- Home
- CVEs with nessus.description==An+update+for+redhat-virtualization-host+is+now+available+for+RHEV+3.X+Hypervisor+and+Agents+Extended+Lifecycle+Support+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+ovirt-node-ng+packages+provide+the+Red+Hat+Virtualization+Host.%0AThese+packages+include+redhat-release-virtualization-host%2C+ovirt-node%2C+and+rhev-hypervisor.+Red+Hat+Virtualization+Hosts+%28RHVH%29+are+installed+using+a+special+build+of+Red+Hat+Enterprise+Linux+with+only+the+packages+required+to+host+virtual+machines.+RHVH+features+a+Cockpit+user+interface+for+monitoring+the+host%27s+resources+and+performing+administrative+tasks.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+An+industry-wide+issue+was+found+in+the+way+many+modern+microprocessor+designs+have+implemented+speculative+execution+of+Load+%26+Store+instructions+%28a+commonly+used+performance+optimization%29.+It+relies+on+the+presence+of+a+precisely-defined+instruction+sequence+in+the+privileged+code+as+well+as+the+fact+that+memory+read+from+address+to+which+a+recent+memory+write+has+occurred+may+see+an+older+value+and+subsequently+cause+an+update+into+the+microprocessor%27s+data+cache+even+for+speculatively+executed+instructions+that+never+actually+commit+%28retire%29.+As+a+result%2C+an+unprivileged+attacker+could+use+this+flaw+to+read+privileged+memory+by+conducting+targeted+cache+side-channel+attacks.+%28CVE-2018-3639%29%0A%0ANote%3A+This+is+the+redhat-virtualization-host+side+of+the+CVE-2018-3639+mitigation.%0A%0ARed+Hat+would+like+to+thank+Ken+Johnson+%28Microsoft+Security+Response+Center%29+and+Jann+Horn+%28Google+Project+Zero%29+for+reporting+this+issue
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top