- Home
- CVEs with nessus.description==An+update+for+rhev-hypervisor7+is+now+available+for+RHEV+3.X+Hypervisor+and+Agents+Extended+Lifecycle+Support+for+Red+Hat+Enterprise+Linux+6+and+RHEV+3.X+Hypervisor+and+Agents+Extended+Lifecycle+Support+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+rhev-hypervisor7+package+provides+a+Red+Hat+Enterprise+Virtualization+Hypervisor+ISO+disk+image.+The+Red+Hat+Enterprise+Virtualization+Hypervisor+is+a+dedicated+Kernel-based+Virtual+Machine+%28KVM%29+hypervisor.+It+includes+everything+necessary+to+run+and+manage+virtual+machines%3A+A+subset+of+the+Red+Hat+Enterprise+Linux+operating+environment+and+the+Red+Hat+Enterprise+Virtualization+Agent.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+An+industry-wide+issue+was+found+in+the+way+many+modern+microprocessor+designs+have+implemented+speculative+execution+of+Load+%26+Store+instructions+%28a+commonly+used+performance+optimization%29.+It+relies+on+the+presence+of+a+precisely-defined+instruction+sequence+in+the+privileged+code+as+well+as+the+fact+that+memory+read+from+address+to+which+a+recent+memory+write+has+occurred+may+see+an+older+value+and+subsequently+cause+an+update+into+the+microprocessor%27s+data+cache+even+for+speculatively+executed+instructions+that+never+actually+commit+%28retire%29.+As+a+result%2C+an+unprivileged+attacker+could+use+this+flaw+to+read+privileged+memory+by+conducting+targeted+cache+side-channel+attacks.+%28CVE-2018-3639%29%0A%0ANote%3A+This+is+the+rhev-hypervisor7+side+of+the+CVE-2018-3639+mitigation.%0A%0ARed+Hat+would+like+to+thank+Ken+Johnson+%28Microsoft+Security+Response+Center%29+and+Jann+Horn+%28Google+Project+Zero%29+for+reporting+this+issue
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top