- Home
- CVEs with nessus.description==According+to+the+versions+of+the+parallels-server-bm-release+%2F+vzkernel+%2F+etc+packages+installed%2C+the+Virtuozzo+installation+on+the+remote+host+is+affected+by+the+following+vulnerabilities+%3A%0A%0A++-+%5Bx86+AMD%5D+An+industry-wide+issue+was+found+in+the+way+++++many+modern+microprocessor+designs+have+implemented+++++speculative+execution+of+Load+%26+Store+instructions+%28a+++++commonly+used+performance+optimization%29.+It+relies+on+++++the+presence+of+a+precisely-defined+instruction+++++sequence+in+the+privileged+code+as+well+as+the+fact+++++that+memory+read+from+address+to+which+a+recent+memory+++++write+has+occurred+may+see+an+older+value+and+++++subsequently+cause+an+update+into+the+microprocessor%27s+++++data+cache+even+for+speculatively+executed+instructions+++++that+never+actually+commit+%28retire%29.+As+a+result%2C+an+++++unprivileged+attacker+could+use+this+flaw+to+read+++++privileged+memory+by+conducting+targeted+cache+++++side-channel+attacks.%0A%0A++-+By+mmap%28%29ing+a+FUSE-backed+file+onto+a+process%27s+memory+++++containing+command+line+arguments+%28or+environment+++++strings%29%2C+an+attacker+can+cause+utilities+from+psutils+++++or+procps+%28such+as+ps%2C+w%29+or+any+other+program+which+++++makes+a+read%28%29+call+to+the+%2Fproc%2F%3Cpid%3E%2Fcmdline+%28or+++++%2Fproc%2F%3Cpid%3E%2Fenviron%29+files+to+block+indefinitely+++++%28denial+of+service%29+or+for+some+controlled+time+%28as+a+++++synchronization+primitive+for+other+attacks%29.%0A%0A++-+A+Floating+Point+Unit+%28FPU%29+state+information+leakage+++++flaw+was+found+in+the+way+the+Linux+kernel+saved+and+++++restored+the+FPU+state+during+task+switch.+Linux+++++kernels+that+follow+the+%27Lazy+FPU+Restore%27+scheme+are+++++vulnerable+to+the+FPU+state+information+leakage+issue.%0A++++An+unprivileged+local+attacker+could+use+this+flaw+to+++++read+FPU+state+bits+by+conducting+targeted+cache+++++side-channel+attacks%2C+similar+to+the+Meltdown+++++vulnerability+disclosed+earlier+this+year.%0A%0A++-+A+flaw+was+found+in+the+way+the+Linux+kernel+handled+++++exceptions+delivered+after+a+stack+switch+operation+via+++++Mov+SS+or+Pop+SS+instructions.+During+the+stack+switch+++++operation%2C+processor+does+not+deliver+interrupts+and+++++exceptions%2C+they+are+delivered+once+the+first+++++instruction+after+the+stack+switch+is+executed.+An+++++unprivileged+system+user+could+use+this+flaw+to+crash+++++the+system+kernel+resulting+in+DoS.+This+CVE-2018-10872+++++was+assigned+due+to+regression+of+CVE-2018-8897.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Virtuozzo+security+advisory.%0ATenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top