Bug 1585005 (CVE-2018-3620, CVE-2018-3646)
Summary: | CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aarcange, abhgupta, airlied, aquini, bhu, bskeggs, cperry, crecklin, crrobins, dbaker, dfediuck, dhoward, dvlasenk, esammons, ewk, fhrbata, hannsj_uhl, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jbastian, jcm, jen, jforbes, jglisse, jkacur, john.j5live, jokerman, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, lilu, linville, matt, mchehab, mcressma, mjg59, mvanderw, nmurray, plougher, pmatouse, rbarry, rcain, rt-maint, rvrbovsk, security-response-team, skontar, skozina, slawomir, steved, sthangav, trankin, williams, yjog, ykopkova, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-09-07 07:24:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1593373, 1593374, 1593375, 1593376, 1593377, 1593378, 1593379, 1593380, 1593381, 1593382, 1593383, 1593384, 1593385, 1593386, 1593387, 1593388, 1593389, 1593390, 1615998, 1616046 | ||
Bug Blocks: | 1581205, 1593291, 1593292, 1593293, 1593294 |
Description
Prasad Pandit
2018-06-01 06:40:12 UTC
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue. Acknowledgments: Name: Intel OSSIRT (Intel.com) External References: https://access.redhat.com/security/vulnerabilities/L1TF https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow https://foreshadowattack.eu/ https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault https://access.redhat.com/articles/3562741 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1615998] This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2018:2388 https://access.redhat.com/errata/RHSA-2018:2388 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2387 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Via RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2392 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2396 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2394 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2393 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2018:2389 https://access.redhat.com/errata/RHSA-2018:2389 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2391 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2403 https://access.redhat.com/errata/RHSA-2018:2403 This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-6 RHEV 3.X Hypervisor and Agents for RHEL-7 ELS Via RHSA-2018:2404 https://access.redhat.com/errata/RHSA-2018:2404 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2402 https://access.redhat.com/errata/RHSA-2018:2402 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2018:2602 https://access.redhat.com/errata/RHSA-2018:2602 This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 Long Life Via RHSA-2018:2603 https://access.redhat.com/errata/RHSA-2018:2603 |