ID CVE-2018-3639
Summary Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
References
Vulnerable Configurations
  • Intel Atom C C2308
    cpe:2.3:h:intel:atom_c:c2308
  • Intel Atom C C3308
    cpe:2.3:h:intel:atom_c:c3308
  • Intel Atom C C3338
    cpe:2.3:h:intel:atom_c:c3338
  • Intel Atom C C3508
    cpe:2.3:h:intel:atom_c:c3508
  • Intel Atom C C3538
    cpe:2.3:h:intel:atom_c:c3538
  • Intel Atom C C3558
    cpe:2.3:h:intel:atom_c:c3558
  • Intel Atom C C3708
    cpe:2.3:h:intel:atom_c:c3708
  • Intel Atom C C3750
    cpe:2.3:h:intel:atom_c:c3750
  • Intel Atom C C3758
    cpe:2.3:h:intel:atom_c:c3758
  • Intel Atom C C3808
    cpe:2.3:h:intel:atom_c:c3808
  • Intel Atom C C3830
    cpe:2.3:h:intel:atom_c:c3830
  • Intel Atom C C3850
    cpe:2.3:h:intel:atom_c:c3850
  • Intel Atom C C3858
    cpe:2.3:h:intel:atom_c:c3858
  • Intel Atom C C3950
    cpe:2.3:h:intel:atom_c:c3950
  • Intel Atom C C3955
    cpe:2.3:h:intel:atom_c:c3955
  • Intel Atom C C3958
    cpe:2.3:h:intel:atom_c:c3958
  • Intel Atom E E3805
    cpe:2.3:h:intel:atom_e:e3805
  • Intel Atom E E3815
    cpe:2.3:h:intel:atom_e:e3815
  • Intel Atom E E3825
    cpe:2.3:h:intel:atom_e:e3825
  • Intel Atom E E3826
    cpe:2.3:h:intel:atom_e:e3826
  • Intel Atom E E3827
    cpe:2.3:h:intel:atom_e:e3827
  • Intel Atom E E3845
    cpe:2.3:h:intel:atom_e:e3845
  • Intel Atom Z Z2420
    cpe:2.3:h:intel:atom_z:z2420
  • Intel Atom Z Z2460
    cpe:2.3:h:intel:atom_z:z2460
  • Intel Atom Z Z2480
    cpe:2.3:h:intel:atom_z:z2480
  • Intel Atom Z Z2520
    cpe:2.3:h:intel:atom_z:z2520
  • Intel Atom Z Z2560
    cpe:2.3:h:intel:atom_z:z2560
  • Intel Atom Z Z2580
    cpe:2.3:h:intel:atom_z:z2580
  • Intel Atom Z Z2760
    cpe:2.3:h:intel:atom_z:z2760
  • Intel Atom Z Z3460
    cpe:2.3:h:intel:atom_z:z3460
  • Intel Atom Z Z3480
    cpe:2.3:h:intel:atom_z:z3480
  • Intel Atom Z Z3530
    cpe:2.3:h:intel:atom_z:z3530
  • Intel Atom Z Z3560
    cpe:2.3:h:intel:atom_z:z3560
  • Intel Atom Z Z3570
    cpe:2.3:h:intel:atom_z:z3570
  • Intel Atom Z Z3580
    cpe:2.3:h:intel:atom_z:z3580
  • Intel Atom Z Z3590
    cpe:2.3:h:intel:atom_z:z3590
  • Intel Atom Z Z3735D
    cpe:2.3:h:intel:atom_z:z3735d
  • Intel Atom Z Z3735E
    cpe:2.3:h:intel:atom_z:z3735e
  • Intel Atom Z Z3735F
    cpe:2.3:h:intel:atom_z:z3735f
  • Intel Atom Z Z3735G
    cpe:2.3:h:intel:atom_z:z3735g
  • Intel Atom Z Z3736F
    cpe:2.3:h:intel:atom_z:z3736f
  • Intel Atom Z Z3736G
    cpe:2.3:h:intel:atom_z:z3736g
  • Intel Atom Z Z3740
    cpe:2.3:h:intel:atom_z:z3740
  • Intel Atom Z Z3740D
    cpe:2.3:h:intel:atom_z:z3740d
  • Intel Atom Z Z3745
    cpe:2.3:h:intel:atom_z:z3745
  • Intel Atom Z Z3745D
    cpe:2.3:h:intel:atom_z:z3745d
  • Intel Atom Z Z3770
    cpe:2.3:h:intel:atom_z:z3770
  • Intel Atom Z Z3770D
    cpe:2.3:h:intel:atom_z:z3770d
  • Intel Atom Z Z3775
    cpe:2.3:h:intel:atom_z:z3775
  • Intel Atom Z Z3775D
    cpe:2.3:h:intel:atom_z:z3775d
  • Intel Atom Z Z3785
    cpe:2.3:h:intel:atom_z:z3785
  • Intel Atom Z Z3795
    cpe:2.3:h:intel:atom_z:z3795
  • Intel Celeron J J3455
    cpe:2.3:h:intel:celeron_j:j3455
  • Intel Celeron J J4005
    cpe:2.3:h:intel:celeron_j:j4005
  • Intel Celeron J J4105
    cpe:2.3:h:intel:celeron_j:j4105
  • Intel Celeron N N3450
    cpe:2.3:h:intel:celeron_n:n3450
  • cpe:2.3:h:intel:core_i3:32nm
    cpe:2.3:h:intel:core_i3:32nm
  • cpe:2.3:h:intel:core_i3:45nm
    cpe:2.3:h:intel:core_i3:45nm
  • cpe:2.3:h:intel:core_i5:32nm
    cpe:2.3:h:intel:core_i5:32nm
  • cpe:2.3:h:intel:core_i5:45nm
    cpe:2.3:h:intel:core_i5:45nm
  • cpe:2.3:h:intel:core_i7:32nm
    cpe:2.3:h:intel:core_i7:32nm
  • cpe:2.3:h:intel:core_i7:45nm
    cpe:2.3:h:intel:core_i7:45nm
  • cpe:2.3:h:intel:core_m:32nm
    cpe:2.3:h:intel:core_m:32nm
  • cpe:2.3:h:intel:core_m:45nm
    cpe:2.3:h:intel:core_m:45nm
  • cpe:2.3:h:intel:pentium:n4000
    cpe:2.3:h:intel:pentium:n4000
  • cpe:2.3:h:intel:pentium:n4100
    cpe:2.3:h:intel:pentium:n4100
  • cpe:2.3:h:intel:pentium:n4200
    cpe:2.3:h:intel:pentium:n4200
  • Intel Pentium J J4205
    cpe:2.3:h:intel:pentium_j:j4205
  • cpe:2.3:h:intel:pentium_silver:j5005
    cpe:2.3:h:intel:pentium_silver:j5005
  • cpe:2.3:h:intel:pentium_silver:n5000
    cpe:2.3:h:intel:pentium_silver:n5000
  • cpe:2.3:h:intel:xeon_e3:125c_
    cpe:2.3:h:intel:xeon_e3:125c_
  • Intel Xeon E3 1105C
    cpe:2.3:h:intel:xeon_e3:1105c
  • Intel Xeon E3 1105C V2
    cpe:2.3:h:intel:xeon_e3:1105c_v2
  • Intel Xeon E3 1125C V2
    cpe:2.3:h:intel:xeon_e3:1125c_v2
  • cpe:2.3:h:intel:xeon_e3:1220_
    cpe:2.3:h:intel:xeon_e3:1220_
  • Intel Xeon E3 1220 V2
    cpe:2.3:h:intel:xeon_e3:1220_v2
  • Intel Xeon E3 1220 V3
    cpe:2.3:h:intel:xeon_e3:1220_v3
  • Intel Xeon E3 1220 V5
    cpe:2.3:h:intel:xeon_e3:1220_v5
  • Intel Xeon E3 1220 V6
    cpe:2.3:h:intel:xeon_e3:1220_v6
  • Intel Xeon E3 1220L
    cpe:2.3:h:intel:xeon_e3:1220l
  • Intel Xeon E3 1220L V2
    cpe:2.3:h:intel:xeon_e3:1220l_v2
  • Intel Xeon E3 1220L V3
    cpe:2.3:h:intel:xeon_e3:1220l_v3
  • Intel Xeon E3 1225
    cpe:2.3:h:intel:xeon_e3:1225
  • Intel Xeon E3 1225 V2
    cpe:2.3:h:intel:xeon_e3:1225_v2
  • Intel Xeon E3 1225 V3
    cpe:2.3:h:intel:xeon_e3:1225_v3
  • Intel Xeon E3 1225 V5
    cpe:2.3:h:intel:xeon_e3:1225_v5
  • Intel Xeon E3 1225 V6
    cpe:2.3:h:intel:xeon_e3:1225_v6
  • Intel Xeon E3 1226 V3
    cpe:2.3:h:intel:xeon_e3:1226_v3
  • Intel Xeon E3 1230
    cpe:2.3:h:intel:xeon_e3:1230
  • Intel Xeon E3 1230 V2
    cpe:2.3:h:intel:xeon_e3:1230_v2
  • Intel Xeon E3 1230 V3
    cpe:2.3:h:intel:xeon_e3:1230_v3
  • Intel Xeon E3 1230 V5
    cpe:2.3:h:intel:xeon_e3:1230_v5
  • Intel Xeon E3 1230 V6
    cpe:2.3:h:intel:xeon_e3:1230_v6
  • Intel Xeon E3 1230L V3
    cpe:2.3:h:intel:xeon_e3:1230l_v3
  • Intel Xeon E3 1231 V3
    cpe:2.3:h:intel:xeon_e3:1231_v3
  • Intel Xeon E3 1235
    cpe:2.3:h:intel:xeon_e3:1235
  • Intel Xeon E3 1235L V5
    cpe:2.3:h:intel:xeon_e3:1235l_v5
  • Intel Xeon E3 1240
    cpe:2.3:h:intel:xeon_e3:1240
  • Intel Xeon E3 1240 V2
    cpe:2.3:h:intel:xeon_e3:1240_v2
  • Intel Xeon E3 1240 V3
    cpe:2.3:h:intel:xeon_e3:1240_v3
  • Intel Xeon E3 1240 V5
    cpe:2.3:h:intel:xeon_e3:1240_v5
  • Intel Xeon E3 1240 V6
    cpe:2.3:h:intel:xeon_e3:1240_v6
  • Intel Xeon E3 1240L V3
    cpe:2.3:h:intel:xeon_e3:1240l_v3
  • Intel Xeon E3 1240L V5
    cpe:2.3:h:intel:xeon_e3:1240l_v5
  • Intel Xeon E3 1241 V3
    cpe:2.3:h:intel:xeon_e3:1241_v3
  • Intel Xeon E3 1245
    cpe:2.3:h:intel:xeon_e3:1245
  • Intel Xeon E3 1245 V2
    cpe:2.3:h:intel:xeon_e3:1245_v2
  • Intel Xeon E3 1245 V3
    cpe:2.3:h:intel:xeon_e3:1245_v3
  • Intel Xeon E3 1245 V5
    cpe:2.3:h:intel:xeon_e3:1245_v5
  • Intel Xeon E3 1245 V6
    cpe:2.3:h:intel:xeon_e3:1245_v6
  • Intel Xeon E3 1246 V3
    cpe:2.3:h:intel:xeon_e3:1246_v3
  • Intel Xeon E3 1258L V4
    cpe:2.3:h:intel:xeon_e3:1258l_v4
  • Intel Xeon E3 1260L
    cpe:2.3:h:intel:xeon_e3:1260l
  • Intel Xeon E3 1260L V5
    cpe:2.3:h:intel:xeon_e3:1260l_v5
  • Intel Xeon E3 1265L V2
    cpe:2.3:h:intel:xeon_e3:1265l_v2
  • Intel Xeon E3 1265L V3
    cpe:2.3:h:intel:xeon_e3:1265l_v3
  • Intel Xeon E3 1265L V4
    cpe:2.3:h:intel:xeon_e3:1265l_v4
  • Intel Xeon E3 1268L V3
    cpe:2.3:h:intel:xeon_e3:1268l_v3
  • Intel Xeon E3 1268L V5
    cpe:2.3:h:intel:xeon_e3:1268l_v5
  • Intel Xeon E3 1270
    cpe:2.3:h:intel:xeon_e3:1270
  • Intel Xeon E3 1270 V2
    cpe:2.3:h:intel:xeon_e3:1270_v2
  • Intel Xeon E3 1270 V3
    cpe:2.3:h:intel:xeon_e3:1270_v3
  • Intel Xeon E3 1270 V5
    cpe:2.3:h:intel:xeon_e3:1270_v5
  • Intel Xeon E3 1270 V6
    cpe:2.3:h:intel:xeon_e3:1270_v6
  • Intel Xeon E3 1271 V3
    cpe:2.3:h:intel:xeon_e3:1271_v3
  • cpe:2.3:h:intel:xeon_e3:1275_
    cpe:2.3:h:intel:xeon_e3:1275_
  • Intel Xeon E3 1275 V2
    cpe:2.3:h:intel:xeon_e3:1275_v2
  • Intel Xeon E3 1275 V3
    cpe:2.3:h:intel:xeon_e3:1275_v3
  • Intel Xeon E3 1275 V5
    cpe:2.3:h:intel:xeon_e3:1275_v5
  • Intel Xeon E3 1275 V6
    cpe:2.3:h:intel:xeon_e3:1275_v6
  • Intel Xeon E3 1275L V3
    cpe:2.3:h:intel:xeon_e3:1275l_v3
  • Intel Xeon E3 1276 V3
    cpe:2.3:h:intel:xeon_e3:1276_v3
  • Intel Xeon E3 1278L V4
    cpe:2.3:h:intel:xeon_e3:1278l_v4
  • Intel Xeon E3 1280
    cpe:2.3:h:intel:xeon_e3:1280
  • Intel Xeon E3 1280 V2
    cpe:2.3:h:intel:xeon_e3:1280_v2
  • Intel Xeon E3 1280 V3
    cpe:2.3:h:intel:xeon_e3:1280_v3
  • Intel Xeon E3 1280 V5
    cpe:2.3:h:intel:xeon_e3:1280_v5
  • Intel Xeon E3 1280 V6
    cpe:2.3:h:intel:xeon_e3:1280_v6
  • Intel Xeon E3 1281 V3
    cpe:2.3:h:intel:xeon_e3:1281_v3
  • Intel Xeon E3 1285 V3
    cpe:2.3:h:intel:xeon_e3:1285_v3
  • Intel Xeon E3 1285 V4
    cpe:2.3:h:intel:xeon_e3:1285_v4
  • Intel Xeon E3 1285 V6
    cpe:2.3:h:intel:xeon_e3:1285_v6
  • Intel Xeon E3 1285L V3
    cpe:2.3:h:intel:xeon_e3:1285l_v3
  • Intel Xeon E3 1285L V4
    cpe:2.3:h:intel:xeon_e3:1285l_v4
  • Intel Xeon E3 1286 V3
    cpe:2.3:h:intel:xeon_e3:1286_v3
  • Intel Xeon E3 1286L V3
    cpe:2.3:h:intel:xeon_e3:1286l_v3
  • Intel Xeon E3 1290
    cpe:2.3:h:intel:xeon_e3:1290
  • Intel Xeon E3 1290 V2
    cpe:2.3:h:intel:xeon_e3:1290_v2
  • Intel Xeon E3 1501L V6
    cpe:2.3:h:intel:xeon_e3:1501l_v6
  • Intel Xeon E3 1501M V6
    cpe:2.3:h:intel:xeon_e3:1501m_v6
  • Intel Xeon E3 1505L V5
    cpe:2.3:h:intel:xeon_e3:1505l_v5
  • Intel Xeon E3 1505L V6
    cpe:2.3:h:intel:xeon_e3:1505l_v6
  • Intel Xeon E3 1505M V5
    cpe:2.3:h:intel:xeon_e3:1505m_v5
  • Intel Xeon E3 1505M V6
    cpe:2.3:h:intel:xeon_e3:1505m_v6
  • Intel Xeon E3 1515M V5
    cpe:2.3:h:intel:xeon_e3:1515m_v5
  • Intel Xeon E3 1535M V5
    cpe:2.3:h:intel:xeon_e3:1535m_v5
  • Intel Xeon E3 1535M V6
    cpe:2.3:h:intel:xeon_e3:1535m_v6
  • Intel Xeon E3 1545M V5
    cpe:2.3:h:intel:xeon_e3:1545m_v5
  • Intel Xeon E3 1558L V5
    cpe:2.3:h:intel:xeon_e3:1558l_v5
  • Intel Xeon E3 1565L V5
    cpe:2.3:h:intel:xeon_e3:1565l_v5
  • Intel Xeon E3 1575M V5
    cpe:2.3:h:intel:xeon_e3:1575m_v5
  • Intel Xeon E3 1578L V5
    cpe:2.3:h:intel:xeon_e3:1578l_v5
  • Intel Xeon E3 1585 V5
    cpe:2.3:h:intel:xeon_e3:1585_v5
  • Intel Xeon E3 1585L V5
    cpe:2.3:h:intel:xeon_e3:1585l_v5
  • cpe:2.3:h:intel:xeon_e3:3600
    cpe:2.3:h:intel:xeon_e3:3600
  • cpe:2.3:h:intel:xeon_e3:5600
    cpe:2.3:h:intel:xeon_e3:5600
  • cpe:2.3:h:intel:xeon_e3:7500
    cpe:2.3:h:intel:xeon_e3:7500
  • cpe:2.3:h:intel:xeon_e3:e5502
    cpe:2.3:h:intel:xeon_e3:e5502
  • cpe:2.3:h:intel:xeon_e3:e5503
    cpe:2.3:h:intel:xeon_e3:e5503
  • cpe:2.3:h:intel:xeon_e3:e5504
    cpe:2.3:h:intel:xeon_e3:e5504
  • cpe:2.3:h:intel:xeon_e3:e5506
    cpe:2.3:h:intel:xeon_e3:e5506
  • cpe:2.3:h:intel:xeon_e3:e5507
    cpe:2.3:h:intel:xeon_e3:e5507
  • cpe:2.3:h:intel:xeon_e3:e5520
    cpe:2.3:h:intel:xeon_e3:e5520
  • cpe:2.3:h:intel:xeon_e3:e5530
    cpe:2.3:h:intel:xeon_e3:e5530
  • cpe:2.3:h:intel:xeon_e3:e5540
    cpe:2.3:h:intel:xeon_e3:e5540
  • cpe:2.3:h:intel:xeon_e3:e6510
    cpe:2.3:h:intel:xeon_e3:e6510
  • cpe:2.3:h:intel:xeon_e3:e6540
    cpe:2.3:h:intel:xeon_e3:e6540
  • cpe:2.3:h:intel:xeon_e3:e6550
    cpe:2.3:h:intel:xeon_e3:e6550
  • cpe:2.3:h:intel:xeon_e3:l3403
    cpe:2.3:h:intel:xeon_e3:l3403
  • cpe:2.3:h:intel:xeon_e3:l3406
    cpe:2.3:h:intel:xeon_e3:l3406
  • cpe:2.3:h:intel:xeon_e3:l3426
    cpe:2.3:h:intel:xeon_e3:l3426
  • cpe:2.3:h:intel:xeon_e3:l5506
    cpe:2.3:h:intel:xeon_e3:l5506
  • cpe:2.3:h:intel:xeon_e3:l5508_
    cpe:2.3:h:intel:xeon_e3:l5508_
  • cpe:2.3:h:intel:xeon_e3:l5518_
    cpe:2.3:h:intel:xeon_e3:l5518_
  • cpe:2.3:h:intel:xeon_e3:l5520
    cpe:2.3:h:intel:xeon_e3:l5520
  • cpe:2.3:h:intel:xeon_e3:l5530
    cpe:2.3:h:intel:xeon_e3:l5530
  • cpe:2.3:h:intel:xeon_e3:w5580
    cpe:2.3:h:intel:xeon_e3:w5580
  • cpe:2.3:h:intel:xeon_e3:w5590
    cpe:2.3:h:intel:xeon_e3:w5590
  • cpe:2.3:h:intel:xeon_e3:x3430
    cpe:2.3:h:intel:xeon_e3:x3430
  • cpe:2.3:h:intel:xeon_e3:x3440
    cpe:2.3:h:intel:xeon_e3:x3440
  • cpe:2.3:h:intel:xeon_e3:x3450
    cpe:2.3:h:intel:xeon_e3:x3450
  • cpe:2.3:h:intel:xeon_e3:x3460
    cpe:2.3:h:intel:xeon_e3:x3460
  • cpe:2.3:h:intel:xeon_e3:x3470
    cpe:2.3:h:intel:xeon_e3:x3470
  • cpe:2.3:h:intel:xeon_e3:x3480
    cpe:2.3:h:intel:xeon_e3:x3480
  • cpe:2.3:h:intel:xeon_e3:x5550
    cpe:2.3:h:intel:xeon_e3:x5550
  • cpe:2.3:h:intel:xeon_e3:x5560
    cpe:2.3:h:intel:xeon_e3:x5560
  • cpe:2.3:h:intel:xeon_e3:x5570
    cpe:2.3:h:intel:xeon_e3:x5570
  • Intel Xeon E5 1428L
    cpe:2.3:h:intel:xeon_e5:1428l
  • Intel Xeon E5 1428L V2
    cpe:2.3:h:intel:xeon_e5:1428l_v2
  • Intel Xeon E5 1428L V3
    cpe:2.3:h:intel:xeon_e5:1428l_v3
  • Intel Xeon E5 1620
    cpe:2.3:h:intel:xeon_e5:1620
  • Intel Xeon E5 1620 V2
    cpe:2.3:h:intel:xeon_e5:1620_v2
  • Intel Xeon E5 1620 V3
    cpe:2.3:h:intel:xeon_e5:1620_v3
  • Intel Xeon E5 1620 V4
    cpe:2.3:h:intel:xeon_e5:1620_v4
  • Intel Xeon E5 1630 V3
    cpe:2.3:h:intel:xeon_e5:1630_v3
  • Intel Xeon E5 1630 V4
    cpe:2.3:h:intel:xeon_e5:1630_v4
  • Intel Xeon E5 1650
    cpe:2.3:h:intel:xeon_e5:1650
  • Intel Xeon E5 1650 V2
    cpe:2.3:h:intel:xeon_e5:1650_v2
  • Intel Xeon E5 1650 V3
    cpe:2.3:h:intel:xeon_e5:1650_v3
  • Intel Xeon E5 1650 V4
    cpe:2.3:h:intel:xeon_e5:1650_v4
  • Intel Xeon E5 1660
    cpe:2.3:h:intel:xeon_e5:1660
  • Intel Xeon E5 1660 V2
    cpe:2.3:h:intel:xeon_e5:1660_v2
  • Intel Xeon E5 1660 V3
    cpe:2.3:h:intel:xeon_e5:1660_v3
  • Intel Xeon E5 1660 V4
    cpe:2.3:h:intel:xeon_e5:1660_v4
  • Intel Xeon E5 1680 V3
    cpe:2.3:h:intel:xeon_e5:1680_v3
  • Intel Xeon E5 1680 V4
    cpe:2.3:h:intel:xeon_e5:1680_v4
  • Intel Xeon E5 2403
    cpe:2.3:h:intel:xeon_e5:2403
  • Intel Xeon E5 2403 V2
    cpe:2.3:h:intel:xeon_e5:2403_v2
  • Intel Xeon E5 2407
    cpe:2.3:h:intel:xeon_e5:2407
  • Intel Xeon E5 2407 V2
    cpe:2.3:h:intel:xeon_e5:2407_v2
  • Intel Xeon E5 2408L V3
    cpe:2.3:h:intel:xeon_e5:2408l_v3
  • Intel Xeon E5 2418L
    cpe:2.3:h:intel:xeon_e5:2418l
  • Intel Xeon E5 2418L V2
    cpe:2.3:h:intel:xeon_e5:2418l_v2
  • Intel Xeon E5 2418L V3
    cpe:2.3:h:intel:xeon_e5:2418l_v3
  • Intel Xeon E5 2420
    cpe:2.3:h:intel:xeon_e5:2420
  • Intel Xeon E5 2420 V2
    cpe:2.3:h:intel:xeon_e5:2420_v2
  • Intel Xeon E5 2428L
    cpe:2.3:h:intel:xeon_e5:2428l
  • Intel Xeon E5 2428L V2
    cpe:2.3:h:intel:xeon_e5:2428l_v2
  • Intel Xeon E5 2428L V3
    cpe:2.3:h:intel:xeon_e5:2428l_v3
  • Intel Xeon E5 2430
    cpe:2.3:h:intel:xeon_e5:2430
  • Intel Xeon E5 2430 V2
    cpe:2.3:h:intel:xeon_e5:2430_v2
  • Intel Xeon E5 2430L
    cpe:2.3:h:intel:xeon_e5:2430l
  • Intel Xeon E5 2430L V2
    cpe:2.3:h:intel:xeon_e5:2430l_v2
  • Intel Xeon E5 2438L V3
    cpe:2.3:h:intel:xeon_e5:2438l_v3
  • Intel Xeon E5 2440
    cpe:2.3:h:intel:xeon_e5:2440
  • Intel Xeon E5 2440 V2
    cpe:2.3:h:intel:xeon_e5:2440_v2
  • Intel Xeon E5 2448L
    cpe:2.3:h:intel:xeon_e5:2448l
  • Intel Xeon E5 2448L V2
    cpe:2.3:h:intel:xeon_e5:2448l_v2
  • Intel Xeon E5 2450
    cpe:2.3:h:intel:xeon_e5:2450
  • Intel Xeon E5 2450 V2
    cpe:2.3:h:intel:xeon_e5:2450_v2
  • Intel Xeon E5 2450L
    cpe:2.3:h:intel:xeon_e5:2450l
  • Intel Xeon E5 2450L V2
    cpe:2.3:h:intel:xeon_e5:2450l_v2
  • Intel Xeon E5 2470
    cpe:2.3:h:intel:xeon_e5:2470
  • Intel Xeon E5 2470 V2
    cpe:2.3:h:intel:xeon_e5:2470_v2
  • Intel Xeon E5 2603
    cpe:2.3:h:intel:xeon_e5:2603
  • Intel Xeon E5 2603 V2
    cpe:2.3:h:intel:xeon_e5:2603_v2
  • Intel Xeon E5 2603 V3
    cpe:2.3:h:intel:xeon_e5:2603_v3
  • Intel Xeon E5 2603 V4
    cpe:2.3:h:intel:xeon_e5:2603_v4
  • Intel Xeon E5 2608L V3
    cpe:2.3:h:intel:xeon_e5:2608l_v3
  • Intel Xeon E5 2608L V4
    cpe:2.3:h:intel:xeon_e5:2608l_v4
  • Intel Xeon E5 2609
    cpe:2.3:h:intel:xeon_e5:2609
  • Intel Xeon E5 2609 V2
    cpe:2.3:h:intel:xeon_e5:2609_v2
  • Intel Xeon E5 2609 V3
    cpe:2.3:h:intel:xeon_e5:2609_v3
  • Intel Xeon E5 2609 V4
    cpe:2.3:h:intel:xeon_e5:2609_v4
  • Intel Xeon E5 2618L V2
    cpe:2.3:h:intel:xeon_e5:2618l_v2
  • Intel Xeon E5 2618L V3
    cpe:2.3:h:intel:xeon_e5:2618l_v3
  • Intel Xeon E5 2618L V4
    cpe:2.3:h:intel:xeon_e5:2618l_v4
  • Intel Xeon E5 2620
    cpe:2.3:h:intel:xeon_e5:2620
  • Intel Xeon E5 2620 V2
    cpe:2.3:h:intel:xeon_e5:2620_v2
  • Intel Xeon E5 2620 V3
    cpe:2.3:h:intel:xeon_e5:2620_v3
  • Intel Xeon E5 2620 V4
    cpe:2.3:h:intel:xeon_e5:2620_v4
  • Intel Xeon E5 2623 V3
    cpe:2.3:h:intel:xeon_e5:2623_v3
  • Intel Xeon E5 2623 V4
    cpe:2.3:h:intel:xeon_e5:2623_v4
  • Intel Xeon E5 2628L V2
    cpe:2.3:h:intel:xeon_e5:2628l_v2
  • Intel Xeon E5 2628L V3
    cpe:2.3:h:intel:xeon_e5:2628l_v3
  • Intel Xeon E5 2628L V4
    cpe:2.3:h:intel:xeon_e5:2628l_v4
  • Intel Xeon E5 2630
    cpe:2.3:h:intel:xeon_e5:2630
  • Intel Xeon E5 2630 V2
    cpe:2.3:h:intel:xeon_e5:2630_v2
  • Intel Xeon E5 2630 V3
    cpe:2.3:h:intel:xeon_e5:2630_v3
  • Intel Xeon E5 2630 V4
    cpe:2.3:h:intel:xeon_e5:2630_v4
  • Intel Xeon E5 2630L
    cpe:2.3:h:intel:xeon_e5:2630l
  • Intel Xeon E5 2630L V2
    cpe:2.3:h:intel:xeon_e5:2630l_v2
  • Intel Xeon E5 2630L V3
    cpe:2.3:h:intel:xeon_e5:2630l_v3
  • Intel Xeon E5 2630L V4
    cpe:2.3:h:intel:xeon_e5:2630l_v4
  • Intel Xeon E5 2637
    cpe:2.3:h:intel:xeon_e5:2637
  • Intel Xeon E5 2637 V2
    cpe:2.3:h:intel:xeon_e5:2637_v2
  • Intel Xeon E5 2637 V3
    cpe:2.3:h:intel:xeon_e5:2637_v3
  • Intel Xeon E5 2637 V4
    cpe:2.3:h:intel:xeon_e5:2637_v4
  • Intel Xeon E5 2640
    cpe:2.3:h:intel:xeon_e5:2640
  • Intel Xeon E5 2640 V2
    cpe:2.3:h:intel:xeon_e5:2640_v2
  • Intel Xeon E5 2640 V3
    cpe:2.3:h:intel:xeon_e5:2640_v3
  • Intel Xeon E5 2640 V4
    cpe:2.3:h:intel:xeon_e5:2640_v4
  • Intel Xeon E5 2643
    cpe:2.3:h:intel:xeon_e5:2643
  • Intel Xeon E5 2643 V2
    cpe:2.3:h:intel:xeon_e5:2643_v2
  • Intel Xeon E5 2643 V3
    cpe:2.3:h:intel:xeon_e5:2643_v3
  • Intel Xeon E5 2643 V4
    cpe:2.3:h:intel:xeon_e5:2643_v4
  • Intel Xeon E5 2648L
    cpe:2.3:h:intel:xeon_e5:2648l
  • Intel Xeon E5 2648L V2
    cpe:2.3:h:intel:xeon_e5:2648l_v2
  • Intel Xeon E5 2648L V3
    cpe:2.3:h:intel:xeon_e5:2648l_v3
  • Intel Xeon E5 2648L V4
    cpe:2.3:h:intel:xeon_e5:2648l_v4
  • Intel Xeon E5 2650
    cpe:2.3:h:intel:xeon_e5:2650
  • Intel Xeon E5 2650 V2
    cpe:2.3:h:intel:xeon_e5:2650_v2
  • Intel Xeon E5 2650 V3
    cpe:2.3:h:intel:xeon_e5:2650_v3
  • Intel Xeon E5 2650 V4
    cpe:2.3:h:intel:xeon_e5:2650_v4
  • Intel Xeon E5 2650L
    cpe:2.3:h:intel:xeon_e5:2650l
  • Intel Xeon E5 2650L V2
    cpe:2.3:h:intel:xeon_e5:2650l_v2
  • Intel Xeon E5 2650L V3
    cpe:2.3:h:intel:xeon_e5:2650l_v3
  • Intel Xeon E5 2650L V4
    cpe:2.3:h:intel:xeon_e5:2650l_v4
  • Intel Xeon E5 2658
    cpe:2.3:h:intel:xeon_e5:2658
  • Intel Xeon E5 2658 V2
    cpe:2.3:h:intel:xeon_e5:2658_v2
  • Intel Xeon E5 2658 V3
    cpe:2.3:h:intel:xeon_e5:2658_v3
  • Intel Xeon E5 2658 V4
    cpe:2.3:h:intel:xeon_e5:2658_v4
  • Intel Xeon E5 2658A V3
    cpe:2.3:h:intel:xeon_e5:2658a_v3
  • Intel Xeon E5 2660
    cpe:2.3:h:intel:xeon_e5:2660
  • Intel Xeon E5 2660 V2
    cpe:2.3:h:intel:xeon_e5:2660_v2
  • Intel Xeon E5 2660 V3
    cpe:2.3:h:intel:xeon_e5:2660_v3
  • Intel Xeon E5 2660 V4
    cpe:2.3:h:intel:xeon_e5:2660_v4
  • Intel Xeon E5 2665
    cpe:2.3:h:intel:xeon_e5:2665
  • Intel Xeon E5 2667
    cpe:2.3:h:intel:xeon_e5:2667
  • Intel Xeon E5 2667 V2
    cpe:2.3:h:intel:xeon_e5:2667_v2
  • Intel Xeon E5 2667 V3
    cpe:2.3:h:intel:xeon_e5:2667_v3
  • Intel Xeon E5 2667 V4
    cpe:2.3:h:intel:xeon_e5:2667_v4
  • Intel Xeon E5 2670
    cpe:2.3:h:intel:xeon_e5:2670
  • Intel Xeon E5 2670 V2
    cpe:2.3:h:intel:xeon_e5:2670_v2
  • Intel Xeon E5 2670 V3
    cpe:2.3:h:intel:xeon_e5:2670_v3
  • Intel Xeon E5 2680
    cpe:2.3:h:intel:xeon_e5:2680
  • Intel Xeon E5 2680 V2
    cpe:2.3:h:intel:xeon_e5:2680_v2
  • Intel Xeon E5 2680 V3
    cpe:2.3:h:intel:xeon_e5:2680_v3
  • Intel Xeon E5 2680 V4
    cpe:2.3:h:intel:xeon_e5:2680_v4
  • Intel Xeon E5 2683 V3
    cpe:2.3:h:intel:xeon_e5:2683_v3
  • Intel Xeon E5 2683 V4
    cpe:2.3:h:intel:xeon_e5:2683_v4
  • Intel Xeon E5 2687W
    cpe:2.3:h:intel:xeon_e5:2687w
  • Intel Xeon E5 2687W V2
    cpe:2.3:h:intel:xeon_e5:2687w_v2
  • Intel Xeon E5 2687W V3
    cpe:2.3:h:intel:xeon_e5:2687w_v3
  • Intel Xeon E5 2687W V4
    cpe:2.3:h:intel:xeon_e5:2687w_v4
  • Intel Xeon E5 2690
    cpe:2.3:h:intel:xeon_e5:2690
  • Intel Xeon E5 2690 V2
    cpe:2.3:h:intel:xeon_e5:2690_v2
  • Intel Xeon E5 2690 V3
    cpe:2.3:h:intel:xeon_e5:2690_v3
  • Intel Xeon E5 2690 V4
    cpe:2.3:h:intel:xeon_e5:2690_v4
  • Intel Xeon E5 2695 V2
    cpe:2.3:h:intel:xeon_e5:2695_v2
  • Intel Xeon E5 2695 V3
    cpe:2.3:h:intel:xeon_e5:2695_v3
  • Intel Xeon E5 2695 V4
    cpe:2.3:h:intel:xeon_e5:2695_v4
  • Intel Xeon E5 2697 V2
    cpe:2.3:h:intel:xeon_e5:2697_v2
  • Intel Xeon E5 2697 V3
    cpe:2.3:h:intel:xeon_e5:2697_v3
  • Intel Xeon E5 2697 V4
    cpe:2.3:h:intel:xeon_e5:2697_v4
  • Intel Xeon E5 2697A V4
    cpe:2.3:h:intel:xeon_e5:2697a_v4
  • Intel Xeon E5 2698 V3
    cpe:2.3:h:intel:xeon_e5:2698_v3
  • Intel Xeon E5 2698 V4
    cpe:2.3:h:intel:xeon_e5:2698_v4
  • Intel Xeon E5 2699 V3
    cpe:2.3:h:intel:xeon_e5:2699_v3
  • Intel Xeon E5 2699 V4
    cpe:2.3:h:intel:xeon_e5:2699_v4
  • Intel Xeon E5 2699A V4
    cpe:2.3:h:intel:xeon_e5:2699a_v4
  • Intel Xeon E5 2699R V4
    cpe:2.3:h:intel:xeon_e5:2699r_v4
  • Intel Xeon E5 4603
    cpe:2.3:h:intel:xeon_e5:4603
  • Intel Xeon E5 4603 V2
    cpe:2.3:h:intel:xeon_e5:4603_v2
  • Intel Xeon E5 4607
    cpe:2.3:h:intel:xeon_e5:4607
  • Intel Xeon E5 4607 V2
    cpe:2.3:h:intel:xeon_e5:4607_v2
  • Intel Xeon E5 4610
    cpe:2.3:h:intel:xeon_e5:4610
  • Intel Xeon E5 4610 V2
    cpe:2.3:h:intel:xeon_e5:4610_v2
  • Intel Xeon E5 4610 V3
    cpe:2.3:h:intel:xeon_e5:4610_v3
  • Intel Xeon E5 4610 V4
    cpe:2.3:h:intel:xeon_e5:4610_v4
  • Intel Xeon E5 4617
    cpe:2.3:h:intel:xeon_e5:4617
  • Intel Xeon E5 4620
    cpe:2.3:h:intel:xeon_e5:4620
  • Intel Xeon E5 4620 V2
    cpe:2.3:h:intel:xeon_e5:4620_v2
  • Intel Xeon E5 4620 V3
    cpe:2.3:h:intel:xeon_e5:4620_v3
  • Intel Xeon E5 4620 V4
    cpe:2.3:h:intel:xeon_e5:4620_v4
  • Intel Xeon E5 4624L V2
    cpe:2.3:h:intel:xeon_e5:4624l_v2
  • Intel Xeon E5 4627 V2
    cpe:2.3:h:intel:xeon_e5:4627_v2
  • Intel Xeon E5 4627 V3
    cpe:2.3:h:intel:xeon_e5:4627_v3
  • Intel Xeon E5 4627 V4
    cpe:2.3:h:intel:xeon_e5:4627_v4
  • Intel Xeon E5 4628L V4
    cpe:2.3:h:intel:xeon_e5:4628l_v4
  • Intel Xeon E5 4640
    cpe:2.3:h:intel:xeon_e5:4640
  • Intel Xeon E5 4640 V2
    cpe:2.3:h:intel:xeon_e5:4640_v2
  • Intel Xeon E5 4640 V3
    cpe:2.3:h:intel:xeon_e5:4640_v3
  • Intel Xeon E5 4640 V4
    cpe:2.3:h:intel:xeon_e5:4640_v4
  • Intel Xeon E5 4648 V3
    cpe:2.3:h:intel:xeon_e5:4648_v3
  • Intel Xeon E5 4650
    cpe:2.3:h:intel:xeon_e5:4650
  • Intel Xeon E5 4650 V2
    cpe:2.3:h:intel:xeon_e5:4650_v2
  • Intel Xeon E5 4650 V3
    cpe:2.3:h:intel:xeon_e5:4650_v3
  • Intel Xeon E5 4650 V4
    cpe:2.3:h:intel:xeon_e5:4650_v4
  • Intel Xeon E5 4650L
    cpe:2.3:h:intel:xeon_e5:4650l
  • Intel Xeon E5 4655 V3
    cpe:2.3:h:intel:xeon_e5:4655_v3
  • Intel Xeon E5 4655 V4
    cpe:2.3:h:intel:xeon_e5:4655_v4
  • Intel Xeon E5 4657L V2
    cpe:2.3:h:intel:xeon_e5:4657l_v2
  • Intel Xeon E5 4660 V3
    cpe:2.3:h:intel:xeon_e5:4660_v3
  • Intel Xeon E5 4660 V4
    cpe:2.3:h:intel:xeon_e5:4660_v4
  • Intel Xeon E5 4667 V3
    cpe:2.3:h:intel:xeon_e5:4667_v3
  • Intel Xeon E5 4667 V4
    cpe:2.3:h:intel:xeon_e5:4667_v4
  • Intel Xeon E5 4669 V3
    cpe:2.3:h:intel:xeon_e5:4669_v3
  • Intel Xeon E5 4669 V4
    cpe:2.3:h:intel:xeon_e5:4669_v4
  • Intel Xeon E7 2803
    cpe:2.3:h:intel:xeon_e7:2803
  • Intel Xeon E7 2820
    cpe:2.3:h:intel:xeon_e7:2820
  • Intel Xeon E7 2830
    cpe:2.3:h:intel:xeon_e7:2830
  • Intel Xeon E7 2850
    cpe:2.3:h:intel:xeon_e7:2850
  • Intel Xeon E7 2850 V2
    cpe:2.3:h:intel:xeon_e7:2850_v2
  • Intel Xeon E7 2860
    cpe:2.3:h:intel:xeon_e7:2860
  • Intel Xeon E7 2870
    cpe:2.3:h:intel:xeon_e7:2870
  • Intel Xeon E7 2870 V2
    cpe:2.3:h:intel:xeon_e7:2870_v2
  • Intel Xeon E7 2880 V2
    cpe:2.3:h:intel:xeon_e7:2880_v2
  • Intel Xeon E7 2890 V2
    cpe:2.3:h:intel:xeon_e7:2890_v2
  • Intel Xeon E7 4807
    cpe:2.3:h:intel:xeon_e7:4807
  • Intel Xeon E7 4809 V2
    cpe:2.3:h:intel:xeon_e7:4809_v2
  • Intel Xeon E7 4809 V3
    cpe:2.3:h:intel:xeon_e7:4809_v3
  • Intel Xeon E7 4809 V4
    cpe:2.3:h:intel:xeon_e7:4809_v4
  • Intel Xeon E7 4820
    cpe:2.3:h:intel:xeon_e7:4820
  • Intel Xeon E7 4820 V2
    cpe:2.3:h:intel:xeon_e7:4820_v2
  • Intel Xeon E7 4820 V3
    cpe:2.3:h:intel:xeon_e7:4820_v3
  • Intel Xeon E7 4820 V4
    cpe:2.3:h:intel:xeon_e7:4820_v4
  • Intel Xeon E7 4830
    cpe:2.3:h:intel:xeon_e7:4830
  • Intel Xeon E7 4830 V2
    cpe:2.3:h:intel:xeon_e7:4830_v2
  • Intel Xeon E7 4830 V3
    cpe:2.3:h:intel:xeon_e7:4830_v3
  • Intel Xeon E7 4830 V4
    cpe:2.3:h:intel:xeon_e7:4830_v4
  • Intel Xeon E7 4850
    cpe:2.3:h:intel:xeon_e7:4850
  • Intel Xeon E7 4850 V2
    cpe:2.3:h:intel:xeon_e7:4850_v2
  • Intel Xeon E7 4850 V3
    cpe:2.3:h:intel:xeon_e7:4850_v3
  • Intel Xeon E7 4850 V4
    cpe:2.3:h:intel:xeon_e7:4850_v4
  • Intel Xeon E7 4860
    cpe:2.3:h:intel:xeon_e7:4860
  • Intel Xeon E7 4860 V2
    cpe:2.3:h:intel:xeon_e7:4860_v2
  • Intel Xeon E7 4870
    cpe:2.3:h:intel:xeon_e7:4870
  • Intel Xeon E7 4870 V2
    cpe:2.3:h:intel:xeon_e7:4870_v2
  • Intel Xeon E7 4880 V2
    cpe:2.3:h:intel:xeon_e7:4880_v2
  • Intel Xeon E7 4890 V2
    cpe:2.3:h:intel:xeon_e7:4890_v2
  • Intel Xeon E7 8830
    cpe:2.3:h:intel:xeon_e7:8830
  • Intel Xeon E7 8837
    cpe:2.3:h:intel:xeon_e7:8837
  • Intel Xeon E7 8850
    cpe:2.3:h:intel:xeon_e7:8850
  • Intel Xeon E7 8850 V2
    cpe:2.3:h:intel:xeon_e7:8850_v2
  • Intel Xeon E7 8857 V2
    cpe:2.3:h:intel:xeon_e7:8857_v2
  • Intel Xeon E7 8860
    cpe:2.3:h:intel:xeon_e7:8860
  • Intel Xeon E7 8860 V3
    cpe:2.3:h:intel:xeon_e7:8860_v3
  • Intel Xeon E7 8860 V4
    cpe:2.3:h:intel:xeon_e7:8860_v4
  • Intel Xeon E7 8867 V3
    cpe:2.3:h:intel:xeon_e7:8867_v3
  • Intel Xeon E7 8867 V4
    cpe:2.3:h:intel:xeon_e7:8867_v4
  • Intel Xeon E7 8867L
    cpe:2.3:h:intel:xeon_e7:8867l
  • Intel Xeon E7 8870
    cpe:2.3:h:intel:xeon_e7:8870
  • Intel Xeon E7 8870 V2
    cpe:2.3:h:intel:xeon_e7:8870_v2
  • Intel Xeon E7 8870 V3
    cpe:2.3:h:intel:xeon_e7:8870_v3
  • Intel Xeon E7 8870 V4
    cpe:2.3:h:intel:xeon_e7:8870_v4
  • Intel Xeon E7 8880 V2
    cpe:2.3:h:intel:xeon_e7:8880_v2
  • Intel Xeon E7 8880 V3
    cpe:2.3:h:intel:xeon_e7:8880_v3
  • Intel Xeon E7 8880 V4
    cpe:2.3:h:intel:xeon_e7:8880_v4
  • Intel Xeon E7 8880L V2
    cpe:2.3:h:intel:xeon_e7:8880l_v2
  • Intel Xeon E7 8880L V3
    cpe:2.3:h:intel:xeon_e7:8880l_v3
  • Intel Xeon E7 8890 V2
    cpe:2.3:h:intel:xeon_e7:8890_v2
  • Intel Xeon E7 8890 V3
    cpe:2.3:h:intel:xeon_e7:8890_v3
  • Intel Xeon E7 8890 V4
    cpe:2.3:h:intel:xeon_e7:8890_v4
  • Intel Xeon E7 8891 V2
    cpe:2.3:h:intel:xeon_e7:8891_v2
  • Intel Xeon E7 8891 V3
    cpe:2.3:h:intel:xeon_e7:8891_v3
  • Intel Xeon E7 8891 V4
    cpe:2.3:h:intel:xeon_e7:8891_v4
  • Intel Xeon E7 8893 V2
    cpe:2.3:h:intel:xeon_e7:8893_v2
  • Intel Xeon E7 8893 V3
    cpe:2.3:h:intel:xeon_e7:8893_v3
  • Intel Xeon E7 8893 V4
    cpe:2.3:h:intel:xeon_e7:8893_v4
  • Intel Xeon E7 8894 V4
    cpe:2.3:h:intel:xeon_e7:8894_v4
  • Intel Xeon Gold 5115
    cpe:2.3:h:intel:xeon_gold:5115
  • cpe:2.3:h:intel:xeon_gold:85115
    cpe:2.3:h:intel:xeon_gold:85115
  • cpe:2.3:h:intel:xeon_gold:85118
    cpe:2.3:h:intel:xeon_gold:85118
  • cpe:2.3:h:intel:xeon_gold:85119t
    cpe:2.3:h:intel:xeon_gold:85119t
  • cpe:2.3:h:intel:xeon_gold:85120
    cpe:2.3:h:intel:xeon_gold:85120
  • cpe:2.3:h:intel:xeon_gold:85120t
    cpe:2.3:h:intel:xeon_gold:85120t
  • cpe:2.3:h:intel:xeon_gold:85122
    cpe:2.3:h:intel:xeon_gold:85122
  • cpe:2.3:h:intel:xeon_gold:86126
    cpe:2.3:h:intel:xeon_gold:86126
  • cpe:2.3:h:intel:xeon_gold:86126f
    cpe:2.3:h:intel:xeon_gold:86126f
  • cpe:2.3:h:intel:xeon_gold:86126t
    cpe:2.3:h:intel:xeon_gold:86126t
  • cpe:2.3:h:intel:xeon_gold:86128
    cpe:2.3:h:intel:xeon_gold:86128
  • cpe:2.3:h:intel:xeon_gold:86130
    cpe:2.3:h:intel:xeon_gold:86130
  • cpe:2.3:h:intel:xeon_gold:86130f
    cpe:2.3:h:intel:xeon_gold:86130f
  • cpe:2.3:h:intel:xeon_gold:86130t
    cpe:2.3:h:intel:xeon_gold:86130t
  • cpe:2.3:h:intel:xeon_gold:86132
    cpe:2.3:h:intel:xeon_gold:86132
  • cpe:2.3:h:intel:xeon_gold:86134
    cpe:2.3:h:intel:xeon_gold:86134
  • cpe:2.3:h:intel:xeon_gold:86134m
    cpe:2.3:h:intel:xeon_gold:86134m
  • cpe:2.3:h:intel:xeon_gold:86136
    cpe:2.3:h:intel:xeon_gold:86136
  • cpe:2.3:h:intel:xeon_gold:86138
    cpe:2.3:h:intel:xeon_gold:86138
  • cpe:2.3:h:intel:xeon_gold:86138f
    cpe:2.3:h:intel:xeon_gold:86138f
  • cpe:2.3:h:intel:xeon_gold:86138t
    cpe:2.3:h:intel:xeon_gold:86138t
  • cpe:2.3:h:intel:xeon_gold:86140
    cpe:2.3:h:intel:xeon_gold:86140
  • cpe:2.3:h:intel:xeon_gold:86140m
    cpe:2.3:h:intel:xeon_gold:86140m
  • cpe:2.3:h:intel:xeon_gold:86142
    cpe:2.3:h:intel:xeon_gold:86142
  • cpe:2.3:h:intel:xeon_gold:86142f
    cpe:2.3:h:intel:xeon_gold:86142f
  • cpe:2.3:h:intel:xeon_gold:86142m
    cpe:2.3:h:intel:xeon_gold:86142m
  • cpe:2.3:h:intel:xeon_gold:86144
    cpe:2.3:h:intel:xeon_gold:86144
  • cpe:2.3:h:intel:xeon_gold:86146
    cpe:2.3:h:intel:xeon_gold:86146
  • cpe:2.3:h:intel:xeon_gold:86148
    cpe:2.3:h:intel:xeon_gold:86148
  • cpe:2.3:h:intel:xeon_gold:86148f
    cpe:2.3:h:intel:xeon_gold:86148f
  • cpe:2.3:h:intel:xeon_gold:86150
    cpe:2.3:h:intel:xeon_gold:86150
  • cpe:2.3:h:intel:xeon_gold:86152
    cpe:2.3:h:intel:xeon_gold:86152
  • cpe:2.3:h:intel:xeon_gold:86154
    cpe:2.3:h:intel:xeon_gold:86154
  • Intel Xeon Platinum 8153
    cpe:2.3:h:intel:xeon_platinum:8153
  • Intel Xeon Platinum 8156
    cpe:2.3:h:intel:xeon_platinum:8156
  • Intel Xeon Platinum 8158
    cpe:2.3:h:intel:xeon_platinum:8158
  • Intel Xeon Platinum 8160
    cpe:2.3:h:intel:xeon_platinum:8160
  • Intel Xeon Platinum 8160F
    cpe:2.3:h:intel:xeon_platinum:8160f
  • Intel Xeon Platinum 8160M
    cpe:2.3:h:intel:xeon_platinum:8160m
  • Intel Xeon Platinum 8160T
    cpe:2.3:h:intel:xeon_platinum:8160t
  • Intel Xeon Platinum 8164
    cpe:2.3:h:intel:xeon_platinum:8164
  • Intel Xeon Platinum 8168
    cpe:2.3:h:intel:xeon_platinum:8168
  • Intel Xeon Platinum 8170
    cpe:2.3:h:intel:xeon_platinum:8170
  • Intel Xeon Platinum 8170M
    cpe:2.3:h:intel:xeon_platinum:8170m
  • Intel Xeon Platinum 8176
    cpe:2.3:h:intel:xeon_platinum:8176
  • Intel Xeon Platinum 8176F
    cpe:2.3:h:intel:xeon_platinum:8176f
  • Intel Xeon Platinum 8176M
    cpe:2.3:h:intel:xeon_platinum:8176m
  • Intel Xeon Platinum 8180
    cpe:2.3:h:intel:xeon_platinum:8180
  • Intel Xeon Silver 4108
    cpe:2.3:h:intel:xeon_silver:4108
  • Intel Xeon Silver 4109T
    cpe:2.3:h:intel:xeon_silver:4109t
  • Intel Xeon Silver 4110
    cpe:2.3:h:intel:xeon_silver:4110
  • Intel Xeon Silver 4112
    cpe:2.3:h:intel:xeon_silver:4112
  • Intel Xeon Silver 4114
    cpe:2.3:h:intel:xeon_silver:4114
  • Intel Xeon Silver 4114T
    cpe:2.3:h:intel:xeon_silver:4114t
  • Intel Xeon Silver 4116
    cpe:2.3:h:intel:xeon_silver:4116
  • Intel Xeon Silver 4116T
    cpe:2.3:h:intel:xeon_silver:4116t
  • ARM Cortex-A15
    cpe:2.3:h:arm:cortex-a:15
  • ARM Cortex-A57
    cpe:2.3:h:arm:cortex-a:57
  • ARM Cortex-A72
    cpe:2.3:h:arm:cortex-a:72
  • cpe:2.3:a:redhat:openstack:8
    cpe:2.3:a:redhat:openstack:8
  • cpe:2.3:a:redhat:openstack:9
    cpe:2.3:a:redhat:openstack:9
  • Red Hat OpenStack 10
    cpe:2.3:a:redhat:openstack:10
  • Red Hat OpenStack 12
    cpe:2.3:a:redhat:openstack:12
  • Red Hat OpenStack 13.0
    cpe:2.3:a:redhat:openstack:13.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 5.9
    cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 6.5
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
  • Red Hat Enterprise Linux Server AUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 6.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • cpe:2.3:o:redhat:virtualization:4.2
    cpe:2.3:o:redhat:virtualization:4.2
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • cpe:2.3:h:siemens:itc1500:3
    cpe:2.3:h:siemens:itc1500:3
  • cpe:2.3:h:siemens:itc1500_pro:3
    cpe:2.3:h:siemens:itc1500_pro:3
  • cpe:2.3:h:siemens:itc1900:3
    cpe:2.3:h:siemens:itc1900:3
  • cpe:2.3:h:siemens:itc1900_pro:3
    cpe:2.3:h:siemens:itc1900_pro:3
  • cpe:2.3:h:siemens:itc2200:3
    cpe:2.3:h:siemens:itc2200:3
  • cpe:2.3:h:siemens:itc2200_pro:3
    cpe:2.3:h:siemens:itc2200_pro:3
  • Oracle Solaris 11
    cpe:2.3:o:oracle:solaris:11
  • cpe:2.3:o:siemens:ruggedcom_ape_firmware
    cpe:2.3:o:siemens:ruggedcom_ape_firmware
  • cpe:2.3:h:siemens:ruggedcom_ape
    cpe:2.3:h:siemens:ruggedcom_ape
  • cpe:2.3:h:siemens:simatic_et_200_sp
    cpe:2.3:h:siemens:simatic_et_200_sp
  • cpe:2.3:h:siemens:simatic_field_pg_m4
    cpe:2.3:h:siemens:simatic_field_pg_m4
  • cpe:2.3:h:siemens:simatic_field_pg_m5
    cpe:2.3:h:siemens:simatic_field_pg_m5
  • cpe:2.3:h:siemens:simatic_ipc3000_smart:2
    cpe:2.3:h:siemens:simatic_ipc3000_smart:2
  • cpe:2.3:h:siemens:simatic_ipc347e
    cpe:2.3:h:siemens:simatic_ipc347e
  • cpe:2.3:o:siemens:simatic_ipc427c_firmware
    cpe:2.3:o:siemens:simatic_ipc427c_firmware
  • cpe:2.3:h:siemens:simatic_ipc427c
    cpe:2.3:h:siemens:simatic_ipc427c
  • cpe:2.3:h:siemens:simatic_ipc427d
    cpe:2.3:h:siemens:simatic_ipc427d
  • cpe:2.3:h:siemens:simatic_ipc427e
    cpe:2.3:h:siemens:simatic_ipc427e
  • cpe:2.3:o:siemens:simatic_ipc477c_firmware
    cpe:2.3:o:siemens:simatic_ipc477c_firmware
  • cpe:2.3:h:siemens:simatic_ipc477c
    cpe:2.3:h:siemens:simatic_ipc477c
  • cpe:2.3:h:siemens:simatic_ipc477d
    cpe:2.3:h:siemens:simatic_ipc477d
  • cpe:2.3:h:siemens:simatic_ipc477e
    cpe:2.3:h:siemens:simatic_ipc477e
  • cpe:2.3:h:siemens:simatic_ipc477e_pro
    cpe:2.3:h:siemens:simatic_ipc477e_pro
  • cpe:2.3:h:siemens:simatic_ipc547e
    cpe:2.3:h:siemens:simatic_ipc547e
  • cpe:2.3:h:siemens:simatic_ipc547g
    cpe:2.3:h:siemens:simatic_ipc547g
  • cpe:2.3:h:siemens:simatic_ipc627c
    cpe:2.3:h:siemens:simatic_ipc627c
  • cpe:2.3:h:siemens:simatic_ipc627d
    cpe:2.3:h:siemens:simatic_ipc627d
  • cpe:2.3:h:siemens:simatic_ipc647c
    cpe:2.3:h:siemens:simatic_ipc647c
  • cpe:2.3:h:siemens:simatic_ipc647d
    cpe:2.3:h:siemens:simatic_ipc647d
  • cpe:2.3:h:siemens:simatic_ipc677d
    cpe:2.3:h:siemens:simatic_ipc677d
  • cpe:2.3:h:siemens:simatic_ipc677c
    cpe:2.3:h:siemens:simatic_ipc677c
  • cpe:2.3:h:siemens:simatic_ipc827c
    cpe:2.3:h:siemens:simatic_ipc827c
  • cpe:2.3:h:siemens:simatic_ipc827d
    cpe:2.3:h:siemens:simatic_ipc827d
  • cpe:2.3:h:siemens:simatic_ipc847c
    cpe:2.3:h:siemens:simatic_ipc847c
  • cpe:2.3:h:siemens:simatic_ipc847d
    cpe:2.3:h:siemens:simatic_ipc847d
  • cpe:2.3:h:siemens:simatic_itp1000
    cpe:2.3:h:siemens:simatic_itp1000
  • cpe:2.3:h:siemens:simatic_s7-1500
    cpe:2.3:h:siemens:simatic_s7-1500
  • cpe:2.3:h:siemens:simotion_p320-4e
    cpe:2.3:h:siemens:simotion_p320-4e
  • cpe:2.3:o:siemens:sinumerik_840_d_sl_firmware
    cpe:2.3:o:siemens:sinumerik_840_d_sl_firmware
  • cpe:2.3:h:siemens:sinumerik_840_d_sl
    cpe:2.3:h:siemens:sinumerik_840_d_sl
  • cpe:2.3:h:siemens:sinumerik_pcu_50.5
    cpe:2.3:h:siemens:sinumerik_pcu_50.5
  • cpe:2.3:o:siemens:sinumerik_tcu_30.3_firmware
    cpe:2.3:o:siemens:sinumerik_tcu_30.3_firmware
  • cpe:2.3:h:siemens:sinumerik_tcu_30.3
    cpe:2.3:h:siemens:sinumerik_tcu_30.3
  • cpe:2.3:o:siemens:sinema_remote_connect_firmware
    cpe:2.3:o:siemens:sinema_remote_connect_firmware
  • cpe:2.3:h:siemens:sinema_remote_connect
    cpe:2.3:h:siemens:sinema_remote_connect
  • cpe:2.3:a:mitel:micloud_management_portal
    cpe:2.3:a:mitel:micloud_management_portal
  • cpe:2.3:a:mitel:micollab
    cpe:2.3:a:mitel:micollab
  • cpe:2.3:a:mitel:mivoic_mx-one
    cpe:2.3:a:mitel:mivoic_mx-one
  • cpe:2.3:a:mitel:mivoice_5000
    cpe:2.3:a:mitel:mivoice_5000
  • cpe:2.3:a:mitel:mivoice_border_gateway
    cpe:2.3:a:mitel:mivoice_border_gateway
  • cpe:2.3:a:mitel:mivoice_business
    cpe:2.3:a:mitel:mivoice_business
  • cpe:2.3:a:mitel:mivoice_connect
    cpe:2.3:a:mitel:mivoice_connect
  • cpe:2.3:a:mitel:open_integration_gateway
    cpe:2.3:a:mitel:open_integration_gateway
  • cpe:2.3:a:sonicwall:cloud_global_management_system
    cpe:2.3:a:sonicwall:cloud_global_management_system
  • cpe:2.3:a:sonicwall:email_security
    cpe:2.3:a:sonicwall:email_security
  • cpe:2.3:a:sonicwall:global_management_system
    cpe:2.3:a:sonicwall:global_management_system
  • cpe:2.3:a:sonicwall:secure_mobile_access
    cpe:2.3:a:sonicwall:secure_mobile_access
  • cpe:2.3:a:sonicwall:sonicosv
    cpe:2.3:a:sonicwall:sonicosv
  • cpe:2.3:a:sonicwall:web_application_firewall
    cpe:2.3:a:sonicwall:web_application_firewall
CVSS
Base: 4.9
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
exploit-db via4
description AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass. CVE-2018-3639. Dos exploit for Hardware platform
file exploits/hardware/dos/44695.c
id EDB-ID:44695
last seen 2018-05-24
modified 2018-05-22
platform hardware
port
published 2018-05-22
reporter Exploit-DB
source https://www.exploit-db.com/download/44695/
title AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
type dos
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1386-1.NASL
    description This update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. - CVE-2017-5715: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types. We remove that initial patch and now rely on patches from upstream (bsc#1068032). This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110090
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110090
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1386-1) (Spectre)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0049.NASL
    description An update of {'linux-esx', 'linux', 'patch', 'linux-aws', 'linux- secure'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111304
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111304
    title Photon OS 2.0 : linux-esx / linux / patch / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0049) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1363-1.NASL
    description This update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. - CVE-2017-5715: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types. We remove that initial patch and now rely on patches from upstream (bsc#1068032). This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110030
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110030
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1363-1) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180626_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) - kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) Bug Fix(es) : See the descriptions in the related Knowledge Article :
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110717
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110717
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1965.NASL
    description From Red Hat Security Advisory 2018:1965 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871
    last seen 2019-02-21
    modified 2018-06-28
    plugin id 110749
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110749
    title Oracle Linux 7 : kernel (ELSA-2018-1965) (Spectre)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_183R1.NASL
    description According to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities: - A use after free vulnerability exists in the do_get_mempolicy function. An local attacker can exploit this to cause a denial of service condition. (CVE-2018-10675) - A malicious authenticated user may be able to delete a device from the Junos Space database without the privileges through crafted Ajax interactions from another legitimate delete action performed by an administrative user. (CVE-2019-0016) - A flaw in validity checking of image files uploaded to Junos Space could allow an attacker to upload malicious scripts or images. (CVE-2019-0017) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121067
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121067
    title Juniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1423.NASL
    description Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the 'jessie-backports' suite. There is no need to upgrade systems using Linux 3.16, as that kernel version will also continue to be supported in the LTS period. This backport does not include the following binary packages : hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip Older versions of most of those are built from other source packages in Debian 8. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5753 Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated. CVE-2017-18255 It was discovered that the performance events subsystem did not properly validate the value of the kernel.perf_cpu_time_max_percent sysctl. Setting a large value could have an unspecified security impact. However, only a privileged user can set this sysctl. CVE-2018-1118 The syzbot software found that the vhost driver did not initialise message buffers which would later be read by user processes. A user with access to the /dev/vhost-net device could use this to read sensitive information from the kernel or other users' processes. CVE-2018-1120 Qualys reported that a user able to mount FUSE filesystems can create a process such that when another process attempting to read its command line will be blocked for an arbitrarily long time. This could be used for denial of service, or to aid in exploiting a race condition in the other program. CVE-2018-1130 The syzbot software found that the DCCP implementation of sendmsg() does not check the socket state, potentially leading to a NULL pointer dereference. A local user could use this to cause a denial of service (crash). CVE-2018-3639 Multiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4. This update allows the issue to be mitigated on some x86 processors by disabling SSB. This requires an update to the processor's microcode, which is non-free. It may be included in an update to the system BIOS or UEFI firmware, or in a future update to the intel-microcode or amd64-microcode packages. Disabling SSB can reduce performance significantly, so by default it is only done in tasks that use the seccomp feature. Applications that require this mitigation should request it explicitly through the prctl() system call. Users can control where the mitigation is enabled with the spec_store_bypass_disable kernel parameter. CVE-2018-5814 Jakub Jirasek reported race conditions in the USB/IP host driver. A malicious client could use this to cause a denial of service (crash or memory corruption), and possibly to execute code, on a USB/IP server. CVE-2018-10021 A physically present attacker who unplugs a SAS cable can cause a denial of service (memory leak and WARN). CVE-2018-10087, CVE-2018-10124 zhongjiang found that the wait4() and kill() system call implementations did not check for the invalid pid value of INT_MIN. If a user passed this value, the behaviour of the code was formally undefined and might have had a security impact. CVE-2018-10853 Andy Lutomirski and Mika Penttilä reported that KVM for x86 processors did not perform a necessary privilege check when emulating certain instructions. This could be used by an unprivileged user in a guest VM to escalate their privileges within the guest. CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883 Wen Xu at SSLab, Gatech, reported that crafted ext4 filesystem images could trigger a crash or memory corruption. A local user able to mount arbitrary filesystems, or an attacker providing filesystems to be mounted, could use this for denial of service or possibly for privilege escalation. CVE-2018-10940 Dan Carpenter reported that the optical disc driver (cdrom) does not correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A user with access to a cdrom device could use this to cause a denial of service (crash). CVE-2018-11506 Piotr Gabriel Kosinski and Daniel Shapira reported that the SCSI optical disc driver (sr) did not allocate a sufficiently large buffer for sense data. A user with access to a SCSI optical disc device that can produce more than 64 bytes of sense data could use this to cause a denial of service (crash or memory corruption), and possibly for privilege escalation. CVE-2018-12233 Shankara Pailoor reported that a crafted JFS filesystem image could trigger a denial of service (memory corruption). This could possibly also be used for privilege escalation. CVE-2018-1000204 The syzbot software found that the SCSI generic driver (sg) would in some circumstances allow reading data from uninitialised buffers, which could include sensitive information from the kernel or other tasks. However, only privileged users with the CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this, so this has little or no security impact. For Debian 8 'Jessie', these problems have been fixed in version 4.9.110-1~deb8u1. This update additionally fixes Debian bugs #860900, #872907, #892057, #896775, #897590, and #898137; and includes many more bug fixes from stable updates 4.9.89-4.9.110 inclusive. We recommend that you upgrade your linux-4.9 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 111165
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111165
    title Debian DLA-1423-1 : linux-4.9 new package (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3680-1.NASL
    description Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110515
    published 2018-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110515
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libvirt vulnerability and update (USN-3680-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-42.NASL
    description This update for java-1_7_0-openjdk to version 7u201 fixes the following issues : Security issues fixed : - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 121151
    published 2019-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121151
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-42) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1265.NASL
    description According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) - On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel. (CVE-2018-1087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117574
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117574
    title EulerOS Virtualization 2.5.1 : kvm (EulerOS-SA-2018-1265)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1456-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092631) This feature can be controlled by the 'ssbd=on/off' commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261 bsc#1090822) - CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262 bsc#1090823) Other bugfixes : - Upstream patches from Jan (bsc#1027519) - additional fixes related to Page Table Isolation (XPTI). (bsc#1074562 XSA-254) - qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110222
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110222
    title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1456-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-547.NASL
    description This update for xen fixes the following issues : Security issues fixed : - CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092631) This feature can be controlled by the 'ssbd=on/off' commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261 bsc#1090822) - CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262 bsc#1090823) Other bugfixes : - Upstream patches from Jan (bsc#1027519) - additional fixes related to Page Table Isolation (XPTI). (bsc#1074562 XSA-254) - qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110309
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110309
    title openSUSE Security Update : xen (openSUSE-2018-547) (Spectre)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-9F02E5ED7B.NASL
    description Add new CPU features for CVE-2017-5715 and CVE-2018-3639 On Intel x86 hosts, the 'ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. On AMD x86 hosts, the 'virt-ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. In both cases, kernel >= 4.16.10-301 is required on the host and guest in order to activate the fix. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 110951
    published 2018-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110951
    title Fedora 27 : 2:qemu (2018-9f02e5ed7b) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1711.NASL
    description An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the rhev-hypervisor7 side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110113
    published 2018-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110113
    title RHEL 6 / 7 : Virtualization (RHSA-2018:1711) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0228.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] (CVE-2017-16939) - ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] (CVE-2017-16939) - net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101] - net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627] - net/rds: use one sided reconnection during a race (Wei Lin Guay) - Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (Hå kon Bugge) [Orabug: 28068627] - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (Joe Jin) [Orabug: 22910685] - net/rds: Assign the correct service level (Wei Lin Guay) [Orabug: 27607213] - target: Re-add missing SCF_ACK_KREF assignment in v4.1.y (Nicholas Bellinger) [Orabug: 27781132] - target: Fix LUN_RESET active I/O handling for ACK_KREF (Nicholas Bellinger) [Orabug: 27781132] - target: Invoke release_cmd callback without holding a spinlock (Bart Van Assche) [Orabug: 27781132] - x86/bugs: Remove the Disabling Spectre v2 mitigation retpoline (Konrad Rzeszutek Wilk) [Orabug: 27897282] - x86/bugs: Report properly retpoline+IBRS (Konrad Rzeszutek Wilk) - x86/bugs: Don't lie when fallback retpoline is engaged (Konrad Rzeszutek Wilk) - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (Mauricio Faria de Oliveira) [Orabug: 28079082] - qla2xxx: Enable buffer boundary check when DIF bundling is on. (Rajan Shanmugavelu) [Orabug: 28130589] - kernel: sys.c: missing break for prctl spec ctrl (Mihai Carabas) - x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas) - fs/pstore: update the backend parameter in pstore module (Wang Long) - kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210] - dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932] - x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] (CVE-2018-3639) - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] (CVE-2018-3639) - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/bugs: Unify x86_spec_ctrl_[set_guest,restore_host] (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639) - x86/speculation: Rework speculative_store_bypass_update (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] (CVE-2018-3639) - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639) - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639) - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] (CVE-2018-1000199) - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 110526
    published 2018-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110526
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS19_JAN_4480970.NASL
    description The remote Windows host is missing security update 4480960 or cumulative update 4480970. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0569) - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584) - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554) - An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 121017
    published 2019-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121017
    title KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2615-1.NASL
    description This update for kvm fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112287
    published 2018-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112287
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2615-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-894.NASL
    description This update for qemu to version 2.11.2 fixes the following issues : Security issue fixed : - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes : - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. - bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB. This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 112003
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112003
    title openSUSE Security Update : qemu (openSUSE-2018-894) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1967.NASL
    description An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC) * This release also includes next iteration of the CVE-2017-5715 mitigation that includes the SMCCC (Secure Monitor Call Calling Convention) 1.1 support. (CVE-2017-5715, ARM) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : These updated kernel-alt packages include numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485851
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 110709
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110709
    title RHEL 7 : kernel-alt (RHSA-2018:1967) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2528-1.NASL
    description This update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed : - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112147
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112147
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1965.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110708
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110708
    title RHEL 7 : kernel (RHSA-2018:1965) (Spectre)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1034.NASL
    description An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672) A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.(CVE-2017-15268) A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.(CVE-2017-13711 ) Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858) VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.(CVE-2018-5683)
    last seen 2019-02-21
    modified 2018-06-12
    plugin id 110451
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110451
    title Amazon Linux 2 : qemu-kvm (ALAS-2018-1034) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0248.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 111992
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111992
    title OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3654-1.NASL
    description Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110048
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110048
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, vulnerabilities (USN-3654-1) (Spectre)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2018-034.NASL
    description According to the versions of the cpupools / cpupools-features / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 110157
    published 2018-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110157
    title Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-034)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180522_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    description Security Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110022
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110022
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2006.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD CPUs. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. Bug Fix(es) : * The 'virsh capabilities' command previously displayed an inaccurate number of 4 KiB memory pages on systems with very large amounts of memory. This update optimizes the memory diagnostic mechanism to ensure memory page numbers are displayed correctly on such systems. (BZ#1582416) * After starting a large amount of guest virtual machines in a single session, the libvirtd service in some cases became unable to start any other guests until it was restarted. This update ensures that libvirtd properly frees memory used for D-Bus replies, which prevents the described problem from occurring. (BZ#1588390)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110714
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110714
    title RHEL 7 : libvirt (RHSA-2018:2006) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1650.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109964
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109964
    title CentOS 6 : java-1.8.0-openjdk (CESA-2018:1650) (Spectre)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0151_LINUX.NASL
    description An update of the linux package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121851
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121851
    title Photon OS 1.0: Linux PHSA-2018-1.0-0151
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1633.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109995
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109995
    title RHEL 7 : qemu-kvm (RHSA-2018:1633) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2216.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. Bug Fix(es) : * When switching from the indirect branch speculation (IBRS) feature to the retpolines feature, the IBRS state of some CPUs was sometimes not handled correctly. Consequently, some CPUs were left with the IBRS Model-Specific Register (MSR) bit set to 1, which could lead to performance issues. With this update, the underlying source code has been fixed to clear the IBRS MSR bits correctly, thus fixing the bug. (BZ#1586145)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111148
    published 2018-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111148
    title RHEL 7 : kernel (RHSA-2018:2216) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1632.NASL
    description From Red Hat Security Advisory 2018:1632 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109978
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109978
    title Oracle Linux 7 : libvirt (ELSA-2018-1632) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1650.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110001
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110001
    title RHEL 6 : java-1.8.0-openjdk (RHSA-2018:1650) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-599.NASL
    description This update for xen to version 4.10.1 fixes several issues (bsc#1027519). These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed : - Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730)
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 110438
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110438
    title openSUSE Security Update : xen (openSUSE-2018-599) (Meltdown) (Spectre)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1039.NASL
    description An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110462
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110462
    title Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1196.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler( ) function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255) - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021) - The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087) - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781) - An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110860
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110860
    title EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1196)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3424.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118559
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118559
    title RHEL 6 : qemu-kvm (RHSA-2018:3424) (Spectre)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-527698A904.NASL
    description Add new CPU features for speculative store bypass (CVE-2018-3639) On Intel x86 hosts, the 'ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. On AMD x86 hosts, the 'virt-ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. In both cases, kernel >= 4.16.10-301 is required on the host and guest in order to activate the fix. QEMU >= qemu-2.11.1-3.fc28 is also required on the host Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120426
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120426
    title Fedora 28 : libvirt (2018-527698a904) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3425.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118560
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118560
    title RHEL 6 : qemu-kvm (RHSA-2018:3425) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1201.NASL
    description According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.(CVE-2017-13672) - Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.(CVE-2017-13711) - VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) - Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.(CVE-2017-15268) - The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.(CVE-2018-5683) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) - Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110865
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110865
    title EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1201)
  • NASL family AIX Local Security Checks
    NASL id AIX_IJ05820.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 109952
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109952
    title AIX 7.2 TL 1 : variant4 (IJ05820) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1658.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110007
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110007
    title RHEL 6 : qemu-kvm (RHSA-2018:1658) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3679-1.NASL
    description Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110514
    published 2018-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110514
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : qemu update (USN-3679-1) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1648.NASL
    description From Red Hat Security Advisory 2018:1648 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109981
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109981
    title Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-1648) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1649.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109963
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109963
    title CentOS 7 : java-1.8.0-openjdk (CESA-2018:1649) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3423.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118558
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118558
    title RHEL 7 : qemu-kvm (RHSA-2018:3423) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1669.NASL
    description From Red Hat Security Advisory 2018:1669 : An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109986
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109986
    title Oracle Linux 6 : libvirt (ELSA-2018-1669) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1647.NASL
    description From Red Hat Security Advisory 2018:1647 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109980
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109980
    title Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1647) (Spectre)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-AEC846C0EF.NASL
    description Speculative Store Bypass [XSA-263, CVE-2018-3639] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110402
    published 2018-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110402
    title Fedora 27 : xen (2018-aec846c0ef) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1389-1.NASL
    description This update for kvm fixes the following issues: This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110091
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110091
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1389-1) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1965.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110905
    published 2018-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110905
    title CentOS 7 : kernel (CESA-2018:1965) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS19_JAN_4480963.NASL
    description The remote Windows host is missing security update 4480964 or cumulative update 4480963. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584) - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545) - An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing. (CVE-2019-0555) - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. (CVE-2019-0570) - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541) - An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-0552) - An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0569)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 121014
    published 2019-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121014
    title KB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1197.NASL
    description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110861
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110861
    title EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-93C2E74446.NASL
    description The v4.16.11 kernel includes important fixes across the tree ---- The v4.16.10 update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110170
    published 2018-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110170
    title Fedora 27 : kernel (2018-93c2e74446) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1665.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110014
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110014
    title RHEL 6 : libvirt (RHSA-2018:1665) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-603.NASL
    description This update for qemu fixes the following issues : This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This non-security issue was fixed : - Fix qemu-guest-agent uninstall (boo#1093169)
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110442
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110442
    title openSUSE Security Update : qemu (openSUSE-2018-603) (Spectre)
  • NASL family AIX Local Security Checks
    NASL id AIX_IJ05818.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 109951
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109951
    title AIX 7.2 TL 2 : variant4 (IJ05818) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1629.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update mitigations for x86-64 architecture are provided. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109992
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109992
    title RHEL 7 : kernel (RHSA-2018:1629) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1660.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109966
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109966
    title CentOS 6 : qemu-kvm (CESA-2018:1660) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3402.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118551
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118551
    title RHEL 6 : libvirt (RHSA-2018:3402) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1647.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109998
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109998
    title RHEL 6 : java-1.7.0-openjdk (RHSA-2018:1647) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2001.NASL
    description From Red Hat Security Advisory 2018:2001 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110752
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110752
    title Oracle Linux 7 : qemu-kvm (ELSA-2018-2001) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1194.NASL
    description According to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110858
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110858
    title EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1194)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0151.NASL
    description An update of {'linux', 'linux-esx'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111277
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111277
    title Photon OS 1.0 : linux / linux-esx (PhotonOS-PHSA-2018-1.0-0151) (Spectre) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2556-1.NASL
    description This update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112201
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112201
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2556-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2973-1.NASL
    description This update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117900
    published 2018-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117900
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0049-1.NASL
    description This update for java-1_7_0-openjdk to version 7u201 fixes the following issues : Security issues fixed : CVE-2018-3136: Manifest better support (bsc#1112142) CVE-2018-3139: Better HTTP Redirection (bsc#1112143) CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) CVE-2018-3169: Improve field accesses (bsc#1112146) CVE-2018-3180: Improve TLS connections stability (bsc#1112147) CVE-2018-3214: Better RIFF reading support (bsc#1112152) CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile CVE-2018-2938: Support Derby connections (bsc#1101644) CVE-2018-2940: Better stack walking (bsc#1101645) CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) CVE-2018-2973: Improve LDAP support (bsc#1101656) CVE-2018-3639 cpu speculative store bypass mitigation Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121059
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121059
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0272.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 118963
    published 2018-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118963
    title OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS_JAN2019_SRU11_4_3_5_0.NASL
    description This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. (CVE-2019-2437) - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. (CVE-2018-3646) - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. (CVE-2018-3639)
    last seen 2019-02-21
    modified 2019-01-23
    plugin id 121223
    published 2019-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121223
    title Oracle Solaris Critical Patch Update : jan2019_SRU11_4_3_5_0 (Foreshadow) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1603-1.NASL
    description This update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110444
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110444
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:1603-1) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2003.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-862.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1576058)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110713
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110713
    title RHEL 7 : kernel-rt (RHSA-2018:2003) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0232.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=b059d1de3b211fe5582c63f64b4822b9f85eafd2 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: fix memory leak of XendConfig.XendConfig object (Manjunath Patil) [Orabug: 28165871] - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - x86/spec-ctrl: Mitigations for LazyFPU (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 27182906] - x86/AMD-ucode: correct multiple container handling (Jan Beulich) - x86, amd_ucode: fix coverity issues found in cpu_request_microcode (Aravind Gopalakrishnan) [Orabug: 28157269] - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128754] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28035001] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Fold the XEN_IBRS_[SET,CLEAR] ALTERNATIVES together (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Assume that STIBP feature is always available (Boris Ostrovsky) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - Revert 'x86/boot: Disable IBRS in intr/nmi exit path at bootup stage' (Boris Ostrovsky) [Orabug: 28035001] (CVE-2018-3639)
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 110791
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110791
    title OracleVM 3.4 : xen (OVMSA-2018-0232) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0238.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018 -3639.patch - qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-i t-CVE.patch - qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit -CVE-.patch - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-6.10.z]) - kvm-vga-add-share_surface-flag.patch [bz#1553674] - kvm-vga-add-sanity-checks.patch [bz#1553674] - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-6]) - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran .patch - kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran .patch - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.p atch [bz#1501298] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions .patch - kvm-vga-check-the-validation-of-memory-addr-when-draw-te .patch - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev: Qemu: vga: OOB read access during display update [rhel-6.10]) - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.10]) - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-6.10]) - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch file [rhel-6.10]) - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch [bz#1428750] - kvm-vnc-apply-display-size-limits.patch [bz#1430616 bz#1430617] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f .patch - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.pat ch [bz#1443448 bz#1443450 bz#1447542 bz#1447545] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt .patch - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt .patch - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran .patch - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378 bz#1444380] - Resolves: bz#1428750 (Fails to build in brew) - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10])
    last seen 2019-02-21
    modified 2018-09-07
    plugin id 111023
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111023
    title OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-656.NASL
    description The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture. - CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356). - CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). - CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311 1091815). - CVE-2017-13305: A information disclosure vulnerability in the encrypted-keys. (bnc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bnc#1087095). - CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bnc#1087007 1092903). - CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bnc#1087012). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. (bsc#1097234) The following non-security bugs were fixed : - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382). - acpi: acpi_pad: Fix memory leak in power saving threads (bnc#1012382). - acpica: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382). - acpica: Events: add a return on failure from acpi_hw_register_read (bnc#1012382). - acpi: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382). - affs_lookup(): close a race with affs_remove_link() (bnc#1012382). - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382). - alsa: control: fix a redundant-copy issue (bnc#1012382). - alsa: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382). - alsa: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717). - alsa: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bsc#973378). - alsa: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382). - alsa: vmaster: Propagate slave error (bnc#1012382). - arc: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add this_cpu_ptr() assembler macro for use in entry.S (bsc#1085308). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: assembler: introduce ldr_this_cpu (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: do not call C code with el0's fp register (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bnc#1012382 bsc#1068032). - arm64: lse: Add early clobbers to some input/output asm operands (bnc#1012382). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bnc#1012382). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382). - arm: OMAP3: Fix prm wake interrupt for resume (bnc#1012382). - arm: OMAP: Fix dmtimer init for omap1 (bnc#1012382). - asm-generic: provide generic_pmdp_establish() (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382). - ASoC: topology: create TLV data for dapm widgets (bnc#1012382). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bnc#1012382). - audit: move calcs after alloc and check when logging set loginuid (bnc#1012382). - audit: return on memory error to avoid NULL pointer dereference (bnc#1012382). - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path (bsc#1086716). - autofs: change autofs4_wait() to take struct path (bsc#1086716). - autofs: use path_has_submounts() to fix unreliable have_submount() checks (bsc#1086716). - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks (bsc#1086716). - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bnc#1012382). - batman-adv: fix packet checksum in receive path (bnc#1012382). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bnc#1012382). - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382). - bcache: fix for allocator and register thread race (bnc#1012382). - bcache: fix for data collapse after re-attaching an attached device (bnc#1012382). - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382). - bcache: properly set task state in bch_writeback_thread() (bnc#1012382). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bnc#1012382). - bcache: return attach error when no cache set exist (bnc#1012382). - blacklist.conf: blacklist fc218544fbc8 This commit requires major changes from 4.17, namely commit b9e281c2b388 ('libceph: introduce BVECS data type') - blacklist.conf: No need for 0aa48468d009 ('KVM/VMX: Expose SSBD properly to guests') since KF(SSBD) in our case does the expected. - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435). - bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147). - bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382). - bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382). - bonding: do not allow rlb updates to invalid mac (bnc#1012382). - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382). - bridge: check iface upper dev when setting master via ioctl (bnc#1012382). - btrfs: bail out on error during replay_dir_deletes (bnc#1012382). - btrfs: fix copy_items() return value when logging an inode (bnc#1012382). - btrfs: fix crash when trying to resume balance without the resume flag (bnc#1012382). - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382). - btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382). - btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382). - btrfs: Fix possible softlock on single core machines (bnc#1012382). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bnc#1012382). - btrfs: fix scrub to repair raid6 corruption (bnc#1012382). - btrfs: fix xattr loss after power failure (bnc#1012382). - btrfs: send, fix issuing write op when processing hole in no data mode (bnc#1012382). - btrfs: set plug for fsync (bnc#1012382). - btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382). - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382). - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214). - ceph: fix race of queuing delayed caps (bsc#1096214). - ceph: fix st_nlink stat for directories (bsc#1093904). - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes). - cfg80211: further limit wiphy names to 64 bytes (git-fixes). - cfg80211: limit wiphy names to 128 bytes (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382 bsc#1090734). - clk: Do not show the incorrect clock phase (bnc#1012382). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bnc#1012382). - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382). - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382). - clocksource/drivers/fsl_ftm_timer: Fix error return checking (bnc#1012382). - config: arm64: enable Spectre-v4 per-thread mitigation - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bnc#1012382). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382). - cpufreq: intel_pstate: Enable HWP by default (FATE#319178 bnc#1012382). - cpuidle: coupled: remove unused define cpuidle_coupled_lock (bnc#1012382). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382). - cxgb4: Setup FW queues before registering netdev (bsc#1022743 FATE#322540). - dccp: fix tasklet usage (bnc#1012382). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382). - dmaengine: pl330: fix a race condition in case of threaded irqs (bnc#1012382). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382). - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() (bnc#1012382). - dm thin: fix documentation relative to low water mark threshold (bnc#1012382). - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382). - dp83640: Ensure against premature access to PHY registers after reset (bnc#1012382). - drm/exynos: fix comparison to bitshift when dealing with a mask (bnc#1012382). - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382). - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382). - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382). - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382 bsc#1075428). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bnc#1012382). - enic: enable rq before updating rq descriptors (bnc#1012382). - ext2: fix a block leak (bnc#1012382). - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() (bnc#1012382). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bnc#1012382). - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382). - Fix excessive newline in /proc/*/status (bsc#1094823). - fix io_destroy()/aio_complete() race (bnc#1012382). - Force log to disk before reading the AGF during a fstrim (bnc#1012382). - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bnc#1012382). - futex: futex_wake_op, do not fail on invalid op (git-fixes). - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382). - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382). - futex: Remove unnecessary warning from get_futex_key (bnc#1012382). - gfs2: Fix fallocate chunk size (bnc#1012382). - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382). - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382). - hfsplus: stop workqueue when fill_super() failed (bnc#1012382). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bnc#1012382). - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382). - hwmon: (pmbus/adm1275) Accept negative page register values (bnc#1012382). - hwmon: (pmbus/max8688) Accept negative page register values (bnc#1012382). - hwrng: stm32 - add reset during probe (bnc#1012382). - hwtracing: stm: fix build error on some arches (bnc#1012382). - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382). - i2c: rcar: check master irqs before slave irqs (bnc#1012382). - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382). - i2c: rcar: init new messages in irq (bnc#1012382). - i2c: rcar: make sure clocks are on when doing clock calculation (bnc#1012382). - i2c: rcar: refactor setup of a msg (bnc#1012382). - i2c: rcar: remove spinlock (bnc#1012382). - i2c: rcar: remove unused IOERROR state (bnc#1012382). - i2c: rcar: revoke START request early (bnc#1012382). - i2c: rcar: rework hw init (bnc#1012382). - ib/ipoib: Fix for potential no-carrier state (bnc#1012382). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - iio:kfifo_buf: check for uint overflow (bnc#1012382). - ima: Fallback to the builtin hash algorithm (bnc#1012382). - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382). - init: fix false positives in W+X checking (bsc#1096982). - input: elan_i2c_smbus - fix corrupted stack (bnc#1012382). - ipc/shm: fix shmat() nil address after round-down when remapping (bnc#1012382). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (bnc#1012382). - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382 bsc#1088871). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (bnc#1012382). - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - irda: fix overly long udelay() (bnc#1012382). - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (bnc#1012382 git-fixes). - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716). - kABI: work around BPF SSBD removal (bsc#1087082). - kasan: fix memory hotplug during boot (bnc#1012382). - kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382). - kconfig: Do not leak main menus during parsing (bnc#1012382). - kconfig: Fix automatic menu creation mem leak (bnc#1012382). - kconfig: Fix expr_free() E_NOT leak (bnc#1012382). - kdb: make 'mdr' command repeat (bnc#1012382). - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, LTC#168596). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382). - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382). - kvm: Fix spelling mistake: 'cop_unsuable' -> 'cop_unusable' (bnc#1012382). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bnc#1012382). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bnc#1012382). - kvm: VMX: raise internal error for exception during invalid protected mode state (bnc#1012382). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382). - kvm: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - l2tp: revert 'l2tp: fix missing print session offset info' (bnc#1012382). - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382). - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382). - libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment (FATE#320457, FATE#320460). - libnvdimm, namespace: use a safe lookup for dimm device name (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - libnvdimm, pfn: fix start_pad handling for aligned namespaces (FATE#320460). - llc: better deal with too small mtu (bnc#1012382). - llc: properly handle dev_queue_xmit() return value (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (bnc#1012382 git-fixes). - locking/qspinlock: Ensure node->count is updated before initialising node (bnc#1012382). - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() (bnc#1012382). - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs (bnc#1012382). - loop: handle short DIO reads (bsc#1094177). - m68k: set dma and coherent masks for platform FEC ethernets (bnc#1012382). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382 bsc#1056415). - md/raid1: fix NULL pointer dereference (bnc#1012382). - md: raid5: avoid string overflow warning (bnc#1012382). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382). - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382 bsc#1031717). - media: dmxdev: fix error code for invalid ioctls (bnc#1012382). - media: em28xx: USB bulk packet size fix (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bnc#1012382 bsc#1031717). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bnc#1012382). - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382). - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: filemap: remove redundant code in do_read_cache_page (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: fix races between address_space dereference and free in page_evicatable (bnc#1012382). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382). - mm/kmemleak.c: wait for scan completion before disabling free (bnc#1012382). - mm/ksm: fix interaction with THP (bnc#1012382). - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382). - mm/mempolicy: fix the check of nodemask from user (bnc#1012382). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1012382 bnc#1081500). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382). - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382). - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382). - net: Fix untag for vlan packets without ethernet header (bnc#1012382). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (bnc#1012382). - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382). - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382). - net/mlx5: Protect from command bit overflow (bnc#1012382). - net: mvneta: fix enable of all initialized RXQs (bnc#1012382). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382). - net_sched: fq: take care of throttled flows before reuse (bnc#1012382). - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382). - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382). - net: test tailroom before appending to linear skb (bnc#1012382). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382). - nfc: llcp: Limit size of SDP URI (bnc#1012382). - nfit, address-range-scrub: fix scrub in-progress reporting (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - nfit: fix region registration vs block-data-window ranges (FATE#319858). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382 git-fixes). - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382 bsc#1068951). - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382). - nvme-pci: Fix EEH failure on ppc (bsc#1093533). - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bnc#1012382). - ocfs2/dlm: do not handle migrate lockres if already in shutdown (bnc#1012382). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bnc#1012382 bsc#1070404). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (bnc#1012382). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (bnc#1012382). - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382). - pci: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094268). - pci: Restore config space on runtime resume despite being unbound (bnc#1012382). - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382). - perf/cgroup: Fix child event counting bug (bnc#1012382). - perf/core: Fix perf_output_read_group() (bnc#1012382). - perf report: Fix memory corruption in --branch-history mode --branch-history (bnc#1012382). - perf tests: Use arch__compare_symbol_names to compare symbols (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bnc#1012382 bsc#1045330). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382). - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382 bsc#1066223). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/perf: Fix kernel address leak via sampling registers (bnc#1012382). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: panic() on OPAL < V3 (bnc#1012382). - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL (bnc#1012382). - powerpc/powernv: Remove OPALv2 firmware define and references (bnc#1012382). - proc: fix /proc/*/map_files lookup (bnc#1012382). - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382). - proc: meminfo: estimate available memory more conservatively (-- VM bnc#1012382 functionality monitoring space user). - proc read mm's {arg,env}_{start,end} with mmap semaphore taken (bnc#1012382). - qede: Fix ref-cnt usage count (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix LL2 race during connection terminate (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix possibility of list corruption during rmmod flows (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: LL2 flush isles when connection is closed (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382). - r8152: fix tx packets accounting (bnc#1012382). - r8169: fix powering up RTL8168h (bnc#1012382). - rdma/mlx5: Avoid memory leak in case of XRCD dealloc failure (bnc#1012382). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1022604 FATE#321747). - rdma/ucma: Correct option size check using optlen (bnc#1012382). - rds: IB: Fix NULL pointer issue (bnc#1012382). - Refresh patches.arch/arm64-bsc1031492-0165-arm64-Add-MIDR-values -for-Cavium-cn83XX-SoCs.patch. - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bnc#1012382). - regulatory: add NUL to request alpha2 (bnc#1012382). - Revert 'arm: dts: imx6qdl-wandboard: Fix audio channel swap' (bnc#1012382). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert 'ima: limit file hash setting by user to fix and log modes' (bnc#1012382). - Revert 'ipc/shm: Fix shmat mmap nil-page protection' (bnc#1012382). - Revert 'regulatory: add NUL to request alpha2' (kabi). - Revert 'vti4: Do not override MTU passed on link creation via IFLA_MTU' (bnc#1012382). - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382). - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bnc#1012382). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bnc#1012382). - s390: add assembler macros for CPU alternatives (bnc#1012382). - s390/cio: clear timer when terminating driver I/O (bnc#1012382). - s390/cio: fix return code after missing interrupt (bnc#1012382). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1094532, LTC#168035). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (LTC#168035 bnc#1012382 bnc#1094532). - s390: extend expoline to BC instructions (bnc#1012382). - s390/ftrace: use expoline for indirect branches (bnc#1012382). - s390/kernel: use expoline for indirect branches (bnc#1012382). - s390/lib: use expoline for indirect branches (bnc#1012382). - s390: move expoline assembler macros to a header (bnc#1012382). - s390: move spectre sysfs attribute code (bnc#1012382). - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, LTC#168037). - s390/qdio: fix access to uninitialized qdio_q fields (LTC#168037 bnc#1012382 bnc#1094532). - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382). - s390: use expoline thunks in the BPF JIT (bnc#1012382). - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning (bnc#1012382). - scripts/git-pre-commit : - scsi: aacraid: Correct hba_send to include iu_type (bsc#1022607, FATE#321673). - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382). - scsi: aacraid: Insure command thread is not recursively stopped (bnc#1012382). - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request (bnc#1012382). - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979). - scsi: libsas: defer ata device eh commands to libata (bnc#1012382). - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382). - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bnc#1012382 bsc#1080656). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bnc#1012382 bsc#1078583). - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (bnc#1012382). - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() (bnc#1012382). - scsi: qla4xxx: skip error recovery in case of register disconnect (bnc#1012382). - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382). - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382). - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (bnc#1012382). - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382). - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command (bnc#1012382). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, LTC#168038). - scsi: zfcp: fix infinite iteration on ERP ready list (LTC#168038 bnc#1012382 bnc#1094532). - sctp: delay the authentication for the duplicated cookie-echo chunk (bnc#1012382). - sctp: fix the issue that the cookie-ack with auth can't get processed (bnc#1012382). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (bnc#1012382). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (bnc#1012382). - selftests: ftrace: Add a testcase for probepoint (bnc#1012382). - selftests: ftrace: Add a testcase for string type with kprobe_event (bnc#1012382). - selftests: ftrace: Add probe event argument syntax testcase (bnc#1012382). - selftests: memfd: add config fragment for fuse (bnc#1012382). - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382). - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable (bnc#1012382). - selftests: Print the test we're running to /dev/kmsg (bnc#1012382). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382). - serial: arc_uart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: imx: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382). - sh: fix debug trap failure to process signals before return to user (bnc#1012382). - sh: New gcc support (bnc#1012382). - signals: avoid unnecessary taking of sighand->siglock (-- Scheduler bnc#1012382 bnc#978907 performance signals). - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382). - smsc75xx: fix smsc75xx_set_features() (bnc#1012382). - sock_diag: fix use-after-free read in __sk_free (bnc#1012382). - sparc64: Fix build warnings with gcc 7 (bnc#1012382). - sparc64: Make atomic_xchg() an inline function rather than a macro (bnc#1012382). - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382). - sr: get/drop reference to device in revalidate and check_events (bnc#1012382). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bnc#1012382). - stm class: Use vmalloc for the master map (bnc#1012382). - sunvnet: does not support GSO for sctp (bnc#1012382). - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382 bsc#1082153). - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382). - tcp: ignore Fast Open on repair mode (bnc#1012382). - tcp: purge write queue in tcp_connect_init() (bnc#1012382). - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (git-fixes). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bnc#1012382). - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382). - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bnc#1012382). - tools lib traceevent: Fix get_field_str() for dynamic strings (bnc#1012382). - tools lib traceevent: Simplify pointer print logic and fix %pF (bnc#1012382). - tools/thermal: tmon: fix for segfault (bnc#1012382). - tracing: Fix crash when freeing instances with event triggers (bnc#1012382). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bnc#1012382). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bnc#1012382). - udf: Provide saner default for invalid uid / gid (bnc#1012382). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382). - usb: dwc2: Fix interval type issue (bnc#1012382). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382). - usb: gadget: composite: fix incorrect handling of OS desc requests (bnc#1012382). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bnc#1012382). - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bnc#1012382). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bnc#1012382). - usbip: usbip_host: delete device from busid_table after rebind (bnc#1012382). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bnc#1012382). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bnc#1012382). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bnc#1012382). - usbip: usbip_host: run rebind from exit when module is removed (bnc#1012382). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bnc#1012382). - usb: musb: fix enumeration after resume (bnc#1012382). - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bnc#1012382). - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type (bnc#1012382). - vfs: add path_has_submounts() (bsc#1086716). - vfs: add path_is_mountpoint() helper (bsc#1086716). - vfs: change d_manage() to take a struct path (bsc#1086716). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bnc#1012382). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bnc#1012382). - vmscan: do not force-scan file lru if its absolute size is small (-- VM bnc#1012382 page performance reclaim). - vti4: Do not count header length twice on tunnel setup (bnc#1012382). - vti4: Do not override MTU passed on link creation via IFLA_MTU (bnc#1012382). - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382). - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382). - workqueue: use put_device() instead of kfree() (bnc#1012382). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bnc#1012382). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros (bnc#1012382). - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382). - x86/devicetree: Initialize device tree before using it (bnc#1012382). - x86: ENABLE_IBRS clobbers %rax which it shouldn't do there is probably a place where forcing _IBRS_OFF is missed (or is too late) and therefore ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. (bsc#1098009 and bsc#1098012) - x86/fpu: Default eagerfpu=on on all CPUs (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382). - x86/fpu: Disable MPX when eagerfpu is off (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Fix early FPU command-line parsing (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bnc#1012382). - x86-mce-Make-timer-handling-more-robust.patch: Fix metadata - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382). - x86/pkeys: Do not special case protection key 0 (1041740). - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740). - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382). - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bnc#1012382). - xen/acpi: off by one in read_acpi_id() (bnc#1012382). - xen/grant-table: Use put_page instead of free_page (bnc#1012382). - xen-netfront: Fix race between device setup and open (bnc#1012382). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1012382). - xen: xenbus: use put_device() instead of kfree() (bnc#1012382). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bnc#1012382 bsc#1090534 bsc#1090955). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: fix endianness error when checking log block crc on big endian platforms (bsc#1094405, bsc#1036215). - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (git-fixes). - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bnc#1012382). - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382). - jfs: Fix buffer overrun in ea_get (bsc#1097234, CVE-2018-12233).
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110658
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110658
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_14.NASL
    description The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 118178
    published 2018-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118178
    title macOS < 10.14 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1374-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values : - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing : - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110039
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110039
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0282.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0282 for details.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 119277
    published 2018-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119277
    title OracleVM 3.4 : xen (OVMSA-2018-0282) (Foreshadow) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2162.NASL
    description From Red Hat Security Advisory 2018:2162 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) * QEMU: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858; David Buchanan for reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 110995
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110995
    title Oracle Linux 6 : qemu-kvm (ELSA-2018-2162) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1193.NASL
    description According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass.(CVE-2018-2814) - OpenJDK: unrestricted deserialization of data from JCEKS key stores.(CVE-2018-2794) - OpenJDK: insufficient consistency checks in deserialization of multiple classes.(CVE-2018-2795) - OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue.(CVE-2018-2796) - OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport. (CVE-2018-2797) - OpenJDK: unbounded memory allocation during deserialization in Container.(CVE-2018-2798) - OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl.(CVE-2018-2799) - OpenJDK: RMI HTTP transport enabled by default.(CVE-2018-2800) - OpenJDK: unbounded memory allocation during deserialization in StubIORImpl.(CVE-2018-2815) - OpenJDK: incorrect merging of sections in the JAR manifest.(CVE-2018-2790) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110857
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110857
    title EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1193)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4114.NASL
    description Description of changes: [4.1.12-124.15.2.el7uek] - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639} - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639} - x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639} - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639} - proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Kees Cook) {CVE-2018-3639} - seccomp: Move speculation migitation control to arch code (Thomas Gleixner) {CVE-2018-3639} - seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) {CVE-2018-3639} - seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639} - prctl: Add force disable speculation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - proc: Provide details on speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - nospec: Allow getting/setting on non-current task (Kees Cook) {CVE-2018-3639} - x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) {CVE-2018-3639} - x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) {CVE-2018-3639} - x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) {CVE-2018-3639} - prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639} - x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) {CVE-2018-3639} - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) {CVE-2018-3639} - x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) {CVE-2018-3639} - x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - scsi: libfc: Revisit kref handling (Hannes Reinecke) - scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke) - scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke) - scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke) - libfc: Update rport reference counting (Hannes Reinecke) - amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva) - RDS: NULL pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] {CVE-2018-5333} - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750} - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] {CVE-2018-6927} - net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114] - net: ipv4: Consider failed nexthops in multipath routes (David Ahern) [Orabug: 27547114] - ipv4: L3 hash-based multipath (Peter Nø rlund) [Orabug: 27547114] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27677556] {CVE-2017-18203} - NFS: only invalidate dentrys that are clearly invalid. (NeilBrown) [Orabug: 27870824] - net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] {CVE-2018-10675} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] {CVE-2018-8781} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27963576] {CVE-2018-10323} - Revert 'mlx4: change the ICM table allocations to lowest needed size' (Hå kon Bugge) [Orabug: 27980030] - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410}
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 110071
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110071
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1935-1.NASL
    description The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111051
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111051
    title SUSE SLED12 / SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-1) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_AUG_MICROCODE.NASL
    description The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read (RSRE), Speculative Store Bypass (SSB), L1 Terminal Fault (L1TF), and Branch Target Injection vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 112116
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112116
    title Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3756-1.NASL
    description It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112151
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112151
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : intel-microcode vulnerabilities (USN-3756-1) (Foreshadow) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2164.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es) : * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ# 1574592)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111077
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111077
    title CentOS 6 : kernel (CESA-2018:2164) (Spectre)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1506.NASL
    description Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems. This update requires an update to the intel-microcode package, which is non-free. It is related to DLA-1446-1 and adds more mitigations for additional types of Intel processors. For more information please also read the official Intel security advisories at : https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00088.html https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00115.html https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00161.html For Debian 8 'Jessie', these problems have been fixed in version 3.20180807a.1~deb8u1. We recommend that you upgrade your intel-microcode packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 117502
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117502
    title Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1270.NASL
    description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.(CVE-2018-8897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117579
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117579
    title EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1270)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2973-2.NASL
    description This update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118297
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118297
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-2) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2565-1.NASL
    description This update for qemu fixes the following issues : These security issues were fixed : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This non-security was fixed: Fix VirtQueue error for virtio-balloon during live migration (bsc#1020928). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112204
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112204
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1034.NASL
    description An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672) A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.(CVE-2017-15268) A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.(CVE-2017-13711 ) Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858) VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.(CVE-2018-5683)
    last seen 2019-02-21
    modified 2018-06-12
    plugin id 110457
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110457
    title Amazon Linux AMI : qemu-kvm (ALAS-2018-1034) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2164.NASL
    description From Red Hat Security Advisory 2018:2164 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es) : * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ# 1574592)
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110996
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110996
    title Oracle Linux 6 : kernel (ELSA-2018-2164) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0233.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=67e64eec4bfe342ca6c2ff0858ae7f5c39041013 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - BUILDINFO: xen commit=7e4f43226d60a48df300b32ce60ecff75ce2612d - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 28189188] - BUILDINFO: xen commit=ba8e4ae04e3594470f9ce1663135fbe8c25106af - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec-ctrl: Mitigations for LazyFPU (Ross Philipson) [Orabug: 28135217] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135217] (CVE-2018-3665) - BUILDINFO: xen commit=312880584fe084de632a6667254a5cc1c846179e - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128506] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28034172] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Fold the XEN_IBRS_[SET,CLEAR] ALTERNATIVES together (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Assume that STIBP feature is always available (Boris Ostrovsky) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - BUILDINFO: xen commit=dc770041d983843c860c06d405054c0e01a4fd98 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - one-off build
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 110792
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110792
    title OracleVM 3.4 : xen (OVMSA-2018-0233) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-514.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values : - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing : - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-1130: Linux kernel was vulnerable to a NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (bnc#1083650). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1089895). The following non-security bugs were fixed : - acpica: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382). - acpica: Events: Add runtime stub support for event APIs (bnc#1012382). - acpi / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382). - acpi, PCI, irq: remove redundant check for null string pointer (bnc#1012382). - acpi / scan: Send change uevent with offine environmental data (bsc#1082485). - acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382). - alsa: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382). - alsa: aloop: Mark paused device as inactive (bnc#1012382). - alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382). - alsa: control: Hardening for potential Spectre v1 (bnc#1012382). - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382). - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975). - alsa: hda: Hardening for potential Spectre v1 (bnc#1012382). - alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382). - alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382). - alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382). - alsa: line6: Use correct endpoint type for midi output (bnc#1012382). - alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382). - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382). - alsa: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382). - alsa: pcm: Check PCM state at xfern compat ioctl (bnc#1012382). - alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382). - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382). - alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382). - alsa: pcm: potential uninitialized return values (bnc#1012382). - alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382). - alsa: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382). - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382). - alsa: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382). - alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382). - alsa: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382). - alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382). - alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382). - alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658). - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382). - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032). - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313). - arm64: fix smccc compilation (bsc#1068032). - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382). - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032). - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032). - arm64: kvm: Increment PC after handling an SMC trap (bsc#1068032). - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050). - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032). - arm: amba: Do not read past the end of sysfs 'driver_override' buffer (bnc#1012382). - arm: amba: Fix race condition with driver_override (bnc#1012382). - arm: amba: Make driver_override output consistent with other buses (bnc#1012382). - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032). - arm/arm64: kvm: Add smccc accessors to PSCI code (bsc#1068032). - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032). - arm/arm64: kvm: Consolidate the PSCI include files (bsc#1068032). - arm/arm64: kvm: Implement PSCI 1.0 support (bsc#1068032). - arm/arm64: kvm: Turn kvm_psci_version into a static inline (bsc#1068032). - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032). - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032). - arm: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382). - arm: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382). - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382). - arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382). - arm: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382). - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382). - arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382). - arm: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible string to esdhc node (bnc#1012382). - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382). - arp: fix arp_filter on l3slave devices (bnc#1012382). - arp: honour gratuitous ARP _replies_ (bnc#1012382). - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382). - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382). - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382). - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382). - ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - ath10k: rebuild crypto header in rx data frames (bnc#1012382). - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382). - ath9k_hw: check if the chip failed to wake up (bnc#1012382). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - audit: add tty field to LOGIN event (bnc#1012382). - autofs: mount point create should honour passed in mode (bnc#1012382). - bcache: segregate flash only volume write streams (bnc#1012382). - bcache: stop writeback thread after detaching (bnc#1012382). - bdi: Fix oops in wb_workfn() (bnc#1012382). - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718) - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382). - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058). - block/loop: fix deadlock after loop_set_status (bnc#1012382). - block: sanity check for integrity intervals (bsc#1091728). - bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382). - bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382). - bna: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382). - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (bnc#1012382). - bonding: Do not update slave->link until ready to commit (bnc#1012382). - bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382). - bpf: map_get_next_key to return first key on NULL (bnc#1012382). - btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382). - btrfs: Fix wrong first_key parameter in replace_path (Followup fix for bsc#1084721). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382). - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382). - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bnc#1012382). - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382). - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382). - ceph: adding protection for showing cap reservation info (bsc#1089115). - ceph: always update atime/mtime/ctime for new inode (bsc#1089115). - ceph: check if mds create snaprealm when setting quota (fate#324665 bsc#1089115). - ceph: do not check quota for snap inode (fate#324665 bsc#1089115). - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115). - ceph: fix root quota realm check (fate#324665 bsc#1089115). - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115). - ceph: quota: add counter for snaprealms with quota (fate#324665 bsc#1089115). - ceph: quota: add initial infrastructure to support cephfs quotas (fate#324665 bsc#1089115). - ceph: quota: cache inode pointer in ceph_snap_realm (fate#324665 bsc#1089115). - ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115). - ceph: quota: report root dir quota usage in statfs (fate#324665 bsc#1089115). - ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115). - ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115). - ceph: quota: update MDS when max_bytes is approaching (fate#324665 bsc#1089115). - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734). - cifs: silence lockdep splat in cifs_relock_file() (bnc#1012382). - cifs: Use file_dentry() (bsc#1093008). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382). - clk: Fix __set_clk_rates error print-string (bnc#1012382). - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382). - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382). - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled (bsc#1090225). - cpumask: Add helper cpumask_available() (bnc#1012382). - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382). - crypto: ahash - Fix early termination in hash walk (bnc#1012382). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382). - cx25840: fix unchecked return values (bnc#1012382). - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382). - cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540). - cxgb4: FW upgrade fixes (bnc#1012382). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382). - dccp: initialize ireq->ir_mark (bnc#1012382). - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382). - dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382). - dm ioctl: remove double parentheses (bnc#1012382). - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382). - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732). - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296,FATE#321265). - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382). - drm/omap: fix tiled buffer stride calculations (bnc#1012382). - drm/radeon: Fix PCIe lane width calculation (bnc#1012382). - drm/virtio: fix vq wait_event condition (bnc#1012382). - drm/vmwgfx: Fix a buffer object leak (bnc#1012382). - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382). - EDAC, mv64x60: Fix an error handling path (bnc#1012382). - Enable uinput driver (bsc#1092566). - esp: Fix memleaks on error paths (git-fixes). - ext4: add validity checks for bitmap block numbers (bnc#1012382). - ext4: bugfix for mmaped pages in mpage_release_unused_pages() (bnc#1012382). - ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382). - ext4: fix bitmap position validation (bnc#1012382). - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() (bnc#1012382). - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382). - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382). - ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382). - fanotify: fix logic of events on child (bnc#1012382). - firmware/psci: Expose PSCI conduit (bsc#1068032). - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032). - fix race in drivers/char/random.c:get_reg() (bnc#1012382). - frv: declare jiffies to be located in the .data section (bnc#1012382). - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382). - fs/proc: Stop trying to report thread stacks (bnc#1012382). - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382). - genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382). - getname_kernel() needs to make sure that ->name != ->iname in long case (bnc#1012382). - gpio: label descriptors using the device name (bnc#1012382). - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382). - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382). - HID: core: Fix size as type u32 (bnc#1012382). - HID: Fix hid_report_len usage (bnc#1012382). - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382). - HID: i2c-hid: fix size check and type usage (bnc#1012382). - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes). - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382). - hypfs_kill_super(): deal with failed allocations (bnc#1012382). - i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - IB/core: Fix possible crash to access NULL netdev (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012382). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Fix statistics buffers memory leak (bsc#1093990). - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ib/srp: Fix completion vector assignment algorithm (bnc#1012382). - ib/srp: Fix srp_abort() (bnc#1012382). - ib/srpt: Fix abort handling (bnc#1012382). - ib/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296,FATE#321265). - iio: hi8435: avoid garbage event at first enable (bnc#1012382). - iio: hi8435: cleanup reset gpio (bnc#1012382). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382). - input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes). - input: ALPS - fix trackstick button handling on V8 devices (git-fixes). - input: ALPS - fix TrackStick support for SS5 hardware (git-fixes). - input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes). - input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012382). - input: drv260x - fix initializing overdrive voltage (bnc#1012382). - input: elan_i2c - check if device is there before really probing (bnc#1012382). - input: elan_i2c - clear INT before resetting controller (bnc#1012382). - input: elantech - force relative mode on a certain module (bnc#1012382). - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382). - input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382). - input: leds - fix out of bound access (bnc#1012382). - input: mousedev - fix implicit conversion warning (bnc#1012382). - iommu/vt-d: Fix a potential memory leak (bnc#1012382). - ip6_gre: better validate user provided tunnel names (bnc#1012382). - ip6_tunnel: better validate user provided tunnel names (bnc#1012382). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1012382). - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871). - ipsec: check return value of skb_to_sgvec always (bnc#1012382). - ip_tunnel: better validate user provided tunnel names (bnc#1012382). - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382). - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382). - ipv6: sit: better validate user provided tunnel names (bnc#1012382). - ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382). - iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - jbd2: fix use after free in kjournald2() (bnc#1012382). - jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382). - jffs2_kill_sb(): deal with failed allocations (bnc#1012382). - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382). - kABI: add tty include to audit.c (kabi). - kABI: protect hid report functions (kabi). - kABI: protect jiffies types (kabi). - kABI: protect skb_to_sgvec* (kabi). - kABI: protect sound/timer.h include in sound pcm.c (kabi). - kABI: protect struct ath10k_hw_params (kabi). - kABI: protect struct cstate (kabi). - kABI: protect struct _lowcore (kabi). - kABI: protect tty include in audit.h (kabi). - kabi/severities: Ignore kgr_shadow_* kABI changes - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382). - kexec_file: do not add extra alignment to efi memmap (bsc#1044596). - keys: DNS: limit the length of option strings (bnc#1012382). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033, fate#313296). - kGraft: fix small race in reversion code (bsc#1083125). - kobject: do not use WARN for registration failures (bnc#1012382). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382). - kvm: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (FATE#324071 LTC#158956 bnc#1012382 bsc#1073059 bsc#1076805). - kvm: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382). - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382). - l2tp: fix missing print session offset info (bnc#1012382). - lan78xx: Correctly indicate invalid OTP (bnc#1012382). - leds: pca955x: Correct I2C Functionality (bnc#1012382). - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382). - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115). - libceph: fix misjudgement of maximum monitor number (bsc#1089115). - libceph: reschedule a tick in finish_hunting() (bsc#1089115). - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115). - libceph: validate con->state at the top of try_write() (bsc#1089115). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - llc: delete timers synchronously in llc_sk_free() (bnc#1012382). - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382). - llc: hold llc_sap before release_sock() (bnc#1012382). - llist: clang: introduce member_address_is_nonnull() (bnc#1012382). - lockd: fix lockd shutdown race (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes). - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382). - mac80211: allow not sending MIC up from driver for HW crypto (bnc#1012382). - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382). - mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382). - mceusb: sporadic RX truncation corruption fix (bnc#1012382). - md: document lifetime of internal rdev pointer (bsc#1056415). - md: fix two problems with setting the 're-add' device state (bsc#1089023). - md: only allow remove_and_add_spares when no sync_thread running (bsc#1056415). - md raid10: fix NULL deference in handle_write_completed() (git-fixes). - md/raid10: reset the 'first' at the end of loop (bnc#1012382). - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382). - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382). - media: videobuf2-core: do not go out of the buffer range (bnc#1012382). - mei: remove dev_err message on an unsupported ioctl (bnc#1012382). - mISDN: Fix a sleep-in-atomic bug (bnc#1012382). - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267). - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382). - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382). - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382). - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382). - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382). - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382). - neighbour: update neigh timestamps iff update is effective (bnc#1012382). - net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382). - net: atm: Fix potential Spectre v1 (bnc#1012382). - net: cavium: liquidio: fix up 'Avoid dma_unmap_single on uninitialized ndata' (bnc#1012382). - net: cdc_ncm: Fix TX zero padding (bnc#1012382). - net: emac: fix reset timeout with AR8035 phy (bnc#1012382). - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382). - netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382). - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382). - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382). - netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382). - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382). - net: fix deadlock while clearing neighbor proxy table (bnc#1012382). - net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382). - net: fix rtnh_ok() (bnc#1012382). - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382). - net: fool proof dev_valid_name() (bnc#1012382). - net: freescale: fix potential NULL pointer dereference (bnc#1012382). - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511). - net: hns: Fix ethtool private flags (bsc#1085511). - net: ieee802154: fix net_device reference release too early (bnc#1012382). - net: initialize skb->peeked when cloning (bnc#1012382). - net/ipv6: Fix route leaking between VRFs (bnc#1012382). - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382). - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382). - netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382). - net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382). - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382). - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382). - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340 FATE#321687). - net/mlx4: Fix the check in attaching steering rules (bnc#1012382). - net/mlx5: avoid build warning for uniprocessor (bnc#1012382). - net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Check support before TC swap in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382). - net: move somaxconn init from sysctl code (bnc#1012382). - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382). - net: qca_spi: Fix alignment issues in rx path (bnc#1012382). - net sched actions: fix dumping which requires several messages to user space (bnc#1012382). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382). - net: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382). - net: validate attribute sizes in neigh_dump_table() (bnc#1012382). - net: x25: fix one potential use-after-free issue (bnc#1012382). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382). - nfsv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382). - nfsv4.1: Work around a Linux server bug.. (bnc#1012382). - nospec: Kill array_index_nospec_mask_check() (bnc#1012382). - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382). - nvme: target: fix buffer overflow (FATE#321732 FATE#321590 bsc#993388). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1070404). - ovl: filter trusted xattr for non-admin (bnc#1012382). - packet: fix bitfield update race (bnc#1012382). - parisc: Fix out of array access in match_pci_device() (bnc#1012382). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382). - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382). - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699). - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348). - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382). - percpu: include linux/sched.h for cond_resched() (bnc#1012382). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (bnc#1012382). - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382). - perf header: Set proper module name when build-id event found (bnc#1012382). - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382). - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382). - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382). - perf intel-pt: Fix sync_switch (bnc#1012382). - perf intel-pt: Fix timestamp follow