZthg8Q0fL2m0thbfS+i1HTT9tlJT7EjBGDjA0jm2o/lQCmH5rp8DDPtbwZ 2iZ9HyfosEFnbCd6VHtWIM3NoGZFUjvBWkb29/op800BqkHk69WchT1ZWSE8G85S NAwG7tf/mfWIc0nYgieFo9i2X2bk0mNUOjC8xnVnK2TZY5jzK7f9fmQzdPAglZaI t1UoQS4PMl6UTi7AJephorP6+6KJPg3n0rCgJYYXtnRO4PilSLveg7dNniKpCaDo jJKVIcug8Hqo1zc6Uk0tgdZBPILZULyMGr7XUJ97cyA6i+9xhDpGPmqH6pbWQ+YZ JplAY4PHZ2PUi+6is4LE7kYQfPk8+KvvshUB8Qr2Xa61GUDcgpdcaTmNmFYH3EAF St27o/Nbs8WsKNzkOMxtyva88YJr7RDHr+nX/I1fKlI8zC8k3gHYYtJ11QhCDWKT 1O42ppxxaBUMo5ns0ZCjNBaMFPTaKrDYocAzhVot94I2++8InhFWbAzRq7B44fKe E4Q6jDXY3x5MexSyZG3sGc6EwUtr/Gr8trB4TZkvNrQtZ9WBh28TOsldecGsncqw I62eV7vx701dQDjtcDy/yZlGDjFTULQkyX8GPL9hIBeRjCFRhrA= =h8it -----END PGP SIGNATURE----- . 7.2) - noarch, x86_64 3. Bug Fix(es): * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618386) 4. ========================================================================== Ubuntu Security Notice USN-3742-3 August 21, 2018 linux-lts-trusty regressions ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM Details: USN-3742-2 introduced mitigations in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. We apologize for the inconvenience. Original advisory details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. A remote attacker could use this to cause a denial of service. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-156-generic 3.13.0-156.206~precise1 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.156.146 linux-image-generic-lts-trusty 3.13.0.156.146 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2384 Issue date: 2018-08-14 CVE Names: CVE-2017-13215 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566 CVE-2018-10675 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3527791 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64: kernel-3.10.0-862.11.6.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64.rpm perf-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13215 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/articles/3527791 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3MjONzjgjWX9erEAQioYA/9Ge//K50oCrGaDEMuI2PHYLcztiZt9meh C578LP6sC/HT17VAbV8C+Tvy9QBCU80t4mGU4GOPu8Q5HzZQv45n0NtdRTGCC+yb A1bFcf0vhXIALNsuDEZN9g5SwUBapxkRoh43R+E7ITCQWp0XIPaSjYgGNqpTTuD/ lxRCzc10HhxW+pUY+ERFcK6c0poc14FtSqM3GqZe10FhkykdIlmngFjkthjzefXO dUkYDy53G+iAdTrVFI03h3Wt+UBMmNwKtu8ydqtAxZ0zDZIP5ijASOtM4mlf77ec VsNn7OWythkpTcpa+Sh5+dk6DK+lU2vziVsEocYNpzB+T/aHC9n/+I8ibfp3B4DC k4lYqZJQDFR2jVABjkOVS9dWFlOYKFmU2JBwsqdRvt3rgVFXEH3n5OQydHGFskmP NFwDbRAFlwo3zjd9KuiQzdFTOensc35+eSHykY8nxY2hGMH5gGccShFL4C7N2mtx s8JnzA/Zj00VHMg8qIHGfQ7RSd/xyEJ5vn87WZcTshTNli6x1/0VnzpTKG85Ga+K S2EJDXFP9LqCT98TL1RDJmCTtfDjU3I/gbgu5xFaofQZfV48qAUomUQ2E+MhQAOX eBr/OvlfFP8HEwVEJBDtXKxxs1LgmjTSqOtfP8AvS5zI9/Y6o56i0d7Ng1CcaGKP lZgWJhC3Yik=i4St -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.7) - i386, ppc64, s390x, x86_64 3

Trust: 2.88

sources: NVD: CVE-2018-5390 // CERT/CC: VU#962459 // VULHUB: VHN-135421 // VULMON: CVE-2018-5390 // PACKETSTORM: 148915 // PACKETSTORM: 148841 // PACKETSTORM: 150070 // PACKETSTORM: 148941 // PACKETSTORM: 148907 // PACKETSTORM: 149542 // PACKETSTORM: 148914 // PACKETSTORM: 148839 // PACKETSTORM: 149544 // PACKETSTORM: 149024 // PACKETSTORM: 148899 // PACKETSTORM: 149231

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.7

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.0.0

Trust: 1.0

vendor:ciscomodel:telepresence conductorscope:eqversion:xc4.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.5.1

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.4

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:telepresence conductorscope:eqversion:xc4.3.2

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.10.1

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.9

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:14.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.10.3

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion:14.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:hpmodel:aruba clearpass policy managerscope:lteversion:6.6.9

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.6.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope:eqversion:1.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.1

Trust: 1.0

vendor:a10networksmodel:advanced core operating systemscope:eqversion:3.2.2

Trust: 1.0

vendor:ciscomodel:telepresence conductorscope:eqversion:xc4.3.3

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.10.2

Trust: 1.0

vendor:a10networksmodel:advanced core operating systemscope:eqversion:4.1.1

Trust: 1.0

vendor:ciscomodel:meeting managementscope:eqversion:1.0.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.5.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.5.1

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.10

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.4

Trust: 1.0

vendor:ciscomodel:expressway seriesscope:eqversion: -

Trust: 1.0

vendor:hpmodel:aruba clearpass policy managerscope:lteversion:6.7.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.5.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:webex hybrid data securityscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.5.1

Trust: 1.0

vendor:hpmodel:aruba clearpass policy managerscope:gteversion:6.6.0

Trust: 1.0

vendor:hpmodel:aruba clearpass policy managerscope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.10.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.11

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:ciscomodel:meeting managementscope:eqversion:1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.5.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:traffix systems signaling delivery controllerscope:gteversion:5.0.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.18

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.5.1.

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.1

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.1

Trust: 1.0

vendor:ciscomodel:webex video meshscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:eqversion:14.0.0

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.10.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:eqversion:14.0.0

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.10

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.10.3

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.10.4

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:telepresence conductorscope:eqversion:xc4.3.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:a10networksmodel:advanced core operating systemscope:eqversion:4.1.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:ciscomodel:telepresence conductorscope:eqversion:xc4.3.4

Trust: 1.0

vendor:redhatmodel:virtualizationscope:eqversion:4.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:14.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.3

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.10.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.5.1

Trust: 1.0

vendor:hpmodel:aruba airwave ampscope:ltversion:8.2.7.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.1

Trust: 1.0

vendor:a10networksmodel:advanced core operating systemscope:eqversion:4.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gtversion:13.0.0

Trust: 1.0

vendor:ciscomodel:collaboration meeting roomsscope:eqversion:1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:ciscomodel:threat grid-cloudscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.5.1

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:4.18

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:14.0.0

Trust: 1.0

vendor:a10networksmodel:advanced core operating systemscope:eqversion:4.1.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:traffix systems signaling delivery controllerscope:eqversion:4.4.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:traffix systems signaling delivery controllerscope:lteversion:5.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.6.3

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.3

Trust: 1.0

vendor:ciscomodel:network assurance enginescope:eqversion:2.1\(1a\)

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.3

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.3

Trust: 1.0

vendor:ciscomodel:expresswayscope:eqversion:x8.11

Trust: 1.0

vendor:adtranmodel: - scope: - version: -

Trust: 0.8

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:aristamodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.6.3

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.6.2

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:12.1.2

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:12.1.3

Trust: 0.6

sources: CERT/CC: VU#962459 // CNNVD: CNNVD-201808-175 // NVD: CVE-2018-5390

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5390
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201808-175
value: HIGH

Trust: 0.6

VULHUB: VHN-135421
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5390
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5390
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-135421
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5390
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-135421 // VULMON: CVE-2018-5390 // CNNVD: CNNVD-201808-175 // NVD: CVE-2018-5390

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-135421 // NVD: CVE-2018-5390

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 148841 // CNNVD: CNNVD-201808-175

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201808-175

PATCH

title:Linux kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83981

Trust: 0.6

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182789 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182645 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182790 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182776 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182791 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182785 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rhvm-appliance security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182402 - Security Advisory

Trust: 0.1

title:Red Hat: Important: redhat-virtualization-host security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182403 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3732-1

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3763-1

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182924 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182933 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: linux: CVE-2018-5390url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2a6b7ac06873eb1d736fbd4097aae2b0

Trust: 0.1

title:Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3732-2

Trust: 0.1

title:Amazon Linux AMI: ALAS-2018-1049url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1049

Trust: 0.1

title:Amazon Linux 2: ALAS2-2018-1050url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1050

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182384 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2018-5390url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-5390

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182395 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201808-5] linux-lts: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201808-5

Trust: 0.1

title:Arch Linux Advisories: [ASA-201808-4] linux: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201808-4

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-5390

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182390 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ebad431453a546a90ac876c0c271130d

Trust: 0.1

title:Arch Linux Advisories: [ASA-201808-7] linux-hardened: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201808-7

Trust: 0.1

title:Arch Linux Advisories: [ASA-201808-6] linux-zen: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201808-6

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-2

Trust: 0.1

title:Ubuntu Security Notice: linux regressionsurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-3

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - SegmentSmack Vulnerability in Linux Kernelurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=43f9a2488c104baaa3094ba6be0dea51

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-trusty regressionsurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-3

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=d3eead9065d15844d9f0f319ebc3ef51

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-trusty vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-2

Trust: 0.1

title:Cisco: Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180824-linux-tcp

Trust: 0.1

title:Palo Alto Networks Security Advisory: CVE-2018-5390 Information about SegmentSmack findingsurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=67c3af9585f63f0e91be155cc4a6f720

Trust: 0.1

title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=2981da23eee126f114781894e59f478c

Trust: 0.1

title:Red Hat: Important: kernel-alt security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182948 - Security Advisory

Trust: 0.1

title:Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=b3193a96468975c04eb9f136ca9abec4

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=204a1aa9ebf7b5f47151e8b011269862

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=05b5bbd6fb289370b459faf1f4e3919d

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:hiboma/hibomaurl:https://github.com/hiboma/hiboma

Trust: 0.1

sources: VULMON: CVE-2018-5390 // CNNVD: CNNVD-201808-175

EXTERNAL IDS

db:NVDid:CVE-2018-5390

Trust: 3.0

db:CERT/CCid:VU#962459

Trust: 2.5

db:SECTRACKid:1041434

Trust: 1.7

db:SECTRACKid:1041424

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2019/07/06/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2019/07/06/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2019/06/28/2

Trust: 1.7

db:SIEMENSid:SSA-377115

Trust: 1.7

db:BIDid:104976

Trust: 1.7

db:JUNIPERid:JSA10876

Trust: 0.8

db:CNNVDid:CNNVD-201808-175

Trust: 0.7

db:AUSCERTid:ESB-2019.1328

Trust: 0.6

db:AUSCERTid:ESB-2019.2021.2

Trust: 0.6

db:AUSCERTid:ESB-2019.2021

Trust: 0.6

db:AUSCERTid:ESB-2019.2497

Trust: 0.6

db:AUSCERTid:ESB-2020.1315

Trust: 0.6

db:AUSCERTid:ESB-2018.2468.7

Trust: 0.6

db:AUSCERTid:ESB-2019.2661

Trust: 0.6

db:AUSCERTid:ESB-2019.2262

Trust: 0.6

db:ICS CERTid:ICSA-20-105-05

Trust: 0.6

db:PACKETSTORMid:149542

Trust: 0.2

db:PACKETSTORMid:149544

Trust: 0.2

db:PACKETSTORMid:149231

Trust: 0.2

db:PACKETSTORMid:148841

Trust: 0.2

db:PACKETSTORMid:149545

Trust: 0.1

db:PACKETSTORMid:148850

Trust: 0.1

db:PACKETSTORMid:149310

Trust: 0.1

db:VULHUBid:VHN-135421

Trust: 0.1

db:VULMONid:CVE-2018-5390

Trust: 0.1

db:PACKETSTORMid:148915

Trust: 0.1

db:PACKETSTORMid:150070

Trust: 0.1

db:PACKETSTORMid:148941

Trust: 0.1

db:PACKETSTORMid:148907

Trust: 0.1

db:PACKETSTORMid:148914

Trust: 0.1

db:PACKETSTORMid:148839

Trust: 0.1

db:PACKETSTORMid:149024

Trust: 0.1

db:PACKETSTORMid:148899

Trust: 0.1

sources: CERT/CC: VU#962459 // VULHUB: VHN-135421 // VULMON: CVE-2018-5390 // PACKETSTORM: 148915 // PACKETSTORM: 148841 // PACKETSTORM: 150070 // PACKETSTORM: 148941 // PACKETSTORM: 148907 // PACKETSTORM: 149542 // PACKETSTORM: 148914 // PACKETSTORM: 148839 // PACKETSTORM: 149544 // PACKETSTORM: 149024 // PACKETSTORM: 148899 // PACKETSTORM: 149231 // CNNVD: CNNVD-201808-175 // NVD: CVE-2018-5390

REFERENCES

url:http://www.securityfocus.com/bid/104976

Trust: 2.9

url:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

Trust: 2.5

url:https://support.f5.com/csp/article/k95343321

Trust: 2.5

url:https://usn.ubuntu.com/3732-2/

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2018:2384

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2395

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2403

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2645

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2789

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2790

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2948

Trust: 1.8

url:https://www.kb.cert.org/vuls/id/962459

Trust: 1.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180824-linux-tcp

Trust: 1.7

url:http://www.arubanetworks.com/assets/alert/aruba-psa-2018-004.txt

Trust: 1.7

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf

Trust: 1.7

url:https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20180815-0003/

Trust: 1.7

url:https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.7

url:https://www.synology.com/support/security/synology_sa_18_41

Trust: 1.7

url:https://www.debian.org/security/2018/dsa-4266

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2019/06/28/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2019/07/06/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2019/07/06/4

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2402

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2776

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2785

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2791

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2924

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2933

Trust: 1.7

url:http://www.securitytracker.com/id/1041424

Trust: 1.7

url:http://www.securitytracker.com/id/1041434

Trust: 1.7

url:https://usn.ubuntu.com/3732-1/

Trust: 1.7

url:https://usn.ubuntu.com/3741-1/

Trust: 1.7

url:https://usn.ubuntu.com/3741-2/

Trust: 1.7

url:https://usn.ubuntu.com/3742-1/

Trust: 1.7

url:https://usn.ubuntu.com/3742-2/

Trust: 1.7

url:https://usn.ubuntu.com/3763-1/

Trust: 1.7

url:https://www.freebsd.org/security/advisories/freebsd-sa-18:08.tcp.asc

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-5390

Trust: 1.1

url:https://support.f5.com/csp/article/k95343321?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://www.spinics.net/lists/netdev/msg514742.html

Trust: 0.8

url:https://supportforums.adtran.com/docs/doc-9261

Trust: 0.8

url:https://blogs.akamai.com/2018/08/linux-kernel-tcp-vulnerability.html

Trust: 0.8

url:https://alas.aws.amazon.com/alas-2018-1049.html

Trust: 0.8

url:https://www.arista.com/en/support/advisories-notices/security-advisories/5721-security-advisory-36

Trust: 0.8

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk134253

Trust: 0.8

url:https://lists.debian.org/debian-security-announce/2018/msg00195.html

Trust: 0.8

url:https://kb.juniper.net/jsa10876

Trust: 0.8

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-686

Trust: 0.8

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-696

Trust: 0.8

url:https://www.suse.com/c/suse-addresses-segmentsmack-attack/

Trust: 0.8

url:https://www.zyxel.com/support/linux_kernel_tcp_flaw.shtml

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2018-5390

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-3646

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-3620

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.6

url:https://support.f5.com/csp/article/k95343321?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191437-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191425-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191422-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191767-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192829-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192821-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20190955-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1315/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2021.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2497/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2661/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2021/

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10875814

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79262

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2262/

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181031-02-linux-cn

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-105-05

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-105-05

Trust: 0.6

url:https://www.auscert.org.au/bulletins/67070

Trust: 0.6

url:https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-5391

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-18344

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-7566

Trust: 0.3

url:https://access.redhat.com/security/vulnerabilities/l1tf

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-3646

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-3620

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-13215

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-7566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-3693

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-13215

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-10675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-10675

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-3693

Trust: 0.2

url:https://support.f5.com/csp/article/k95343321?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3742-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/3.13.0-155.205

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1013.16

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1018.19

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3732-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1017.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1017.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1019.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-30.32

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1015.15

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1120

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10882

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10883

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5803

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14619

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-13405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10880

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10882

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18208

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000026

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-17805

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10883

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16648

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/ssbd

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11506

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5750

Trust: 0.1

url:https://access.redhat.com/articles/3658021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18075

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-13166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1118

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-17806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-13166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000026

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8781

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18208

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-9363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1092

Trust: 0.1

url:https://access.redhat.com/articles/3553061

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18344

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10940

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5848

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1118

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5391

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18075

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1120

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-133.159

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1094.102

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3741-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1098.103

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1065.75

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1031.37

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13405

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3742-2

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3742-3

Trust: 0.1

url:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787258

Trust: 0.1

url:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787127

Trust: 0.1

url:https://access.redhat.com/articles/3527791

Trust: 0.1

sources: CERT/CC: VU#962459 // VULHUB: VHN-135421 // PACKETSTORM: 148915 // PACKETSTORM: 148841 // PACKETSTORM: 150070 // PACKETSTORM: 148941 // PACKETSTORM: 148907 // PACKETSTORM: 149542 // PACKETSTORM: 148914 // PACKETSTORM: 148839 // PACKETSTORM: 149544 // PACKETSTORM: 149024 // PACKETSTORM: 148899 // PACKETSTORM: 149231 // CNNVD: CNNVD-201808-175 // NVD: CVE-2018-5390

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 150070 // PACKETSTORM: 148941 // PACKETSTORM: 148907 // PACKETSTORM: 149542 // PACKETSTORM: 149544 // PACKETSTORM: 148899 // PACKETSTORM: 149231

SOURCES

db:CERT/CCid:VU#962459
db:VULHUBid:VHN-135421
db:VULMONid:CVE-2018-5390
db:PACKETSTORMid:148915
db:PACKETSTORMid:148841
db:PACKETSTORMid:150070
db:PACKETSTORMid:148941
db:PACKETSTORMid:148907
db:PACKETSTORMid:149542
db:PACKETSTORMid:148914
db:PACKETSTORMid:148839
db:PACKETSTORMid:149544
db:PACKETSTORMid:149024
db:PACKETSTORMid:148899
db:PACKETSTORMid:149231
db:CNNVDid:CNNVD-201808-175
db:NVDid:CVE-2018-5390

LAST UPDATE DATE

2024-12-21T21:47:26.232000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#962459date:2018-09-14T00:00:00
db:VULHUBid:VHN-135421date:2020-09-18T00:00:00
db:VULMONid:CVE-2018-5390date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-201808-175date:2020-09-21T00:00:00
db:NVDid:CVE-2018-5390date:2024-11-21T04:08:43.610

SOURCES RELEASE DATE

db:CERT/CCid:VU#962459date:2018-08-06T00:00:00
db:VULHUBid:VHN-135421date:2018-08-06T00:00:00
db:VULMONid:CVE-2018-5390date:2018-08-06T00:00:00
db:PACKETSTORMid:148915date:2018-08-15T04:42:52
db:PACKETSTORMid:148841date:2018-08-07T13:11:00
db:PACKETSTORMid:150070date:2018-10-31T01:11:59
db:PACKETSTORMid:148941date:2018-08-15T17:16:28
db:PACKETSTORMid:148907date:2018-08-15T04:40:44
db:PACKETSTORMid:149542date:2018-09-25T23:02:15
db:PACKETSTORMid:148914date:2018-08-15T04:42:46
db:PACKETSTORMid:148839date:2018-08-07T13:13:00
db:PACKETSTORMid:149544date:2018-09-25T23:02:34
db:PACKETSTORMid:149024date:2018-08-21T20:20:00
db:PACKETSTORMid:148899date:2018-08-15T04:37:37
db:PACKETSTORMid:149231date:2018-09-05T17:53:26
db:CNNVDid:CNNVD-201808-175date:2018-08-07T00:00:00
db:NVDid:CVE-2018-5390date:2018-08-06T20:29:01.570