ID CVE-2018-3665
Summary System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
References
Vulnerable Configurations
  • Intel Core I3 330E
    cpe:2.3:h:intel:core_i3:330e
  • Intel Core I3 330M
    cpe:2.3:h:intel:core_i3:330m
  • Intel Core I3 330UM
    cpe:2.3:h:intel:core_i3:330um
  • Intel Core I3 350M
    cpe:2.3:h:intel:core_i3:350m
  • Intel Core I3 370M
    cpe:2.3:h:intel:core_i3:370m
  • Intel Core I3 380M
    cpe:2.3:h:intel:core_i3:380m
  • Intel Core I3 380UM
    cpe:2.3:h:intel:core_i3:380um
  • Intel Core I3 390M
    cpe:2.3:h:intel:core_i3:390m
  • Intel Core I3 530
    cpe:2.3:h:intel:core_i3:530
  • Intel Core I3 540
    cpe:2.3:h:intel:core_i3:540
  • Intel Core I3 550
    cpe:2.3:h:intel:core_i3:550
  • Intel Core I3 560
    cpe:2.3:h:intel:core_i3:560
  • Intel Core I3 2100
    cpe:2.3:h:intel:core_i3:2100
  • Intel Core I3 2100T
    cpe:2.3:h:intel:core_i3:2100t
  • Intel Core I3 2102
    cpe:2.3:h:intel:core_i3:2102
  • Intel Core I3 2105
    cpe:2.3:h:intel:core_i3:2105
  • Intel Core I3 2115C
    cpe:2.3:h:intel:core_i3:2115c
  • Intel Core I3 2120
    cpe:2.3:h:intel:core_i3:2120
  • Intel Core I3 2120T
    cpe:2.3:h:intel:core_i3:2120t
  • Intel Core I3 2125
    cpe:2.3:h:intel:core_i3:2125
  • Intel Core I3 2130
    cpe:2.3:h:intel:core_i3:2130
  • Intel Core I3 2310E
    cpe:2.3:h:intel:core_i3:2310e
  • Intel Core I3 2310M
    cpe:2.3:h:intel:core_i3:2310m
  • Intel Core I3 2312M
    cpe:2.3:h:intel:core_i3:2312m
  • Intel Core I3 2328M
    cpe:2.3:h:intel:core_i3:2328m
  • Intel Core I3 2330E
    cpe:2.3:h:intel:core_i3:2330e
  • Intel Core I3 2330M
    cpe:2.3:h:intel:core_i3:2330m
  • Intel Core I3 2340UE
    cpe:2.3:h:intel:core_i3:2340ue
  • Intel Core I3 2348M
    cpe:2.3:h:intel:core_i3:2348m
  • Intel Core I3 2350M
    cpe:2.3:h:intel:core_i3:2350m
  • Intel Core I3 2357M
    cpe:2.3:h:intel:core_i3:2357m
  • Intel Core I3 2365M
    cpe:2.3:h:intel:core_i3:2365m
  • Intel Core I3 2367M
    cpe:2.3:h:intel:core_i3:2367m
  • Intel Core I3 2370M
    cpe:2.3:h:intel:core_i3:2370m
  • Intel Core I3 2375M
    cpe:2.3:h:intel:core_i3:2375m
  • Intel Core I3 2377M
    cpe:2.3:h:intel:core_i3:2377m
  • Intel Core I3 3110M
    cpe:2.3:h:intel:core_i3:3110m
  • Intel Core I3 3115C
    cpe:2.3:h:intel:core_i3:3115c
  • Intel Core I3 3120M
    cpe:2.3:h:intel:core_i3:3120m
  • Intel Core I3 3120ME
    cpe:2.3:h:intel:core_i3:3120me
  • Intel Core I3 3130M
    cpe:2.3:h:intel:core_i3:3130m
  • Intel Core I3 3210
    cpe:2.3:h:intel:core_i3:3210
  • Intel Core I3 3217U
    cpe:2.3:h:intel:core_i3:3217u
  • Intel Core I3 3217UE
    cpe:2.3:h:intel:core_i3:3217ue
  • Intel Core I3 3220
    cpe:2.3:h:intel:core_i3:3220
  • Intel Core I3 3220T
    cpe:2.3:h:intel:core_i3:3220t
  • Intel Core I3 3225
    cpe:2.3:h:intel:core_i3:3225
  • Intel Core I3 3227U
    cpe:2.3:h:intel:core_i3:3227u
  • Intel Core I3 3229Y
    cpe:2.3:h:intel:core_i3:3229y
  • Intel Core I3 3240
    cpe:2.3:h:intel:core_i3:3240
  • Intel Core I3 3240T
    cpe:2.3:h:intel:core_i3:3240t
  • Intel Core I3 3245
    cpe:2.3:h:intel:core_i3:3245
  • Intel Core I3 3250
    cpe:2.3:h:intel:core_i3:3250
  • Intel Core I3 3250T
    cpe:2.3:h:intel:core_i3:3250t
  • Intel Core I3 4000M
    cpe:2.3:h:intel:core_i3:4000m
  • Intel Core I3 4005U
    cpe:2.3:h:intel:core_i3:4005u
  • Intel Core I3 4010U
    cpe:2.3:h:intel:core_i3:4010u
  • Intel Core I3 4010Y
    cpe:2.3:h:intel:core_i3:4010y
  • Intel Core I3 4012Y
    cpe:2.3:h:intel:core_i3:4012y
  • Intel Core I3 4020Y
    cpe:2.3:h:intel:core_i3:4020y
  • Intel Core I3 4025U
    cpe:2.3:h:intel:core_i3:4025u
  • Intel Core I3 4030U
    cpe:2.3:h:intel:core_i3:4030u
  • Intel Core I3 4030Y
    cpe:2.3:h:intel:core_i3:4030y
  • Intel Core I3 4100E
    cpe:2.3:h:intel:core_i3:4100e
  • Intel Core I3 4100M
    cpe:2.3:h:intel:core_i3:4100m
  • Intel Core I3 4100U
    cpe:2.3:h:intel:core_i3:4100u
  • Intel Core I3 4102E
    cpe:2.3:h:intel:core_i3:4102e
  • Intel Core I3 4110E
    cpe:2.3:h:intel:core_i3:4110e
  • Intel Core I3 4110M
    cpe:2.3:h:intel:core_i3:4110m
  • Intel Core I3 4112E
    cpe:2.3:h:intel:core_i3:4112e
  • Intel Core I3 4120U
    cpe:2.3:h:intel:core_i3:4120u
  • Intel Core I3 4130
    cpe:2.3:h:intel:core_i3:4130
  • Intel Core I3 4130T
    cpe:2.3:h:intel:core_i3:4130t
  • Intel Core I3 4150
    cpe:2.3:h:intel:core_i3:4150
  • Intel Core I3 4150T
    cpe:2.3:h:intel:core_i3:4150t
  • Intel Core I3 4158U
    cpe:2.3:h:intel:core_i3:4158u
  • Intel Core I3 4160
    cpe:2.3:h:intel:core_i3:4160
  • Intel Core I3 4160T
    cpe:2.3:h:intel:core_i3:4160t
  • Intel Core I3 4170
    cpe:2.3:h:intel:core_i3:4170
  • Intel Core I3 4170T
    cpe:2.3:h:intel:core_i3:4170t
  • Intel Core I3 4330
    cpe:2.3:h:intel:core_i3:4330
  • Intel Core I3 4330T
    cpe:2.3:h:intel:core_i3:4330t
  • Intel Core I3 4330TE
    cpe:2.3:h:intel:core_i3:4330te
  • Intel Core I3 4340
    cpe:2.3:h:intel:core_i3:4340
  • Intel Core I3 4340TE
    cpe:2.3:h:intel:core_i3:4340te
  • Intel Core I3 4350
    cpe:2.3:h:intel:core_i3:4350
  • Intel Core I3 4350T
    cpe:2.3:h:intel:core_i3:4350t
  • Intel Core I3 4360
    cpe:2.3:h:intel:core_i3:4360
  • Intel Core I3 4360T
    cpe:2.3:h:intel:core_i3:4360t
  • Intel Core I3 4370
    cpe:2.3:h:intel:core_i3:4370
  • Intel Core I3 4370T
    cpe:2.3:h:intel:core_i3:4370t
  • Intel Core I3 5005U
    cpe:2.3:h:intel:core_i3:5005u
  • Intel Core I3 5010U
    cpe:2.3:h:intel:core_i3:5010u
  • Intel Core I3 5015U
    cpe:2.3:h:intel:core_i3:5015u
  • Intel Core I3 5020U
    cpe:2.3:h:intel:core_i3:5020u
  • Intel Core I3 5157U
    cpe:2.3:h:intel:core_i3:5157u
  • Intel Core I3 6006U
    cpe:2.3:h:intel:core_i3:6006u
  • Intel Core I3 6098P
    cpe:2.3:h:intel:core_i3:6098p
  • Intel Core I3 6100
    cpe:2.3:h:intel:core_i3:6100
  • Intel Core I3 6100E
    cpe:2.3:h:intel:core_i3:6100e
  • Intel Core I3 6100H
    cpe:2.3:h:intel:core_i3:6100h
  • Intel Core I3 6100T
    cpe:2.3:h:intel:core_i3:6100t
  • Intel Core I3 6100TE
    cpe:2.3:h:intel:core_i3:6100te
  • Intel Core I3 6100U
    cpe:2.3:h:intel:core_i3:6100u
  • Intel Core I3 6102E
    cpe:2.3:h:intel:core_i3:6102e
  • Intel Core I3 6157U
    cpe:2.3:h:intel:core_i3:6157u
  • Intel Core I3 6167U
    cpe:2.3:h:intel:core_i3:6167u
  • Intel Core I3 6300
    cpe:2.3:h:intel:core_i3:6300
  • Intel Core I3 6300T
    cpe:2.3:h:intel:core_i3:6300t
  • Intel Core I3 6320
    cpe:2.3:h:intel:core_i3:6320
  • Intel Core I3 8100
    cpe:2.3:h:intel:core_i3:8100
  • Intel Core I3 8350K
    cpe:2.3:h:intel:core_i3:8350k
  • Intel Core I5 430M
    cpe:2.3:h:intel:core_i5:430m
  • Intel Core I5 430UM
    cpe:2.3:h:intel:core_i5:430um
  • Intel Core I5 450M
    cpe:2.3:h:intel:core_i5:450m
  • Intel Core I5 460M
    cpe:2.3:h:intel:core_i5:460m
  • Intel Core I5 470UM
    cpe:2.3:h:intel:core_i5:470um
  • Intel Core I5 480M
    cpe:2.3:h:intel:core_i5:480m
  • Intel Core I5 520E
    cpe:2.3:h:intel:core_i5:520e
  • Intel Core I5 520M
    cpe:2.3:h:intel:core_i5:520m
  • Intel Core I5 520UM
    cpe:2.3:h:intel:core_i5:520um
  • Intel Core I5 540M
    cpe:2.3:h:intel:core_i5:540m
  • Intel Core I5 540UM
    cpe:2.3:h:intel:core_i5:540um
  • Intel Core I5 560M
    cpe:2.3:h:intel:core_i5:560m
  • Intel Core I5 560UM
    cpe:2.3:h:intel:core_i5:560um
  • Intel Core I5 580M
    cpe:2.3:h:intel:core_i5:580m
  • Intel Core I5 650
    cpe:2.3:h:intel:core_i5:650
  • Intel Core I5 655K
    cpe:2.3:h:intel:core_i5:655k
  • Intel Core I5 660
    cpe:2.3:h:intel:core_i5:660
  • Intel Core I5 661
    cpe:2.3:h:intel:core_i5:661
  • Intel Core I5 670
    cpe:2.3:h:intel:core_i5:670
  • Intel Core I5 680
    cpe:2.3:h:intel:core_i5:680
  • Intel Core I5 750
    cpe:2.3:h:intel:core_i5:750
  • Intel Core I5 750S
    cpe:2.3:h:intel:core_i5:750s
  • Intel Core I5 760
    cpe:2.3:h:intel:core_i5:760
  • Intel Core I5 2300
    cpe:2.3:h:intel:core_i5:2300
  • Intel Core I5 2310
    cpe:2.3:h:intel:core_i5:2310
  • Intel Core I5 2320
    cpe:2.3:h:intel:core_i5:2320
  • Intel Core I5 2380P
    cpe:2.3:h:intel:core_i5:2380p
  • Intel Core I5 2390T
    cpe:2.3:h:intel:core_i5:2390t
  • Intel Core I5 2400
    cpe:2.3:h:intel:core_i5:2400
  • Intel Core I5 2400S
    cpe:2.3:h:intel:core_i5:2400s
  • Intel Core I5 2405S
    cpe:2.3:h:intel:core_i5:2405s
  • Intel Core I5 2410M
    cpe:2.3:h:intel:core_i5:2410m
  • Intel Core I5 2430M
    cpe:2.3:h:intel:core_i5:2430m
  • Intel Core I5 2435M
    cpe:2.3:h:intel:core_i5:2435m
  • Intel Core I5 2450M
    cpe:2.3:h:intel:core_i5:2450m
  • Intel Core I5 2450P
    cpe:2.3:h:intel:core_i5:2450p
  • Intel Core I5 2467M
    cpe:2.3:h:intel:core_i5:2467m
  • Intel Core I5 2500
    cpe:2.3:h:intel:core_i5:2500
  • Intel Core I5 2500K
    cpe:2.3:h:intel:core_i5:2500k
  • Intel Core I5 2500S
    cpe:2.3:h:intel:core_i5:2500s
  • Intel Core I5 2500T
    cpe:2.3:h:intel:core_i5:2500t
  • Intel Core I5 2510E
    cpe:2.3:h:intel:core_i5:2510e
  • Intel Core I5 2515E
    cpe:2.3:h:intel:core_i5:2515e
  • Intel Core I5 2520M
    cpe:2.3:h:intel:core_i5:2520m
  • Intel Core I5 2537M
    cpe:2.3:h:intel:core_i5:2537m
  • Intel Core I5 2540M
    cpe:2.3:h:intel:core_i5:2540m
  • Intel Core I5 2550K
    cpe:2.3:h:intel:core_i5:2550k
  • Intel Core I5 2557M
    cpe:2.3:h:intel:core_i5:2557m
  • Intel Core I5 3210M
    cpe:2.3:h:intel:core_i5:3210m
  • Intel Core I5 3230M
    cpe:2.3:h:intel:core_i5:3230m
  • Intel Core I5 3317U
    cpe:2.3:h:intel:core_i5:3317u
  • Intel Core I5 3320M
    cpe:2.3:h:intel:core_i5:3320m
  • Intel Core I5 3330
    cpe:2.3:h:intel:core_i5:3330
  • Intel Core I5 3330S
    cpe:2.3:h:intel:core_i5:3330s
  • Intel Core I5 3337U
    cpe:2.3:h:intel:core_i5:3337u
  • Intel Core I5 3339Y
    cpe:2.3:h:intel:core_i5:3339y
  • Intel Core I5 3340
    cpe:2.3:h:intel:core_i5:3340
  • Intel Core I5 3340M
    cpe:2.3:h:intel:core_i5:3340m
  • Intel Core I5 3340S
    cpe:2.3:h:intel:core_i5:3340s
  • Intel Core I5 3350P
    cpe:2.3:h:intel:core_i5:3350p
  • Intel Core I5 3360M
    cpe:2.3:h:intel:core_i5:3360m
  • Intel Core I5 3380M
    cpe:2.3:h:intel:core_i5:3380m
  • Intel Core I5 3427U
    cpe:2.3:h:intel:core_i5:3427u
  • Intel Core I5 3437U
    cpe:2.3:h:intel:core_i5:3437u
  • Intel Core I5 3439Y
    cpe:2.3:h:intel:core_i5:3439y
  • Intel Core I5 3450
    cpe:2.3:h:intel:core_i5:3450
  • Intel Core I5 3450S
    cpe:2.3:h:intel:core_i5:3450s
  • Intel Core I5 3470
    cpe:2.3:h:intel:core_i5:3470
  • Intel Core I5 3470S
    cpe:2.3:h:intel:core_i5:3470s
  • Intel Core I5 3470T
    cpe:2.3:h:intel:core_i5:3470t
  • Intel Core I5 3475S
    cpe:2.3:h:intel:core_i5:3475s
  • Intel Core I5 3550
    cpe:2.3:h:intel:core_i5:3550
  • Intel Core I5 3550S
    cpe:2.3:h:intel:core_i5:3550s
  • Intel Core I5 3570
    cpe:2.3:h:intel:core_i5:3570
  • Intel Core I5 3570K
    cpe:2.3:h:intel:core_i5:3570k
  • Intel Core I5 3570S
    cpe:2.3:h:intel:core_i5:3570s
  • Intel Core I5 3570T
    cpe:2.3:h:intel:core_i5:3570t
  • Intel Core I5 3610ME
    cpe:2.3:h:intel:core_i5:3610me
  • Intel Core I5 4200H
    cpe:2.3:h:intel:core_i5:4200h
  • Intel Core I5 4200M
    cpe:2.3:h:intel:core_i5:4200m
  • Intel Core I5 4200U
    cpe:2.3:h:intel:core_i5:4200u
  • Intel Core I5 4200Y
    cpe:2.3:h:intel:core_i5:4200y
  • Intel Core I5 4202Y
    cpe:2.3:h:intel:core_i5:4202y
  • Intel Core I5 4210H
    cpe:2.3:h:intel:core_i5:4210h
  • Intel Core I5 4210M
    cpe:2.3:h:intel:core_i5:4210m
  • Intel Core I5 4210U
    cpe:2.3:h:intel:core_i5:4210u
  • Intel Core I5 4210Y
    cpe:2.3:h:intel:core_i5:4210y
  • Intel Core I5 4220Y
    cpe:2.3:h:intel:core_i5:4220y
  • Intel Core I5 4250U
    cpe:2.3:h:intel:core_i5:4250u
  • Intel Core I5 4258U
    cpe:2.3:h:intel:core_i5:4258u
  • Intel Core I5 4260U
    cpe:2.3:h:intel:core_i5:4260u
  • Intel Core I5 4278U
    cpe:2.3:h:intel:core_i5:4278u
  • Intel Core I5 4288U
    cpe:2.3:h:intel:core_i5:4288u
  • Intel Core I5 4300M
    cpe:2.3:h:intel:core_i5:4300m
  • Intel Core I5 4300U
    cpe:2.3:h:intel:core_i5:4300u
  • Intel Core I5 4300Y
    cpe:2.3:h:intel:core_i5:4300y
  • Intel Core I5 4302Y
    cpe:2.3:h:intel:core_i5:4302y
  • Intel Core I5 4308U
    cpe:2.3:h:intel:core_i5:4308u
  • Intel Core I5 4310M
    cpe:2.3:h:intel:core_i5:4310m
  • Intel Core I5 4310U
    cpe:2.3:h:intel:core_i5:4310u
  • Intel Core I5 4330M
    cpe:2.3:h:intel:core_i5:4330m
  • Intel Core I5 4340M
    cpe:2.3:h:intel:core_i5:4340m
  • Intel Core I5 4350U
    cpe:2.3:h:intel:core_i5:4350u
  • Intel Core I5 4360U
    cpe:2.3:h:intel:core_i5:4360u
  • Intel Core I5 4400E
    cpe:2.3:h:intel:core_i5:4400e
  • Intel Core I5 4402E
    cpe:2.3:h:intel:core_i5:4402e
  • Intel Core I5 4402EC
    cpe:2.3:h:intel:core_i5:4402ec
  • Intel Core I5 4410E
    cpe:2.3:h:intel:core_i5:4410e
  • Intel Core I5 4422E
    cpe:2.3:h:intel:core_i5:4422e
  • Intel Core I5 4430
    cpe:2.3:h:intel:core_i5:4430
  • Intel Core I5 4430S
    cpe:2.3:h:intel:core_i5:4430s
  • Intel Core I5 4440
    cpe:2.3:h:intel:core_i5:4440
  • Intel Core I5 4440S
    cpe:2.3:h:intel:core_i5:4440s
  • Intel Core I5 4460
    cpe:2.3:h:intel:core_i5:4460
  • Intel Core I5 4460S
    cpe:2.3:h:intel:core_i5:4460s
  • Intel Core I5 4460T
    cpe:2.3:h:intel:core_i5:4460t
  • Intel Core I5 4570
    cpe:2.3:h:intel:core_i5:4570
  • Intel Core I5 4570R
    cpe:2.3:h:intel:core_i5:4570r
  • Intel Core I5 4570S
    cpe:2.3:h:intel:core_i5:4570s
  • Intel Core I5 4570T
    cpe:2.3:h:intel:core_i5:4570t
  • Intel Core I5 4570TE
    cpe:2.3:h:intel:core_i5:4570te
  • Intel Core I5 4590
    cpe:2.3:h:intel:core_i5:4590
  • Intel Core I5 4590S
    cpe:2.3:h:intel:core_i5:4590s
  • Intel Core I5 4590T
    cpe:2.3:h:intel:core_i5:4590t
  • Intel Core I5 4670
    cpe:2.3:h:intel:core_i5:4670
  • Intel Core I5 4670K
    cpe:2.3:h:intel:core_i5:4670k
  • Intel Core I5 4670R
    cpe:2.3:h:intel:core_i5:4670r
  • Intel Core I5 4670S
    cpe:2.3:h:intel:core_i5:4670s
  • Intel Core I5 4670T
    cpe:2.3:h:intel:core_i5:4670t
  • Intel Core I5 4690
    cpe:2.3:h:intel:core_i5:4690
  • Intel Core I5 4690K
    cpe:2.3:h:intel:core_i5:4690k
  • Intel Core I5 4690S
    cpe:2.3:h:intel:core_i5:4690s
  • Intel Core I5 4690T
    cpe:2.3:h:intel:core_i5:4690t
  • Intel Core I5 5200U
    cpe:2.3:h:intel:core_i5:5200u
  • Intel Core I5 5250U
    cpe:2.3:h:intel:core_i5:5250u
  • Intel Core I5 5257U
    cpe:2.3:h:intel:core_i5:5257u
  • Intel Core I5 5287U
    cpe:2.3:h:intel:core_i5:5287u
  • Intel Core I5 5300U
    cpe:2.3:h:intel:core_i5:5300u
  • Intel Core I5 5350H
    cpe:2.3:h:intel:core_i5:5350h
  • Intel Core I5 5350U
    cpe:2.3:h:intel:core_i5:5350u
  • Intel Core I5 5575R
    cpe:2.3:h:intel:core_i5:5575r
  • Intel Core I5 5675C
    cpe:2.3:h:intel:core_i5:5675c
  • Intel Core I5 5675R
    cpe:2.3:h:intel:core_i5:5675r
  • Intel Core I5 6200U
    cpe:2.3:h:intel:core_i5:6200u
  • Intel Core I5 6260U
    cpe:2.3:h:intel:core_i5:6260u
  • Intel Core I5 6267U
    cpe:2.3:h:intel:core_i5:6267u
  • Intel Core I5 6287U
    cpe:2.3:h:intel:core_i5:6287u
  • Intel Core I5 6300HQ
    cpe:2.3:h:intel:core_i5:6300hq
  • Intel Core I5 6300U
    cpe:2.3:h:intel:core_i5:6300u
  • Intel Core I5 6350HQ
    cpe:2.3:h:intel:core_i5:6350hq
  • Intel Core I5 6360U
    cpe:2.3:h:intel:core_i5:6360u
  • Intel Core I5 6400
    cpe:2.3:h:intel:core_i5:6400
  • Intel Core I5 6400T
    cpe:2.3:h:intel:core_i5:6400t
  • Intel Core I5 6402P
    cpe:2.3:h:intel:core_i5:6402p
  • Intel Core I5 6440EQ
    cpe:2.3:h:intel:core_i5:6440eq
  • Intel Core I5 6440HQ
    cpe:2.3:h:intel:core_i5:6440hq
  • Intel Core I5 6442EQ
    cpe:2.3:h:intel:core_i5:6442eq
  • Intel Core I5 6500
    cpe:2.3:h:intel:core_i5:6500
  • Intel Core I5 6500T
    cpe:2.3:h:intel:core_i5:6500t
  • Intel Core I5 6500TE
    cpe:2.3:h:intel:core_i5:6500te
  • Intel Core I5 6585R
    cpe:2.3:h:intel:core_i5:6585r
  • Intel Core I5 6600
    cpe:2.3:h:intel:core_i5:6600
  • Intel Core I5 6600K
    cpe:2.3:h:intel:core_i5:6600k
  • Intel Core I5 6600T
    cpe:2.3:h:intel:core_i5:6600t
  • Intel Core I5 6685R
    cpe:2.3:h:intel:core_i5:6685r
  • Intel Core I5 8250U
    cpe:2.3:h:intel:core_i5:8250u
  • Intel Core I5 8350U
    cpe:2.3:h:intel:core_i5:8350u
  • Intel Core I5 8400
    cpe:2.3:h:intel:core_i5:8400
  • Intel Core I5 8600K
    cpe:2.3:h:intel:core_i5:8600k
  • Intel Core I7 7Y75
    cpe:2.3:h:intel:core_i7:7y75
  • Intel Core I7 610E
    cpe:2.3:h:intel:core_i7:610e
  • Intel Core I7 620LE
    cpe:2.3:h:intel:core_i7:620le
  • Intel Core I7 620LM
    cpe:2.3:h:intel:core_i7:620lm
  • Intel Core I7 620M
    cpe:2.3:h:intel:core_i7:620m
  • Intel Core I7 620UE
    cpe:2.3:h:intel:core_i7:620ue
  • Intel Core I7 620UM
    cpe:2.3:h:intel:core_i7:620um
  • Intel Core I7 640LM
    cpe:2.3:h:intel:core_i7:640lm
  • Intel Core I7 640M
    cpe:2.3:h:intel:core_i7:640m
  • Intel Core I7 640UM
    cpe:2.3:h:intel:core_i7:640um
  • Intel Core I7 660LM
    cpe:2.3:h:intel:core_i7:660lm
  • Intel Core I7 660UE
    cpe:2.3:h:intel:core_i7:660ue
  • Intel Core I7 660UM
    cpe:2.3:h:intel:core_i7:660um
  • Intel Core I7 680UM
    cpe:2.3:h:intel:core_i7:680um
  • Intel Core I7 720QM
    cpe:2.3:h:intel:core_i7:720qm
  • Intel Core I7 740QM
    cpe:2.3:h:intel:core_i7:740qm
  • Intel Core I7 820QM
    cpe:2.3:h:intel:core_i7:820qm
  • Intel Core I7 840QM
    cpe:2.3:h:intel:core_i7:840qm
  • Intel Core I7 860
    cpe:2.3:h:intel:core_i7:860
  • Intel Core I7 860S
    cpe:2.3:h:intel:core_i7:860s
  • Intel Core I7 870
    cpe:2.3:h:intel:core_i7:870
  • Intel Core I7 870S
    cpe:2.3:h:intel:core_i7:870s
  • Intel Core I7 875K
    cpe:2.3:h:intel:core_i7:875k
  • Intel Core I7 880
    cpe:2.3:h:intel:core_i7:880
  • Intel Core I7 920
    cpe:2.3:h:intel:core_i7:920
  • Intel Core I7 920XM
    cpe:2.3:h:intel:core_i7:920xm
  • Intel Core I7 930
    cpe:2.3:h:intel:core_i7:930
  • Intel Core I7 940
    cpe:2.3:h:intel:core_i7:940
  • Intel Core I7 940XM
    cpe:2.3:h:intel:core_i7:940xm
  • Intel Core I7 950
    cpe:2.3:h:intel:core_i7:950
  • Intel Core I7 960
    cpe:2.3:h:intel:core_i7:960
  • Intel Core I7 965
    cpe:2.3:h:intel:core_i7:965
  • Intel Core I7 970
    cpe:2.3:h:intel:core_i7:970
  • Intel Core I7 975
    cpe:2.3:h:intel:core_i7:975
  • Intel Core I7 980
    cpe:2.3:h:intel:core_i7:980
  • Intel Core I7 980X
    cpe:2.3:h:intel:core_i7:980x
  • Intel Core I7 990X
    cpe:2.3:h:intel:core_i7:990x
  • Intel Core I7 2600
    cpe:2.3:h:intel:core_i7:2600
  • Intel Core I7 2600K
    cpe:2.3:h:intel:core_i7:2600k
  • Intel Core I7 2600S
    cpe:2.3:h:intel:core_i7:2600s
  • Intel Core I7 2610UE
    cpe:2.3:h:intel:core_i7:2610ue
  • Intel Core I7 2617M
    cpe:2.3:h:intel:core_i7:2617m
  • Intel Core I7 2620M
    cpe:2.3:h:intel:core_i7:2620m
  • Intel Core I7 2629M
    cpe:2.3:h:intel:core_i7:2629m
  • Intel Core I7 2630QM
    cpe:2.3:h:intel:core_i7:2630qm
  • Intel Core I7 2635QM
    cpe:2.3:h:intel:core_i7:2635qm
  • Intel Core I7 2637M
    cpe:2.3:h:intel:core_i7:2637m
  • Intel Core I7 2640M
    cpe:2.3:h:intel:core_i7:2640m
  • Intel Core I7 2649M
    cpe:2.3:h:intel:core_i7:2649m
  • Intel Core I7 2655LE
    cpe:2.3:h:intel:core_i7:2655le
  • Intel Core I7 2657M
    cpe:2.3:h:intel:core_i7:2657m
  • Intel Core I7 2670QM
    cpe:2.3:h:intel:core_i7:2670qm
  • Intel Core I7 2675QM
    cpe:2.3:h:intel:core_i7:2675qm
  • Intel Core I7 2677M
    cpe:2.3:h:intel:core_i7:2677m
  • Intel Core I7 2700K
    cpe:2.3:h:intel:core_i7:2700k
  • Intel Core I7 2710QE
    cpe:2.3:h:intel:core_i7:2710qe
  • Intel Core I7 2715QE
    cpe:2.3:h:intel:core_i7:2715qe
  • Intel Core I7 2720QM
    cpe:2.3:h:intel:core_i7:2720qm
  • Intel Core I7 2760QM
    cpe:2.3:h:intel:core_i7:2760qm
  • Intel Core I7 2820QM
    cpe:2.3:h:intel:core_i7:2820qm
  • Intel Core I7 2860QM
    cpe:2.3:h:intel:core_i7:2860qm
  • Intel Core I7 2920XM
    cpe:2.3:h:intel:core_i7:2920xm
  • Intel Core I7 2960XM
    cpe:2.3:h:intel:core_i7:2960xm
  • Intel Core I7 3517U
    cpe:2.3:h:intel:core_i7:3517u
  • Intel Core I7 3517UE
    cpe:2.3:h:intel:core_i7:3517ue
  • Intel Core I7 3520M
    cpe:2.3:h:intel:core_i7:3520m
  • Intel Core I7 3537U
    cpe:2.3:h:intel:core_i7:3537u
  • Intel Core I7 3540M
    cpe:2.3:h:intel:core_i7:3540m
  • Intel Core I7 3555LE
    cpe:2.3:h:intel:core_i7:3555le
  • Intel Core I7 3610QE
    cpe:2.3:h:intel:core_i7:3610qe
  • Intel Core I7 3610QM
    cpe:2.3:h:intel:core_i7:3610qm
  • Intel Core I7 3612QE
    cpe:2.3:h:intel:core_i7:3612qe
  • Intel Core I7 3612QM
    cpe:2.3:h:intel:core_i7:3612qm
  • Intel Core I7 3615QE
    cpe:2.3:h:intel:core_i7:3615qe
  • Intel Core I7 3615QM
    cpe:2.3:h:intel:core_i7:3615qm
  • Intel Core I7 3630QM
    cpe:2.3:h:intel:core_i7:3630qm
  • Intel Core I7 3632QM
    cpe:2.3:h:intel:core_i7:3632qm
  • Intel Core I7 3635QM
    cpe:2.3:h:intel:core_i7:3635qm
  • Intel Core I7 3667U
    cpe:2.3:h:intel:core_i7:3667u
  • Intel Core I7 3687U
    cpe:2.3:h:intel:core_i7:3687u
  • Intel Core I7 3689Y
    cpe:2.3:h:intel:core_i7:3689y
  • Intel Core I7 3720QM
    cpe:2.3:h:intel:core_i7:3720qm
  • Intel Core I7 3740QM
    cpe:2.3:h:intel:core_i7:3740qm
  • Intel Core I7 3770
    cpe:2.3:h:intel:core_i7:3770
  • Intel Core I7 3770K
    cpe:2.3:h:intel:core_i7:3770k
  • Intel Core I7 3770S
    cpe:2.3:h:intel:core_i7:3770s
  • Intel Core I7 3770T
    cpe:2.3:h:intel:core_i7:3770t
  • Intel Core I7 3820QM
    cpe:2.3:h:intel:core_i7:3820qm
  • Intel Core I7 3840QM
    cpe:2.3:h:intel:core_i7:3840qm
  • Intel Core I7 4500U
    cpe:2.3:h:intel:core_i7:4500u
  • Intel Core I7 4510U
    cpe:2.3:h:intel:core_i7:4510u
  • Intel Core I7 4550U
    cpe:2.3:h:intel:core_i7:4550u
  • Intel Core I7 4558U
    cpe:2.3:h:intel:core_i7:4558u
  • Intel Core I7 4578U
    cpe:2.3:h:intel:core_i7:4578u
  • Intel Core I7 4600M
    cpe:2.3:h:intel:core_i7:4600m
  • Intel Core I7 4600U
    cpe:2.3:h:intel:core_i7:4600u
  • Intel Core I7 4610M
    cpe:2.3:h:intel:core_i7:4610m
  • Intel Core I7 4610Y
    cpe:2.3:h:intel:core_i7:4610y
  • Intel Core I7 4650U
    cpe:2.3:h:intel:core_i7:4650u
  • Intel Core I7 4700EC
    cpe:2.3:h:intel:core_i7:4700ec
  • Intel Core I7 4700EQ
    cpe:2.3:h:intel:core_i7:4700eq
  • Intel Core I7 4700HQ
    cpe:2.3:h:intel:core_i7:4700hq
  • Intel Core I7 4700MQ
    cpe:2.3:h:intel:core_i7:4700mq
  • Intel Core I7 4702EC
    cpe:2.3:h:intel:core_i7:4702ec
  • Intel Core I7 4702HQ
    cpe:2.3:h:intel:core_i7:4702hq
  • Intel Core I7 4702MQ
    cpe:2.3:h:intel:core_i7:4702mq
  • Intel Core I7 4710HQ
    cpe:2.3:h:intel:core_i7:4710hq
  • Intel Core I7 4710MQ
    cpe:2.3:h:intel:core_i7:4710mq
  • Intel Core I7 4712HQ
    cpe:2.3:h:intel:core_i7:4712hq
  • Intel Core I7 4712MQ
    cpe:2.3:h:intel:core_i7:4712mq
  • Intel Core I7 4720HQ
    cpe:2.3:h:intel:core_i7:4720hq
  • Intel Core I7 4722HQ
    cpe:2.3:h:intel:core_i7:4722hq
  • Intel Core I7 4750HQ
    cpe:2.3:h:intel:core_i7:4750hq
  • Intel Core I7 4760HQ
    cpe:2.3:h:intel:core_i7:4760hq
  • Intel Core I7 4765T
    cpe:2.3:h:intel:core_i7:4765t
  • Intel Core I7 4770
    cpe:2.3:h:intel:core_i7:4770
  • Intel Core I7 4770HQ
    cpe:2.3:h:intel:core_i7:4770hq
  • Intel Core I7 4770K
    cpe:2.3:h:intel:core_i7:4770k
  • Intel Core I7 4770R
    cpe:2.3:h:intel:core_i7:4770r
  • Intel Core I7 4770S
    cpe:2.3:h:intel:core_i7:4770s
  • Intel Core I7 4770T
    cpe:2.3:h:intel:core_i7:4770t
  • Intel Core I7 4770TE
    cpe:2.3:h:intel:core_i7:4770te
  • Intel Core I7 4771
    cpe:2.3:h:intel:core_i7:4771
  • Intel Core I7 4785T
    cpe:2.3:h:intel:core_i7:4785t
  • Intel Core I7 4790
    cpe:2.3:h:intel:core_i7:4790
  • Intel Core I7 4790K
    cpe:2.3:h:intel:core_i7:4790k
  • Intel Core I7 4790S
    cpe:2.3:h:intel:core_i7:4790s
  • Intel Core I7 4790T
    cpe:2.3:h:intel:core_i7:4790t
  • Intel Core I7 4800MQ
    cpe:2.3:h:intel:core_i7:4800mq
  • Intel Core I7 4810MQ
    cpe:2.3:h:intel:core_i7:4810mq
  • Intel Core I7 4850HQ
    cpe:2.3:h:intel:core_i7:4850hq
  • Intel Core I7 4860HQ
    cpe:2.3:h:intel:core_i7:4860hq
  • Intel Core I7 4870HQ
    cpe:2.3:h:intel:core_i7:4870hq
  • Intel Core I7 4900MQ
    cpe:2.3:h:intel:core_i7:4900mq
  • Intel Core I7 4910MQ
    cpe:2.3:h:intel:core_i7:4910mq
  • Intel Core I7 4950HQ
    cpe:2.3:h:intel:core_i7:4950hq
  • Intel Core I7 4960HQ
    cpe:2.3:h:intel:core_i7:4960hq
  • Intel Core I7 4980HQ
    cpe:2.3:h:intel:core_i7:4980hq
  • Intel Core I7 5500U
    cpe:2.3:h:intel:core_i7:5500u
  • Intel Core I7 5550U
    cpe:2.3:h:intel:core_i7:5550u
  • Intel Core I7 5557U
    cpe:2.3:h:intel:core_i7:5557u
  • Intel Core I7 5600U
    cpe:2.3:h:intel:core_i7:5600u
  • Intel Core I7 5650U
    cpe:2.3:h:intel:core_i7:5650u
  • Intel Core I7 5700EQ
    cpe:2.3:h:intel:core_i7:5700eq
  • Intel Core I7 5700HQ
    cpe:2.3:h:intel:core_i7:5700hq
  • Intel Core I7 5750HQ
    cpe:2.3:h:intel:core_i7:5750hq
  • Intel Core I7 5775C
    cpe:2.3:h:intel:core_i7:5775c
  • Intel Core I7 5775R
    cpe:2.3:h:intel:core_i7:5775r
  • Intel Core I7 5850EQ
    cpe:2.3:h:intel:core_i7:5850eq
  • Intel Core I7 5850HQ
    cpe:2.3:h:intel:core_i7:5850hq
  • Intel Core I7 5950HQ
    cpe:2.3:h:intel:core_i7:5950hq
  • Intel Core I7 7500U
    cpe:2.3:h:intel:core_i7:7500u
  • Intel Core I7 7560U
    cpe:2.3:h:intel:core_i7:7560u
  • Intel Core I7 7567U
    cpe:2.3:h:intel:core_i7:7567u
  • Intel Core I7 7600U
    cpe:2.3:h:intel:core_i7:7600u
  • Intel Core I7 7660U
    cpe:2.3:h:intel:core_i7:7660u
  • Intel Core I7 7700
    cpe:2.3:h:intel:core_i7:7700
  • Intel Core I7 7700HQ
    cpe:2.3:h:intel:core_i7:7700hq
  • Intel Core I7 7700K
    cpe:2.3:h:intel:core_i7:7700k
  • Intel Core I7 7700T
    cpe:2.3:h:intel:core_i7:7700t
  • Intel Core I7 7820EQ
    cpe:2.3:h:intel:core_i7:7820eq
  • Intel Core I7 7820HK
    cpe:2.3:h:intel:core_i7:7820hk
  • Intel Core I7 7820HQ
    cpe:2.3:h:intel:core_i7:7820hq
  • Intel Core I7 7920HQ
    cpe:2.3:h:intel:core_i7:7920hq
  • Intel Core I7 8550U
    cpe:2.3:h:intel:core_i7:8550u
  • Intel Core I7 8650U
    cpe:2.3:h:intel:core_i7:8650u
  • Intel Core I7 8700
    cpe:2.3:h:intel:core_i7:8700
  • Intel Core I7 8700K
    cpe:2.3:h:intel:core_i7:8700k
  • Intel Core M 5Y10
    cpe:2.3:h:intel:core_m:5y10
  • Intel Core M 5Y10A
    cpe:2.3:h:intel:core_m:5y10a
  • Intel Core M 5Y10C
    cpe:2.3:h:intel:core_m:5y10c
  • Intel Core M 5Y31
    cpe:2.3:h:intel:core_m:5y31
  • Intel Core M 5Y51
    cpe:2.3:h:intel:core_m:5y51
  • Intel Core M 5Y70
    cpe:2.3:h:intel:core_m:5y70
  • Intel Core M 5Y71
    cpe:2.3:h:intel:core_m:5y71
  • Intel Core M3 6Y30
    cpe:2.3:h:intel:core_m3:6y30
  • Intel Core M3 7Y30
    cpe:2.3:h:intel:core_m3:7y30
  • Intel Core M3 7Y32
    cpe:2.3:h:intel:core_m3:7y32
  • Intel Core M5 6Y54
    cpe:2.3:h:intel:core_m5:6y54
  • Intel Core M5 6Y57
    cpe:2.3:h:intel:core_m5:6y57
  • Intel Core M7 6Y75
    cpe:2.3:h:intel:core_m7:6y75
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • cpe:2.3:o:citrix:xenserver:7.0
    cpe:2.3:o:citrix:xenserver:7.0
  • cpe:2.3:o:citrix:xenserver:7.1
    cpe:2.3:o:citrix:xenserver:7.1
  • cpe:2.3:o:citrix:xenserver:7.3
    cpe:2.3:o:citrix:xenserver:7.3
  • cpe:2.3:o:citrix:xenserver:7.4
    cpe:2.3:o:citrix:xenserver:7.4
  • cpe:2.3:o:citrix:xenserver:7.5
    cpe:2.3:o:citrix:xenserver:7.5
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:o:freebsd:freebsd:11.0
    cpe:2.3:o:freebsd:freebsd:11.0
  • cpe:2.3:o:freebsd:freebsd:11.1
    cpe:2.3:o:freebsd:freebsd:11.1
  • cpe:2.3:o:freebsd:freebsd:11.2
    cpe:2.3:o:freebsd:freebsd:11.2
  • cpe:2.3:o:redhat:enterprise_linux:6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:-:-:-:-:-:x64
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:-:-:-:-:-:x64
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:-:-:-:-:-:x64
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:-:-:-:-:-:x64
CVSS
Base: 4.7
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2101-1.NASL
    description This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111450
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111450
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2101-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2059-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). Bug fixes : - bsc#1027519: Add upstream patches from January. - bsc#1087289: Fix xen scheduler crash. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111348
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111348
    title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:2059-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1944.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.
    last seen 2018-09-09
    modified 2018-09-07
    plugin id 110618
    published 2018-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110618
    title RHEL 7 : kernel-rt (RHSA-2018:1944)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4232.NASL
    description This update provides mitigations for the 'lazy FPU' vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/advisory-267.html
    last seen 2018-09-02
    modified 2018-08-31
    plugin id 110624
    published 2018-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110624
    title Debian DSA-4232-1 : xen - security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0237.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dm_get_from_kobject and __dm_destroy (Hou Tao) (CVE-2017-18203) - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] (CVE-2018-8781) - kernel/exit.c: avoid undefined behaviour when calling wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] (CVE-2018-10087) - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) (CVE-2018-10124) - bluetooth: Validate socket address length in sco_sock_bind. (mlevatic) [Orabug: 28130293] (CVE-2015-8575) - dccp: check sk for closed state in dccp_sendmsg (Alexey Kodanev) [Orabug: 28220402] (CVE-2017-8824) (CVE-2018-1130) - sctp: verify size of a new chunk in _sctp_make_chunk (Alexey Kodanev) [Orabug: 28240075] (CVE-2018-5803) - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] (CVE-2017-7616) - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] (CVE-2017-11600) (CVE-2017-11600) - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] (CVE-2018-3665) - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741) - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] (CVE-2018-10323) - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410) (CVE-2017-1000410) - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2549) - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548) - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2545) - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543) - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2544) - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384) - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] (CVE-2018-1000199) - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]
    last seen 2018-09-01
    modified 2018-08-07
    plugin id 111022
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111022
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1A467757CE.NASL
    description preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] x86: #DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893] libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266, CVE-2018-12892] ---- Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] fix for change in iasl output Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111236
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111236
    title Fedora 27 : xen (2018-1a467757ce)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2094-1.NASL
    description This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111443
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111443
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2094-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2091-1.NASL
    description This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111441
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111441
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2091-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2087-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_93 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111437
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111437
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2087-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1946-1.NASL
    description This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111057
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111057
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1946-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2086-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111436
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111436
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2086-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2090-1.NASL
    description This update for the Linux Kernel 3.12.61-52_128 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111440
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111440
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2090-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0232.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=b059d1de3b211fe5582c63f64b4822b9f85eafd2 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: fix memory leak of XendConfig.XendConfig object (Manjunath Patil) [Orabug: 28165871] - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - x86/spec-ctrl: Mitigations for LazyFPU (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 27182906] - x86/AMD-ucode: correct multiple container handling (Jan Beulich) - x86, amd_ucode: fix coverity issues found in cpu_request_microcode (Aravind Gopalakrishnan) [Orabug: 28157269] - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128754] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28035001] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Fold the XEN_IBRS_[SET,CLEAR] ALTERNATIVES together (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Assume that STIBP feature is always available (Boris Ostrovsky) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - Revert 'x86/boot: Disable IBRS in intr/nmi exit path at bootup stage' (Boris Ostrovsky) [Orabug: 28035001] (CVE-2018-3639)
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110791
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110791
    title OracleVM 3.4 : xen (OVMSA-2018-0232) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1948-1.NASL
    description This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111059
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111059
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1948-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2165.NASL
    description Updated kernel-rt packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker (CVE-2017-13305) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Enhancement(s) : * The kernel-rt packages have been upgraded to version 3.10.0-693.35.1.rt56.623, which provides a number of bug fixes over the previous version. (BZ#1579972) Users of kernel-rt are advised to upgrade to these updated packages, which add this enhancement. The system must be rebooted for this update to take effect.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111029
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111029
    title RHEL 6 : MRG (RHSA-2018:2165)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2069-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes : - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111371
    published 2018-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111371
    title SUSE SLES12 Security Update : xen (SUSE-SU-2018:2069-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4134.NASL
    description Description of changes: kernel-uek [3.8.13-118.21.4.el7uek] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} [3.8.13-118.21.3.el7uek] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} [3.8.13-118.21.2.el7uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]
    last seen 2018-09-02
    modified 2018-06-18
    plugin id 110583
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110583
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3696-1.NASL
    description It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Jakub Jirasek discovered that multiple use-after-errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 110896
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110896
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3696-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3698-1.NASL
    description It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). (CVE-2017-12154) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-03
    plugin id 110900
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110900
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-3698-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2100-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111449
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111449
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2100-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2114-1.NASL
    description This update for the Linux Kernel 3.12.61-52_133 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111463
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111463
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2114-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2103-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111452
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111452
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2103-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180710_KERNEL_ON_SL6_X.NASL
    description Security Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) - kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) - Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) - kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) Bug Fix(es) : - Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111002
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111002
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2088-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111438
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111438
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2088-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2095-1.NASL
    description This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111444
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111444
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2095-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2096-1.NASL
    description This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111445
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111445
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2096-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0230.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28135099] (CVE-2018-3665)
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110580
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110580
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0230)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2099-1.NASL
    description This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111448
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111448
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2099-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-803.NASL
    description This update for xen fixes the following issues : Security issues fixed : - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). Bug fixes : - bsc#1027519: Add upstream patches from January. - bsc#1087289: Fix xen scheduler crash. This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111565
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111565
    title openSUSE Security Update : xen (openSUSE-2018-803)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0248.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.
    last seen 2018-09-01
    modified 2018-08-20
    plugin id 111992
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111992
    title OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1947-1.NASL
    description This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111058
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111058
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1947-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2097-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111446
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111446
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2097-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1943-1.NASL
    description This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111054
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111054
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1943-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1949-1.NASL
    description This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111101
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111101
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1949-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1942-1.NASL
    description This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111053
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111053
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1942-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2081-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes : - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111433
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111433
    title SUSE SLES12 Security Update : xen (SUSE-SU-2018:2081-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2108-1.NASL
    description This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111457
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111457
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2108-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2102-1.NASL
    description This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111451
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111451
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2102-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2105-1.NASL
    description This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111454
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111454
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2105-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2113-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111462
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111462
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2113-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0231.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] (CVE-2018-3665) - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] (CVE-2017-17741) (CVE-2017-17741) - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] (CVE-2018-10323) - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] (CVE-2017-1000410) (CVE-2017-1000410) - ALSA: hrtimer: Fix stall by hrtimer_cancel (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2549) - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2547) (CVE-2016-2548) - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2545) - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2543) - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] (CVE-2016-2544) - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] (CVE-2016-2384) - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] (CVE-2018-1000199) - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 110581
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110581
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2018-048.NASL
    description According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - [x86 AMD] An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. - By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). - A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the 'Lazy FPU Restore' scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. - A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-12
    modified 2018-09-06
    plugin id 111151
    published 2018-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111151
    title Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-048)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4164.NASL
    description Description of changes: kernel-uek kernel-uek [3.8.13-118.22.1.el7uek] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) {CVE-2017-18203} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] {CVE-2018-8781} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] {CVE-2018-10087} - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) {CVE-2018-10124} - bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130293] {CVE-2015-8575} - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130} - sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240075] {CVE-2018-5803} - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] {CVE-2017-7616} - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] {CVE-2017-11600} {CVE-2017-11600} - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]
    last seen 2018-09-01
    modified 2018-07-11
    plugin id 110998
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110998
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2098-1.NASL
    description This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111447
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111447
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2098-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1422.NASL
    description The previous update to linux failed to build for the armhf (ARM EABI hard-float) architecture. This update corrects that. For all other architectures, there is no need to upgrade or reboot again. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using new microcoded features. This mitigation requires an update to the processor's microcode, which is non-free. For recent Intel processors, this is included in the intel-microcode package from version 3.20180425.1~deb8u1. For other processors, it may be included in an update to the system BIOS or UEFI firmware, or in a later update to the amd64-microcode package. This vulnerability was already mitigated for the x86 architecture by the 'retpoline' feature. CVE-2017-5753 Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated. CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a NULL pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. The previously applied mitigation for this issue was not appropriate for Linux 3.16 and has been replaced by an alternate fix. CVE-2018-1093 Wen Xu reported that a crafted ext4 filesystem image could trigger an out-of-bounds read in the ext4_valid_block_bitmap() function. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-1130 The syzbot software found that the DCCP implementation of sendmsg() does not check the socket state, potentially leading to a NULL pointer dereference. A local user could use this to cause a denial of service (crash). CVE-2018-3665 Multiple researchers have discovered that some Intel x86 processors can speculatively read floating-point and vector registers even when access to those registers is disabled. The Linux kernel's 'lazy FPU' feature relies on that access control to avoid saving and restoring those registers for tasks that do not use them, and was enabled by default on x86 processors that do not support the XSAVEOPT instruction. If 'lazy FPU' is enabled on one of the affected processors, an attacker controlling an unprivileged process may be able to read sensitive information from other users' processes or the kernel. This specifically affects processors based on the 'Nehalem' and 'Westemere' core designs. This issue has been mitigated by disabling 'lazy FPU' by default on all x86 processors that support the FXSAVE and FXRSTOR instructions, which includes all processors known to be affected and most processors that perform speculative execution. It can also be mitigated by adding the kernel parameter: eagerfpu=on CVE-2018-5814 Jakub Jirasek reported race conditions in the USB/IP host driver. A malicious client could use this to cause a denial of service (crash or memory corruption), and possibly to execute code, on a USB/IP server. CVE-2018-9422 It was reported that the futex() system call could be used by an unprivileged user for privilege escalation. CVE-2018-10853 Andy Lutomirski and Mika Penttilä reported that KVM for x86 processors did not perform a necessary privilege check when emulating certain instructions. This could be used by an unprivileged user in a guest VM to escalate their privileges within the guest. CVE-2018-10940 Dan Carpenter reported that the optical disc driver (cdrom) does not correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A user with access to a cdrom device could use this to cause a denial of service (crash). CVE-2018-11506 Piotr Gabriel Kosinski and Daniel Shapira reported that the SCSI optical disc driver (sr) did not allocate a sufficiently large buffer for sense data. A user with access to a SCSI optical disc device that can produce more than 64 bytes of sense data could use this to cause a denial of service (crash or memory corruption), and possibly for privilege escalation. CVE-2018-12233 Shankara Pailoor reported that a crafted JFS filesystem image could trigger a denial of service (memory corruption). This could possibly also be used for privilege escalation. CVE-2018-1000204 The syzbot software found that the SCSI generic driver (sg) would in some circumstances allow reading data from uninitialised buffers, which could include sensitive information from the kernel or other tasks. However, only privileged users with the CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this, so this has little or no security impact. For Debian 8 'Jessie', these problems have been fixed in version 3.16.57-1. This update additionally fixes Debian bug #898165, and includes many more bug fixes from stable update 3.16.57. We recommend that you upgrade your linux packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-31
    plugin id 111082
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111082
    title Debian DLA-1422-2 : linux security update (Spectre)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2018-004.NASL
    description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities.
    last seen 2018-09-02
    modified 2018-07-20
    plugin id 111136
    published 2018-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111136
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-004)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2164.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es) : * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ# 1574592)
    last seen 2018-09-01
    modified 2018-08-30
    plugin id 111077
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111077
    title CentOS 6 : kernel (CESA-2018:2164) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1852.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.
    last seen 2018-09-01
    modified 2018-08-30
    plugin id 110569
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110569
    title CentOS 7 : kernel (CESA-2018:1852)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2093-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111442
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111442
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2093-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1940-1.NASL
    description This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111052
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111052
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1940-1)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_AUG_4343900.NASL
    description The remote Windows host is missing security update 4343899 or cumulative update 4343900. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8403) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8341, CVE-2018-8348) - An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. (CVE-2018-8342, CVE-2018-8343) - A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8316) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2018-8394, CVE-2018-8396, CVE-2018-8398) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8355, CVE-2018-8372, CVE-2018-8385) - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2018-8345, CVE-2018-8346) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8353, CVE-2018-8371, CVE-2018-8373, CVE-2018-8389) - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8397) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8404) - A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. (CVE-2018-8349) - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-8339) - An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream. (CVE-2018-8360) - An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access. (CVE-2018-8351) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8344)
    last seen 2018-09-19
    modified 2018-09-17
    plugin id 111689
    published 2018-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111689
    title KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4E07D94F75A511E885D1A4BADB2F4699.NASL
    description A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Impact : Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 110653
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110653
    title FreeBSD : FreeBSD -- Lazy FPU State Restore Information Disclosure (4e07d94f-75a5-11e8-85d1-a4badb2f4699)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2048-1.NASL
    description This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111328
    published 2018-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111328
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2048-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1762-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007) - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095) - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012) - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110637
    published 2018-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110637
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1762-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2164.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es) : * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ# 1574592)
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111001
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111001
    title RHEL 6 : kernel (RHSA-2018:2164) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2115-1.NASL
    description This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111464
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111464
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2115-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180614_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 110542
    published 2018-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110542
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2112-1.NASL
    description This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111461
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111461
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2112-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2111-1.NASL
    description This update for the Linux Kernel 3.12.61-52_136 fixes one issue. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111460
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111460
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2111-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2110-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_96 fixes one issue. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111459
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111459
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2110-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4145.NASL
    description Description of changes: [2.6.39-400.299.3.el6uek] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156175] {CVE-2018-3665} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 22876528] {CVE-2016-2384} - mlx4_ib: DREQ silently dropped by PF passive side (Venkat Venkatsubra) [Orabug: 25090540] - net: tcpdump fails with EFAULT (Venkat Venkatsubra) [Orabug: 25209691] - x86/spec: Remove rescan_spec_ctrl_feature as it's not needed anymore (Krish Sadhukhan) [Orabug: 27934121] [2.6.39-400.299.2.el6uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947612]
    last seen 2018-09-01
    modified 2018-06-18
    plugin id 110585
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110585
    title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1852.NASL
    description From Red Hat Security Advisory 2018:1852 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110582
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110582
    title Oracle Linux 7 : kernel (ELSA-2018-1852)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2109-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111458
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111458
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2109-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2107-1.NASL
    description This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111456
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111456
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2107-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1944-1.NASL
    description This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111055
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111055
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1944-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1945-1.NASL
    description This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 111056
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111056
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1945-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2037-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes : - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111261
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111261
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:2037-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-766.NASL
    description This update for xen fixes the following issues : Security issues fixed : - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes : - bsc#1027519: Add upstream patches from January. - bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. - bsc#1087289: Fix xen scheduler crash. This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111418
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111418
    title openSUSE Security Update : xen (openSUSE-2018-766)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2528-1.NASL
    description This update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed : - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 112147
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112147
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1821-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This new feature was added : - Btrfs: Remove empty block groups in the background The following security bugs were fixed : - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110761
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110761
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1821-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0233.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=67e64eec4bfe342ca6c2ff0858ae7f5c39041013 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - BUILDINFO: xen commit=7e4f43226d60a48df300b32ce60ecff75ce2612d - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 28189188] - BUILDINFO: xen commit=ba8e4ae04e3594470f9ce1663135fbe8c25106af - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec-ctrl: Mitigations for LazyFPU (Ross Philipson) [Orabug: 28135217] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135217] (CVE-2018-3665) - BUILDINFO: xen commit=312880584fe084de632a6667254a5cc1c846179e - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128506] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28034172] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Fold the XEN_IBRS_[SET,CLEAR] ALTERNATIVES together (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Assume that STIBP feature is always available (Boris Ostrovsky) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - BUILDINFO: xen commit=dc770041d983843c860c06d405054c0e01a4fd98 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - one-off build
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110792
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110792
    title OracleVM 3.4 : xen (OVMSA-2018-0233) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3696-2.NASL
    description USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Jakub Jirasek discovered that multiple use-after-errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 110897
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110897
    title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3696-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2104-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111453
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111453
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2104-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2106-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_88 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111455
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111455
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2106-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1761-1.NASL
    description The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110636
    published 2018-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110636
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1761-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2164.NASL
    description From Red Hat Security Advisory 2018:2164 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es) : * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ# 1574592)
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110996
    published 2018-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110996
    title Oracle Linux 6 : kernel (ELSA-2018-2164) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2056-1.NASL
    description This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes : - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 111346
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111346
    title SUSE SLES12 Security Update : xen (SUSE-SU-2018:2056-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1849-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110836
    published 2018-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110836
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1849-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1855-1.NASL
    description The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110838
    published 2018-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110838
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1855-1)
  • NASL family Misc.
    NASL id CITRIX_XENSERVER_CTX235745.NASL
    description The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by an information disclosure vulnerability.
    last seen 2018-09-02
    modified 2018-07-27
    plugin id 110779
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110779
    title Citrix XenServer Information Disclosure Vulnerability (CTX235225)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4144.NASL
    description Description of changes: [4.1.12-124.16.4.el7uek] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28135099] {CVE-2018-3665}
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110584
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110584
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4144)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-656.NASL
    description The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture. - CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356). - CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). - CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311 1091815). - CVE-2017-13305: A information disclosure vulnerability in the encrypted-keys. (bnc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bnc#1087095). - CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bnc#1087007 1092903). - CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bnc#1087012). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. (bsc#1097234) The following non-security bugs were fixed : - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382). - acpi: acpi_pad: Fix memory leak in power saving threads (bnc#1012382). - acpica: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382). - acpica: Events: add a return on failure from acpi_hw_register_read (bnc#1012382). - acpi: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382). - affs_lookup(): close a race with affs_remove_link() (bnc#1012382). - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382). - alsa: control: fix a redundant-copy issue (bnc#1012382). - alsa: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382). - alsa: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717). - alsa: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bsc#973378). - alsa: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382). - alsa: vmaster: Propagate slave error (bnc#1012382). - arc: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add this_cpu_ptr() assembler macro for use in entry.S (bsc#1085308). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: assembler: introduce ldr_this_cpu (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: do not call C code with el0's fp register (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bnc#1012382 bsc#1068032). - arm64: lse: Add early clobbers to some input/output asm operands (bnc#1012382). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bnc#1012382). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382). - arm: OMAP3: Fix prm wake interrupt for resume (bnc#1012382). - arm: OMAP: Fix dmtimer init for omap1 (bnc#1012382). - asm-generic: provide generic_pmdp_establish() (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382). - ASoC: topology: create TLV data for dapm widgets (bnc#1012382). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bnc#1012382). - audit: move calcs after alloc and check when logging set loginuid (bnc#1012382). - audit: return on memory error to avoid NULL pointer dereference (bnc#1012382). - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path (bsc#1086716). - autofs: change autofs4_wait() to take struct path (bsc#1086716). - autofs: use path_has_submounts() to fix unreliable have_submount() checks (bsc#1086716). - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks (bsc#1086716). - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bnc#1012382). - batman-adv: fix packet checksum in receive path (bnc#1012382). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bnc#1012382). - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382). - bcache: fix for allocator and register thread race (bnc#1012382). - bcache: fix for data collapse after re-attaching an attached device (bnc#1012382). - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382). - bcache: properly set task state in bch_writeback_thread() (bnc#1012382). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bnc#1012382). - bcache: return attach error when no cache set exist (bnc#1012382). - blacklist.conf: blacklist fc218544fbc8 This commit requires major changes from 4.17, namely commit b9e281c2b388 ('libceph: introduce BVECS data type') - blacklist.conf: No need for 0aa48468d009 ('KVM/VMX: Expose SSBD properly to guests') since KF(SSBD) in our case does the expected. - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435). - bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147). - bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382). - bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382). - bonding: do not allow rlb updates to invalid mac (bnc#1012382). - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382). - bridge: check iface upper dev when setting master via ioctl (bnc#1012382). - btrfs: bail out on error during replay_dir_deletes (bnc#1012382). - btrfs: fix copy_items() return value when logging an inode (bnc#1012382). - btrfs: fix crash when trying to resume balance without the resume flag (bnc#1012382). - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382). - btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382). - btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382). - btrfs: Fix possible softlock on single core machines (bnc#1012382). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bnc#1012382). - btrfs: fix scrub to repair raid6 corruption (bnc#1012382). - btrfs: fix xattr loss after power failure (bnc#1012382). - btrfs: send, fix issuing write op when processing hole in no data mode (bnc#1012382). - btrfs: set plug for fsync (bnc#1012382). - btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382). - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382). - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214). - ceph: fix race of queuing delayed caps (bsc#1096214). - ceph: fix st_nlink stat for directories (bsc#1093904). - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes). - cfg80211: further limit wiphy names to 64 bytes (git-fixes). - cfg80211: limit wiphy names to 128 bytes (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382 bsc#1090734). - clk: Do not show the incorrect clock phase (bnc#1012382). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bnc#1012382). - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382). - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382). - clocksource/drivers/fsl_ftm_timer: Fix error return checking (bnc#1012382). - config: arm64: enable Spectre-v4 per-thread mitigation - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bnc#1012382). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382). - cpufreq: intel_pstate: Enable HWP by default (FATE#319178 bnc#1012382). - cpuidle: coupled: remove unused define cpuidle_coupled_lock (bnc#1012382). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382). - cxgb4: Setup FW queues before registering netdev (bsc#1022743 FATE#322540). - dccp: fix tasklet usage (bnc#1012382). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382). - dmaengine: pl330: fix a race condition in case of threaded irqs (bnc#1012382). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382). - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() (bnc#1012382). - dm thin: fix documentation relative to low water mark threshold (bnc#1012382). - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382). - dp83640: Ensure against premature access to PHY registers after reset (bnc#1012382). - drm/exynos: fix comparison to bitshift when dealing with a mask (bnc#1012382). - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382). - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382). - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382). - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382 bsc#1075428). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bnc#1012382). - enic: enable rq before updating rq descriptors (bnc#1012382). - ext2: fix a block leak (bnc#1012382). - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() (bnc#1012382). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bnc#1012382). - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382). - Fix excessive newline in /proc/*/status (bsc#1094823). - fix io_destroy()/aio_complete() race (bnc#1012382). - Force log to disk before reading the AGF during a fstrim (bnc#1012382). - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bnc#1012382). - futex: futex_wake_op, do not fail on invalid op (git-fixes). - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382). - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382). - futex: Remove unnecessary warning from get_futex_key (bnc#1012382). - gfs2: Fix fallocate chunk size (bnc#1012382). - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382). - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382). - hfsplus: stop workqueue when fill_super() failed (bnc#1012382). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bnc#1012382). - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382). - hwmon: (pmbus/adm1275) Accept negative page register values (bnc#1012382). - hwmon: (pmbus/max8688) Accept negative page register values (bnc#1012382). - hwrng: stm32 - add reset during probe (bnc#1012382). - hwtracing: stm: fix build error on some arches (bnc#1012382). - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382). - i2c: rcar: check master irqs before slave irqs (bnc#1012382). - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382). - i2c: rcar: init new messages in irq (bnc#1012382). - i2c: rcar: make sure clocks are on when doing clock calculation (bnc#1012382). - i2c: rcar: refactor setup of a msg (bnc#1012382). - i2c: rcar: remove spinlock (bnc#1012382). - i2c: rcar: remove unused IOERROR state (bnc#1012382). - i2c: rcar: revoke START request early (bnc#1012382). - i2c: rcar: rework hw init (bnc#1012382). - ib/ipoib: Fix for potential no-carrier state (bnc#1012382). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - iio:kfifo_buf: check for uint overflow (bnc#1012382). - ima: Fallback to the builtin hash algorithm (bnc#1012382). - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382). - init: fix false positives in W+X checking (bsc#1096982). - input: elan_i2c_smbus - fix corrupted stack (bnc#1012382). - ipc/shm: fix shmat() nil address after round-down when remapping (bnc#1012382). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (bnc#1012382). - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382 bsc#1088871). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (bnc#1012382). - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - irda: fix overly long udelay() (bnc#1012382). - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (bnc#1012382 git-fixes). - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716). - kABI: work around BPF SSBD removal (bsc#1087082). - kasan: fix memory hotplug during boot (bnc#1012382). - kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382). - kconfig: Do not leak main menus during parsing (bnc#1012382). - kconfig: Fix automatic menu creation mem leak (bnc#1012382). - kconfig: Fix expr_free() E_NOT leak (bnc#1012382). - kdb: make 'mdr' command repeat (bnc#1012382). - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, LTC#168596). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382). - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382). - kvm: Fix spelling mistake: 'cop_unsuable' -> 'cop_unusable' (bnc#1012382). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bnc#1012382). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bnc#1012382). - kvm: VMX: raise internal error for exception during invalid protected mode state (bnc#1012382). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382). - kvm: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - l2tp: revert 'l2tp: fix missing print session offset info' (bnc#1012382). - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382). - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382). - libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment (FATE#320457, FATE#320460). - libnvdimm, namespace: use a safe lookup for dimm device name (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - libnvdimm, pfn: fix start_pad handling for aligned namespaces (FATE#320460). - llc: better deal with too small mtu (bnc#1012382). - llc: properly handle dev_queue_xmit() return value (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (bnc#1012382 git-fixes). - locking/qspinlock: Ensure node->count is updated before initialising node (bnc#1012382). - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() (bnc#1012382). - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs (bnc#1012382). - loop: handle short DIO reads (bsc#1094177). - m68k: set dma and coherent masks for platform FEC ethernets (bnc#1012382). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382 bsc#1056415). - md/raid1: fix NULL pointer dereference (bnc#1012382). - md: raid5: avoid string overflow warning (bnc#1012382). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382). - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382 bsc#1031717). - media: dmxdev: fix error code for invalid ioctls (bnc#1012382). - media: em28xx: USB bulk packet size fix (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bnc#1012382 bsc#1031717). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bnc#1012382). - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382). - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: filemap: remove redundant code in do_read_cache_page (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: fix races between address_space dereference and free in page_evicatable (bnc#1012382). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382). - mm/kmemleak.c: wait for scan completion before disabling free (bnc#1012382). - mm/ksm: fix interaction with THP (bnc#1012382). - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382). - mm/mempolicy: fix the check of nodemask from user (bnc#1012382). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1012382 bnc#1081500). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382). - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382). - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382). - net: Fix untag for vlan packets without ethernet header (bnc#1012382). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (bnc#1012382). - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382). - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382). - net/mlx5: Protect from command bit overflow (bnc#1012382). - net: mvneta: fix enable of all initialized RXQs (bnc#1012382). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382). - net_sched: fq: take care of throttled flows before reuse (bnc#1012382). - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382). - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382). - net: test tailroom before appending to linear skb (bnc#1012382). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382). - nfc: llcp: Limit size of SDP URI (bnc#1012382). - nfit, address-range-scrub: fix scrub in-progress reporting (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - nfit: fix region registration vs block-data-window ranges (FATE#319858). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382 git-fixes). - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382 bsc#1068951). - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382). - nvme-pci: Fix EEH failure on ppc (bsc#1093533). - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bnc#1012382). - ocfs2/dlm: do not handle migrate lockres if already in shutdown (bnc#1012382). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bnc#1012382 bsc#1070404). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (bnc#1012382). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (bnc#1012382). - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382). - pci: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094268). - pci: Restore config space on runtime resume despite being unbound (bnc#1012382). - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382). - perf/cgroup: Fix child event counting bug (bnc#1012382). - perf/core: Fix perf_output_read_group() (bnc#1012382). - perf report: Fix memory corruption in --branch-history mode --branch-history (bnc#1012382). - perf tests: Use arch__compare_symbol_names to compare symbols (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bnc#1012382 bsc#1045330). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382). - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382 bsc#1066223). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/perf: Fix kernel address leak via sampling registers (bnc#1012382). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: panic() on OPAL < V3 (bnc#1012382). - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL (bnc#1012382). - powerpc/powernv: Remove OPALv2 firmware define and references (bnc#1012382). - proc: fix /proc/*/map_files lookup (bnc#1012382). - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382). - proc: meminfo: estimate available memory more conservatively (-- VM bnc#1012382 functionality monitoring space user). - proc read mm's {arg,env}_{start,end} with mmap semaphore taken (bnc#1012382). - qede: Fix ref-cnt usage count (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix LL2 race during connection terminate (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix possibility of list corruption during rmmod flows (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: LL2 flush isles when connection is closed (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382). - r8152: fix tx packets accounting (bnc#1012382). - r8169: fix powering up RTL8168h (bnc#1012382). - rdma/mlx5: Avoid memory leak in case of XRCD dealloc failure (bnc#1012382). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1022604 FATE#321747). - rdma/ucma: Correct option size check using optlen (bnc#1012382). - rds: IB: Fix NULL pointer issue (bnc#1012382). - Refresh patches.arch/arm64-bsc1031492-0165-arm64-Add-MIDR-values -for-Cavium-cn83XX-SoCs.patch. - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bnc#1012382). - regulatory: add NUL to request alpha2 (bnc#1012382). - Revert 'arm: dts: imx6qdl-wandboard: Fix audio channel swap' (bnc#1012382). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert 'ima: limit file hash setting by user to fix and log modes' (bnc#1012382). - Revert 'ipc/shm: Fix shmat mmap nil-page protection' (bnc#1012382). - Revert 'regulatory: add NUL to request alpha2' (kabi). - Revert 'vti4: Do not override MTU passed on link creation via IFLA_MTU' (bnc#1012382). - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382). - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bnc#1012382). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bnc#1012382). - s390: add assembler macros for CPU alternatives (bnc#1012382). - s390/cio: clear timer when terminating driver I/O (bnc#1012382). - s390/cio: fix return code after missing interrupt (bnc#1012382). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1094532, LTC#168035). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (LTC#168035 bnc#1012382 bnc#1094532). - s390: extend expoline to BC instructions (bnc#1012382). - s390/ftrace: use expoline for indirect branches (bnc#1012382). - s390/kernel: use expoline for indirect branches (bnc#1012382). - s390/lib: use expoline for indirect branches (bnc#1012382). - s390: move expoline assembler macros to a header (bnc#1012382). - s390: move spectre sysfs attribute code (bnc#1012382). - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, LTC#168037). - s390/qdio: fix access to uninitialized qdio_q fields (LTC#168037 bnc#1012382 bnc#1094532). - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382). - s390: use expoline thunks in the BPF JIT (bnc#1012382). - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning (bnc#1012382). - scripts/git-pre-commit : - scsi: aacraid: Correct hba_send to include iu_type (bsc#1022607, FATE#321673). - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382). - scsi: aacraid: Insure command thread is not recursively stopped (bnc#1012382). - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request (bnc#1012382). - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979). - scsi: libsas: defer ata device eh commands to libata (bnc#1012382). - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382). - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bnc#1012382 bsc#1080656). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bnc#1012382 bsc#1078583). - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (bnc#1012382). - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() (bnc#1012382). - scsi: qla4xxx: skip error recovery in case of register disconnect (bnc#1012382). - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382). - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382). - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (bnc#1012382). - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382). - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command (bnc#1012382). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, LTC#168038). - scsi: zfcp: fix infinite iteration on ERP ready list (LTC#168038 bnc#1012382 bnc#1094532). - sctp: delay the authentication for the duplicated cookie-echo chunk (bnc#1012382). - sctp: fix the issue that the cookie-ack with auth can't get processed (bnc#1012382). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (bnc#1012382). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (bnc#1012382). - selftests: ftrace: Add a testcase for probepoint (bnc#1012382). - selftests: ftrace: Add a testcase for string type with kprobe_event (bnc#1012382). - selftests: ftrace: Add probe event argument syntax testcase (bnc#1012382). - selftests: memfd: add config fragment for fuse (bnc#1012382). - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382). - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable (bnc#1012382). - selftests: Print the test we're running to /dev/kmsg (bnc#1012382). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382). - serial: arc_uart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: imx: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382). - sh: fix debug trap failure to process signals before return to user (bnc#1012382). - sh: New gcc support (bnc#1012382). - signals: avoid unnecessary taking of sighand->siglock (-- Scheduler bnc#1012382 bnc#978907 performance signals). - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382). - smsc75xx: fix smsc75xx_set_features() (bnc#1012382). - sock_diag: fix use-after-free read in __sk_free (bnc#1012382). - sparc64: Fix build warnings with gcc 7 (bnc#1012382). - sparc64: Make atomic_xchg() an inline function rather than a macro (bnc#1012382). - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382). - sr: get/drop reference to device in revalidate and check_events (bnc#1012382). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bnc#1012382). - stm class: Use vmalloc for the master map (bnc#1012382). - sunvnet: does not support GSO for sctp (bnc#1012382). - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382 bsc#1082153). - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382). - tcp: ignore Fast Open on repair mode (bnc#1012382). - tcp: purge write queue in tcp_connect_init() (bnc#1012382). - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (git-fixes). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bnc#1012382). - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382). - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bnc#1012382). - tools lib traceevent: Fix get_field_str() for dynamic strings (bnc#1012382). - tools lib traceevent: Simplify pointer print logic and fix %pF (bnc#1012382). - tools/thermal: tmon: fix for segfault (bnc#1012382). - tracing: Fix crash when freeing instances with event triggers (bnc#1012382). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bnc#1012382). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bnc#1012382). - udf: Provide saner default for invalid uid / gid (bnc#1012382). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382). - usb: dwc2: Fix interval type issue (bnc#1012382). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382). - usb: gadget: composite: fix incorrect handling of OS desc requests (bnc#1012382). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bnc#1012382). - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bnc#1012382). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bnc#1012382). - usbip: usbip_host: delete device from busid_table after rebind (bnc#1012382). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bnc#1012382). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bnc#1012382). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bnc#1012382). - usbip: usbip_host: run rebind from exit when module is removed (bnc#1012382). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bnc#1012382). - usb: musb: fix enumeration after resume (bnc#1012382). - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bnc#1012382). - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type (bnc#1012382). - vfs: add path_has_submounts() (bsc#1086716). - vfs: add path_is_mountpoint() helper (bsc#1086716). - vfs: change d_manage() to take a struct path (bsc#1086716). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bnc#1012382). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bnc#1012382). - vmscan: do not force-scan file lru if its absolute size is small (-- VM bnc#1012382 page performance reclaim). - vti4: Do not count header length twice on tunnel setup (bnc#1012382). - vti4: Do not override MTU passed on link creation via IFLA_MTU (bnc#1012382). - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382). - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382). - workqueue: use put_device() instead of kfree() (bnc#1012382). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bnc#1012382). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros (bnc#1012382). - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382). - x86/devicetree: Initialize device tree before using it (bnc#1012382). - x86: ENABLE_IBRS clobbers %rax which it shouldn't do there is probably a place where forcing _IBRS_OFF is missed (or is too late) and therefore ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. (bsc#1098009 and bsc#1098012) - x86/fpu: Default eagerfpu=on on all CPUs (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382). - x86/fpu: Disable MPX when eagerfpu is off (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Fix early FPU command-line parsing (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bnc#1012382). - x86-mce-Make-timer-handling-more-robust.patch: Fix metadata - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382). - x86/pkeys: Do not special case protection key 0 (1041740). - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740). - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382). - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bnc#1012382). - xen/acpi: off by one in read_acpi_id() (bnc#1012382). - xen/grant-table: Use put_page instead of free_page (bnc#1012382). - xen-netfront: Fix race between device setup and open (bnc#1012382). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1012382). - xen: xenbus: use put_device() instead of kfree() (bnc#1012382). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bnc#1012382 bsc#1090534 bsc#1090955). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: fix endianness error when checking log block crc on big endian platforms (bsc#1094405, bsc#1036215). - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (git-fixes). - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bnc#1012382). - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382). - jfs: Fix buffer overrun in ea_get (bsc#1097234, CVE-2018-12233).
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 110658
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110658
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1772-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.136 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086). - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110660
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110660
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1772-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13_6.NASL
    description The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6. It is, therefore, affected by multiple vulnerabilities. Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 111137
    published 2018-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111137
    title macOS 10.13.x < 10.13.6 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1852.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.
    last seen 2018-10-18
    modified 2018-10-17
    plugin id 110541
    published 2018-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110541
    title RHEL 7 : kernel (RHSA-2018:1852)
redhat via4
advisories
  • bugzilla
    id 1585011
    title CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852019
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852029
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852023
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852021
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852011
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852009
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852013
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852025
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852033
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852031
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852027
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852017
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-862.3.3.el7
          oval oval:com.redhat.rhsa:tst:20181852015
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111849018
    rhsa
    id RHSA-2018:1852
    released 2018-06-14
    severity Moderate
    title RHSA-2018:1852: kernel security update (Moderate)
  • bugzilla
    id 1585011
    title CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944019
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944009
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944021
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944017
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411008
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944011
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727022
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944013
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411024
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944023
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944007
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-862.3.3.rt56.809.el7
          oval oval:com.redhat.rhsa:tst:20181944015
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411014
    rhsa
    id RHSA-2018:1944
    released 2018-06-19
    severity Moderate
    title RHSA-2018:1944: kernel-rt security update (Moderate)
  • rhsa
    id RHSA-2018:2164
  • rhsa
    id RHSA-2018:2165
rpms
  • kernel-0:3.10.0-862.3.3.el7
  • kernel-abi-whitelists-0:3.10.0-862.3.3.el7
  • kernel-bootwrapper-0:3.10.0-862.3.3.el7
  • kernel-debug-0:3.10.0-862.3.3.el7
  • kernel-debug-devel-0:3.10.0-862.3.3.el7
  • kernel-devel-0:3.10.0-862.3.3.el7
  • kernel-doc-0:3.10.0-862.3.3.el7
  • kernel-headers-0:3.10.0-862.3.3.el7
  • kernel-kdump-0:3.10.0-862.3.3.el7
  • kernel-kdump-devel-0:3.10.0-862.3.3.el7
  • kernel-tools-0:3.10.0-862.3.3.el7
  • kernel-tools-libs-0:3.10.0-862.3.3.el7
  • kernel-tools-libs-devel-0:3.10.0-862.3.3.el7
  • perf-0:3.10.0-862.3.3.el7
  • python-perf-0:3.10.0-862.3.3.el7
  • kernel-rt-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-debug-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-debug-devel-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-devel-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-doc-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-kvm-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-trace-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-trace-devel-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.3.3.rt56.809.el7
  • kernel-0:2.6.32-754.2.1.el6
  • kernel-abi-whitelists-0:2.6.32-754.2.1.el6
  • kernel-bootwrapper-0:2.6.32-754.2.1.el6
  • kernel-debug-0:2.6.32-754.2.1.el6
  • kernel-debug-devel-0:2.6.32-754.2.1.el6
  • kernel-devel-0:2.6.32-754.2.1.el6
  • kernel-doc-0:2.6.32-754.2.1.el6
  • kernel-firmware-0:2.6.32-754.2.1.el6
  • kernel-headers-0:2.6.32-754.2.1.el6
  • kernel-kdump-0:2.6.32-754.2.1.el6
  • kernel-kdump-devel-0:2.6.32-754.2.1.el6
  • perf-0:2.6.32-754.2.1.el6
  • python-perf-0:2.6.32-754.2.1.el6
refmap via4
bid 104460
confirm
debian DSA-4232
freebsd FreeBSD-SA-18:07
mlist
  • [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
  • [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
sectrack
  • 1041124
  • 1041125
ubuntu
  • USN-3696-1
  • USN-3696-2
  • USN-3698-1
  • USN-3698-2
the hacker news via4
id THN:8D2EBFFF49C28141AF4C4100C1A10301
last seen 2018-06-14
modified 2018-06-14
published 2018-06-14
reporter Mohit Kumar
source https://thehackernews.com/2018/06/intel-processor-vulnerability.html
title New 'Lazy FP State Restore' Vulnerability Found in All Modern Intel CPUs
Last major update 21-06-2018 - 16:29
Published 21-06-2018 - 16:29
Last modified 17-10-2018 - 06:30
Back to Top