Bug 1519780 – CVE-2017-5715 hw: cpu: speculative execution branch target injection

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1519780 - (CVE-2017-5715) CVE-2017-5715 hw: cpu: speculative execution branch target injection

Summary:	CVE-2017-5715 hw: cpu: speculative execution branch target injection

Status:	CLOSED ERRATA

Aliases:	CVE-2017-5715

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20180103:2200...
Keywords:	Security

Depends On:	1526982 1532114 1476039 1519795 1519796 1519797 1519798 1525939 1525940 1525942 1525943 1525944 1525945 1525946 1525947 1525948 1525949 1526943 1526974 1526975 1526976 1526977 1526978 1526979 1526980 1526981 1526983 1526984 1526985 1526986 1526987 1526988 1526989 1526990 1526991 1526992 1526993 1526994 1526995 1526996 1527310 1527311 1527340 1527341 1527342 1527343 1527351 1527352 1527353 1527354 1527355 1527356 1527357 1527358 1527359 1527360 1527361 1527463 1527467 1527468 1527469 1527470 1527471 1527472 1527549 1527550 1527601 1527603 1527863 1527864 1527865 1527913 1527914 1527919 1527931 1527932 1528023 1528024 1528285 1528286 1528287 1528623 1529308 1529309 1529310 1529311 1530827 1532113 1532117 1532118 1532143 1532733 1532734 1533626 1533627 1537188 1538542 1542084 1542085
Blocks:	1516900
	Show dependency tree / graph

Reported:	2017-12-01 07:59 EST by Petr Matousek
Modified:	2018-09-04 10:10 EDT (History)
CC List:	134 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
Story Points:	---
Clone Of:	CVE-2017-5753
Clones:	CVE-2017-5754/Meltdown (view as bug list)
Environment:
Last Closed:	2018-05-28 10:00:02 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:0007	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 00:38:27 EST
Red Hat Product Errata	RHSA-2018:0008	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 00:41:22 EST
Red Hat Product Errata	RHSA-2018:0009	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 00:03:36 EST
Red Hat Product Errata	RHSA-2018:0010	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-03 23:16:37 EST
Red Hat Product Errata	RHSA-2018:0011	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 00:17:48 EST
Red Hat Product Errata	RHSA-2018:0012	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 00:45:38 EST
Red Hat Product Errata	RHSA-2018:0013	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 00:59:10 EST
Red Hat Product Errata	RHSA-2018:0014	normal	SHIPPED_LIVE	Important: linux-firmware security update	2018-01-04 05:00:02 EST
Red Hat Product Errata	RHSA-2018:0015	normal	SHIPPED_LIVE	Important: linux-firmware security update	2018-01-04 04:48:05 EST
Red Hat Product Errata	RHSA-2018:0016	normal	SHIPPED_LIVE	Important: kernel-rt security update	2018-01-04 05:49:20 EST
Red Hat Product Errata	RHSA-2018:0017	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 05:49:35 EST
Red Hat Product Errata	RHSA-2018:0018	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 13:06:10 EST
Red Hat Product Errata	RHSA-2018:0020	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 15:26:01 EST
Red Hat Product Errata	RHSA-2018:0021	normal	SHIPPED_LIVE	Important: kernel-rt security update	2018-01-04 16:50:09 EST
Red Hat Product Errata	RHSA-2018:0022	normal	SHIPPED_LIVE	Important: kernel security update	2018-01-04 17:04:18 EST
Red Hat Product Errata	RHSA-2018:0023	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-04 17:00:59 EST
Red Hat Product Errata	RHSA-2018:0024	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-04 17:08:02 EST
Red Hat Product Errata	RHSA-2018:0025	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-04 16:51:46 EST
Red Hat Product Errata	RHSA-2018:0026	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-04 17:03:53 EST
Red Hat Product Errata	RHSA-2018:0027	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-04 17:08:49 EST
Red Hat Product Errata	RHSA-2018:0028	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-04 16:52:32 EST
Red Hat Product Errata	RHSA-2018:0029	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-04 21:52:06 EST
Red Hat Product Errata	RHSA-2018:0030	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-04 18:32:26 EST
Red Hat Product Errata	RHSA-2018:0031	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-04 18:49:26 EST
Red Hat Product Errata	RHSA-2018:0032	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-04 18:28:40 EST
Red Hat Product Errata	RHSA-2018:0034	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 18:56:00 EST
Red Hat Product Errata	RHSA-2018:0035	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 18:52:50 EST
Red Hat Product Errata	RHSA-2018:0036	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 19:05:35 EST
Red Hat Product Errata	RHSA-2018:0037	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 19:01:56 EST
Red Hat Product Errata	RHSA-2018:0038	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 18:55:47 EST
Red Hat Product Errata	RHSA-2018:0039	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 18:53:35 EST
Red Hat Product Errata	RHSA-2018:0040	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-04 22:17:45 EST
Red Hat Product Errata	RHSA-2018:0044	normal	SHIPPED_LIVE	Important: redhat-virtualization-host security update	2018-01-05 15:51:31 EST
Red Hat Product Errata	RHSA-2018:0045	normal	SHIPPED_LIVE	Important: rhvm-appliance security update	2018-01-05 16:00:25 EST
Red Hat Product Errata	RHSA-2018:0046	normal	SHIPPED_LIVE	Important: rhev-hypervisor7 security update	2018-01-05 15:47:08 EST
Red Hat Product Errata	RHSA-2018:0047	normal	SHIPPED_LIVE	Important: redhat-virtualization-host security update	2018-01-05 15:47:34 EST
Red Hat Product Errata	RHSA-2018:0048	normal	SHIPPED_LIVE	Important: vdsm security update	2018-01-05 15:46:28 EST
Red Hat Product Errata	RHSA-2018:0049	normal	SHIPPED_LIVE	Important: ovirt-guest-agent-docker security and bug fix update	2018-01-05 15:50:02 EST
Red Hat Product Errata	RHSA-2018:0050	normal	SHIPPED_LIVE	Important: vdsm security update	2018-01-05 15:49:15 EST
Red Hat Product Errata	RHSA-2018:0051	normal	SHIPPED_LIVE	Important: rhevm-setup-plugins security, bug fix, and enhancement update	2018-01-05 15:57:16 EST
Red Hat Product Errata	RHSA-2018:0052	normal	SHIPPED_LIVE	Important: rhevm-setup-plugins security, bug fix, and enhancement update	2018-01-05 15:56:39 EST
Red Hat Product Errata	RHSA-2018:0053	normal	SHIPPED_LIVE	Important: linux-firmware security update	2018-01-05 17:16:50 EST
Red Hat Product Errata	RHSA-2018:0054	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security and bug fix update	2018-01-05 18:23:58 EST
Red Hat Product Errata	RHSA-2018:0055	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security and bug fix update	2018-01-05 18:23:44 EST
Red Hat Product Errata	RHSA-2018:0056	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-05 18:22:36 EST
Red Hat Product Errata	RHSA-2018:0057	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-05 18:23:30 EST
Red Hat Product Errata	RHSA-2018:0058	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-05 18:23:13 EST
Red Hat Product Errata	RHSA-2018:0059	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-01-05 18:22:54 EST
Red Hat Product Errata	RHSA-2018:0060	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security update	2018-02-16 01:00:00 EST
Red Hat Product Errata	RHSA-2018:0089	normal	SHIPPED_LIVE	Important: Red Hat CloudForms 4.1 security update	2018-01-15 21:34:27 EST
Red Hat Product Errata	RHSA-2018:0090	normal	SHIPPED_LIVE	Important: Red Hat CloudForms 4.2 security update	2018-01-15 21:35:02 EST
Red Hat Product Errata	RHSA-2018:0091	normal	SHIPPED_LIVE	Important: Red Hat CloudForms 4.5 security update	2018-01-15 21:35:36 EST
Red Hat Product Errata	RHSA-2018:0092	normal	SHIPPED_LIVE	Important: Red Hat CloudForms 4.0 security update	2018-01-16 20:58:35 EST
Red Hat Product Errata	RHSA-2018:0093	normal	SHIPPED_LIVE	Important: microcode_ctl security update	2018-01-16 22:25:57 EST
Red Hat Product Errata	RHSA-2018:0094	normal	SHIPPED_LIVE	Important: linux-firmware security update	2018-01-16 22:05:34 EST
Red Hat Product Errata	RHSA-2018:0103	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-22 10:31:40 EST
Red Hat Product Errata	RHSA-2018:0104	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-22 10:43:26 EST
Red Hat Product Errata	RHSA-2018:0105	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-22 10:30:36 EST
Red Hat Product Errata	RHSA-2018:0106	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-22 10:26:22 EST
Red Hat Product Errata	RHSA-2018:0107	normal	SHIPPED_LIVE	Important: qemu-kvm security update	2018-01-22 10:26:47 EST
Red Hat Product Errata	RHSA-2018:0108	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-22 10:46:35 EST
Red Hat Product Errata	RHSA-2018:0109	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-22 10:44:41 EST
Red Hat Product Errata	RHSA-2018:0110	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-22 10:43:02 EST
Red Hat Product Errata	RHSA-2018:0111	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-22 10:40:21 EST
Red Hat Product Errata	RHSA-2018:0112	normal	SHIPPED_LIVE	Important: libvirt security update	2018-01-22 10:39:57 EST
Red Hat Product Errata	RHSA-2018:0151	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2018-01-25 11:17:48 EST
Red Hat Product Errata	RHSA-2018:0182	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2018-01-25 11:59:45 EST
Red Hat Product Errata	RHSA-2018:0292	normal	SHIPPED_LIVE	Important: kernel security update	2018-02-09 12:57:26 EST
Red Hat Product Errata	RHSA-2018:0496	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2018-03-13 15:12:18 EDT
Red Hat Product Errata	RHSA-2018:0512	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2018-03-13 18:38:36 EDT
Red Hat Product Errata	RHSA-2018:0654	None	None	None	2018-04-10 01:08 EDT
Red Hat Product Errata	RHSA-2018:1196	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2018-04-23 12:59:43 EDT
Red Hat Product Errata	RHSA-2018:1252	None	None	None	2018-04-25 16:37 EDT
Red Hat Product Errata	RHSA-2018:1967	None	None	None	2018-06-26 11:41 EDT

Groups: None (edit)

Description Petr Matousek 2017-12-01 07:59:35 EST

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

Comment 22 Petr Matousek 2018-01-03 14:29:05 EST

Acknowledgments:

Name: Google Project Zero

Comment 23 Petr Matousek 2018-01-03 14:29:14 EST

Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Comment 25 Petr Matousek 2018-01-03 17:55:08 EST

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1530827]

Comment 26 Petr Matousek 2018-01-03 18:10:50 EST

External References:

https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://spectreattack.com/
https://meltdownattack.com

Comment 27 errata-xmlrpc 2018-01-03 18:17:29 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0010 https://access.redhat.com/errata/RHSA-2018:0010

Comment 28 errata-xmlrpc 2018-01-03 19:04:23 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0009 https://access.redhat.com/errata/RHSA-2018:0009

Comment 29 errata-xmlrpc 2018-01-03 19:18:39 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:0011 https://access.redhat.com/errata/RHSA-2018:0011

Comment 30 errata-xmlrpc 2018-01-03 19:40:04 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0007 https://access.redhat.com/errata/RHSA-2018:0007

Comment 31 errata-xmlrpc 2018-01-03 19:44:23 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0008 https://access.redhat.com/errata/RHSA-2018:0008

Comment 32 errata-xmlrpc 2018-01-03 19:46:29 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0012 https://access.redhat.com/errata/RHSA-2018:0012

Comment 33 errata-xmlrpc 2018-01-03 19:59:40 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0013 https://access.redhat.com/errata/RHSA-2018:0013

Comment 34 errata-xmlrpc 2018-01-03 23:48:28 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0015 https://access.redhat.com/errata/RHSA-2018:0015

Comment 35 errata-xmlrpc 2018-01-04 00:00:33 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0014 https://access.redhat.com/errata/RHSA-2018:0014

Comment 36 errata-xmlrpc 2018-01-04 00:50:25 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0016 https://access.redhat.com/errata/RHSA-2018:0016

Comment 37 errata-xmlrpc 2018-01-04 00:52:33 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0017 https://access.redhat.com/errata/RHSA-2018:0017

Comment 38 errata-xmlrpc 2018-01-04 08:07:02 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2018:0018 https://access.redhat.com/errata/RHSA-2018:0018

Comment 39 errata-xmlrpc 2018-01-04 11:53:19 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support

Via RHSA-2018:0020 https://access.redhat.com/errata/RHSA-2018:0020

Comment 40 errata-xmlrpc 2018-01-04 11:56:27 EST

This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:0021 https://access.redhat.com/errata/RHSA-2018:0021

Comment 41 errata-xmlrpc 2018-01-04 11:58:11 EST

This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2018:0025 https://access.redhat.com/errata/RHSA-2018:0025

Comment 42 errata-xmlrpc 2018-01-04 11:59:37 EST

This issue has been addressed in the following products:

  RHEV 3.X Hypervisor and Agents for RHEL-7 ELS

Via RHSA-2018:0028 https://access.redhat.com/errata/RHSA-2018:0028

Comment 43 errata-xmlrpc 2018-01-04 12:02:22 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0023 https://access.redhat.com/errata/RHSA-2018:0023

Comment 44 errata-xmlrpc 2018-01-04 12:04:45 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0026 https://access.redhat.com/errata/RHSA-2018:0026

Comment 45 errata-xmlrpc 2018-01-04 12:06:39 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2018:0022 https://access.redhat.com/errata/RHSA-2018:0022

Comment 46 errata-xmlrpc 2018-01-04 12:09:05 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0024 https://access.redhat.com/errata/RHSA-2018:0024

Comment 47 errata-xmlrpc 2018-01-04 12:10:32 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0027 https://access.redhat.com/errata/RHSA-2018:0027

Comment 48 errata-xmlrpc 2018-01-04 13:29:34 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0032 https://access.redhat.com/errata/RHSA-2018:0032

Comment 49 errata-xmlrpc 2018-01-04 13:32:46 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0030 https://access.redhat.com/errata/RHSA-2018:0030

Comment 50 errata-xmlrpc 2018-01-04 13:49:56 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0031 https://access.redhat.com/errata/RHSA-2018:0031

Comment 51 errata-xmlrpc 2018-01-04 13:54:20 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0035 https://access.redhat.com/errata/RHSA-2018:0035

Comment 52 errata-xmlrpc 2018-01-04 13:57:04 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support

Via RHSA-2018:0039 https://access.redhat.com/errata/RHSA-2018:0039

Comment 53 errata-xmlrpc 2018-01-04 14:00:30 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2018:0038 https://access.redhat.com/errata/RHSA-2018:0038

Comment 54 errata-xmlrpc 2018-01-04 14:02:37 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0034 https://access.redhat.com/errata/RHSA-2018:0034

Comment 55 errata-xmlrpc 2018-01-04 14:03:58 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0037 https://access.redhat.com/errata/RHSA-2018:0037

Comment 56 errata-xmlrpc 2018-01-04 14:06:16 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:0036 https://access.redhat.com/errata/RHSA-2018:0036

Comment 57 errata-xmlrpc 2018-01-04 16:52:30 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029

Comment 58 errata-xmlrpc 2018-01-04 17:18:03 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2018:0040 https://access.redhat.com/errata/RHSA-2018:0040

Comment 60 errata-xmlrpc 2018-01-05 10:47:52 EST

This issue has been addressed in the following products:

  RHEV 3.X Hypervisor and Agents for RHEL-7 ELS

Via RHSA-2018:0048 https://access.redhat.com/errata/RHSA-2018:0048

Comment 61 errata-xmlrpc 2018-01-05 10:50:15 EST

This issue has been addressed in the following products:

  RHEV 3.X Hypervisor and Agents for RHEL-6
  RHEV 3.X Hypervisor and Agents for RHEL-7 ELS

Via RHSA-2018:0046 https://access.redhat.com/errata/RHSA-2018:0046

Comment 62 errata-xmlrpc 2018-01-05 10:53:03 EST

This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2018:0047 https://access.redhat.com/errata/RHSA-2018:0047

Comment 63 errata-xmlrpc 2018-01-05 10:54:54 EST

This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2018:0050 https://access.redhat.com/errata/RHSA-2018:0050

Comment 64 errata-xmlrpc 2018-01-05 10:58:26 EST

This issue has been addressed in the following products:

  RHEV 3.X Hypervisor and Agents for RHEL-7

Via RHSA-2018:0044 https://access.redhat.com/errata/RHSA-2018:0044

Comment 65 errata-xmlrpc 2018-01-05 11:02:27 EST

This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2018:0049 https://access.redhat.com/errata/RHSA-2018:0049

Comment 66 errata-xmlrpc 2018-01-05 11:03:58 EST

This issue has been addressed in the following products:

  RHEV Manager version 3.6

Via RHSA-2018:0052 https://access.redhat.com/errata/RHSA-2018:0052

Comment 67 errata-xmlrpc 2018-01-05 11:05:26 EST

This issue has been addressed in the following products:

  RHEV Engine version 4.1

Via RHSA-2018:0051 https://access.redhat.com/errata/RHSA-2018:0051

Comment 68 errata-xmlrpc 2018-01-05 11:07:13 EST

This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2018:0045 https://access.redhat.com/errata/RHSA-2018:0045

Comment 69 errata-xmlrpc 2018-01-05 12:17:35 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0053 https://access.redhat.com/errata/RHSA-2018:0053

Comment 70 errata-xmlrpc 2018-01-05 13:25:12 EST

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2018:0056 https://access.redhat.com/errata/RHSA-2018:0056

Comment 71 errata-xmlrpc 2018-01-05 13:26:32 EST

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 (Ocata)

Via RHSA-2018:0059 https://access.redhat.com/errata/RHSA-2018:0059

Comment 72 errata-xmlrpc 2018-01-05 13:27:47 EST

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2018:0058 https://access.redhat.com/errata/RHSA-2018:0058

Comment 73 errata-xmlrpc 2018-01-05 13:29:03 EST

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2018:0057 https://access.redhat.com/errata/RHSA-2018:0057

Comment 74 errata-xmlrpc 2018-01-05 13:30:19 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2018:0055 https://access.redhat.com/errata/RHSA-2018:0055

Comment 75 errata-xmlrpc 2018-01-05 13:31:33 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2018:0054 https://access.redhat.com/errata/RHSA-2018:0054

Comment 76 errata-xmlrpc 2018-01-05 13:32:56 EST

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 12.0 (Pike)

Via RHSA-2018:0060 https://access.redhat.com/errata/RHSA-2018:0060

Comment 80 Sam Fowler 2018-01-08 02:19:31 EST

Added affects for arm-trusted-firmware based on this advisory:

https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6

Comment 81 Sam Fowler 2018-01-08 02:21:09 EST

Created arm-trusted-firmware tracking bugs for this issue:

Affects: fedora-all [bug 1532143]

Comment 83 Jordy Zomer 2018-01-09 07:18:27 EST

According to https://access.redhat.com/errata/RHSA-2018:0012 this should be fixed on RHEL7 when upgrading microcode_ctl to microcode_ctl-2.1-22.2.el7.x86_64.

This can be mitigated by doing the following:

*   Hardware (CPU microcode) support for mitigation
*   Kernel support for IBRS
*   IBRS enabled for Kernel space
*   IBRS enabled for User space

When I check this, it does have Hardware (CPU microcode) support for mitigation and Kernel support for IBRS. 

Yet IBRS is still not enabled for kernel or user space by default.

Which means you remain vulnerable to the attack.

I validated the above through:

[root@vds-jordyzomer ~]# cat /sys/kernel/debug/x86/ibrs_enabled
0

This variable needs to be set to 2 for the patch to take effect.

Comment 84 Ugo Bellavance 2018-01-09 10:48:05 EST

On my systems, I get a 1 in this file:

# cat /sys/kernel/debug/x86/ibrs_enabled
1

It passes the test found here: https://github.com/speed47/spectre-meltdown-checker

Are you running on bare metal? I get a 0 on virtualized guests (VMware)

Comment 85 vvm7ua 2018-01-09 10:55:28 EST

On my dedicated server(SuperMicro MB X11SSL-F,  Intel(R) Xeon(R) CPU E3-1270 v5 @ 3.60GHz, OS CentOS 7 )
# cat /sys/kernel/debug/x86/ibrs_enabled
0
# cat /var/log/yum.log|grep "kernel\|micro"
Jan 09 10:42:56 Updated: kernel-tools-libs-3.10.0-693.11.6.el7.x86_64
Jan 09 10:43:07 Installed: kernel-3.10.0-693.11.6.el7.x86_64
Jan 09 10:43:18 Updated: kernel-tools-3.10.0-693.11.6.el7.x86_64
Jan 09 10:43:23 Updated: 2:microcode_ctl-2.1-22.2.el7.x86_64
#

Comment 86 Jordy Zomer 2018-01-09 11:00:29 EST

It is indeed a virtualized guest. I believe it appears the Processors are too old. I believe there's no patch available yet for older hardware. Only newer processors.

@vvm7ua Your processor is from 2015. The defaults for older processors are:

pti - 1
ibpb - 0
ibrs - 0 

Looks like we will have to wait :)

Comment 87 Klaas Demter 2018-01-09 11:27:11 EST

The microcode update microcode_ctl-2.1-22.2.el7.x86_64 only includes updates for certain cpus, what you need is a bios update by your server vendor or a microcode update for your cpu.

If the microcode/bios update is working your cpu will show show with new flags in lscpu: spec_ctrl and ibpb_support
if those are in place ibpb and ibrs default to 1 on boot. (see https://access.redhat.com/articles/3311301).

Comment 91 Robin 2018-01-13 05:37:44 EST

Hi,
Can I know where the fix for libvirt is as I can't find it in libvirt's upstream or maillist?
Thanks!

Comment 92 Ugo Bellavance 2018-01-14 20:46:54 EST

Did you check https://access.redhat.com/security/vulnerabilities/speculativeexecution, resolve tab?

Comment 93 Jiri Denemark 2018-01-15 04:04:14 EST

(In reply to Robin from comment #91)
> Can I know where the fix for libvirt is as I can't find it in libvirt's
> upstream or maillist?

https://www.redhat.com/archives/libvir-list/2018-January/msg00282.html

Comment 94 Robin 2018-01-15 04:34:07 EST

(In reply to Jiri Denemark from comment #93)
> (In reply to Robin from comment #91)
> > Can I know where the fix for libvirt is as I can't find it in libvirt's
> > upstream or maillist?
> 
> https://www.redhat.com/archives/libvir-list/2018-January/msg00282.html

Thanks a lot Jiri! The code is really helpful which is what I want!

Comment 95 errata-xmlrpc 2018-01-15 16:36:41 EST

This issue has been addressed in the following products:

  CloudForms Management Engine 4.1

Via RHSA-2018:0089 https://access.redhat.com/errata/RHSA-2018:0089

Comment 96 errata-xmlrpc 2018-01-15 16:39:39 EST

This issue has been addressed in the following products:

  CloudForms Management Engine 4.2

Via RHSA-2018:0090 https://access.redhat.com/errata/RHSA-2018:0090

Comment 97 errata-xmlrpc 2018-01-15 16:43:02 EST

This issue has been addressed in the following products:

  CloudForms Management Engine 4.5

Via RHSA-2018:0091 https://access.redhat.com/errata/RHSA-2018:0091

Comment 98 errata-xmlrpc 2018-01-16 15:59:44 EST

This issue has been addressed in the following products:

  CloudForms Management Engine 5.5

Via RHSA-2018:0092 https://access.redhat.com/errata/RHSA-2018:0092

Comment 99 errata-xmlrpc 2018-01-16 17:06:29 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0094 https://access.redhat.com/errata/RHSA-2018:0094

Comment 100 errata-xmlrpc 2018-01-16 17:27:02 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support
  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Extended Update Support
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2018:0093 https://access.redhat.com/errata/RHSA-2018:0093

Comment 101 errata-xmlrpc 2018-01-22 05:27:16 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2018:0106 https://access.redhat.com/errata/RHSA-2018:0106

Comment 102 errata-xmlrpc 2018-01-22 05:28:06 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support

Via RHSA-2018:0107 https://access.redhat.com/errata/RHSA-2018:0107

Comment 103 errata-xmlrpc 2018-01-22 05:32:21 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2018:0105 https://access.redhat.com/errata/RHSA-2018:0105

Comment 104 errata-xmlrpc 2018-01-22 05:33:19 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:0103 https://access.redhat.com/errata/RHSA-2018:0103

Comment 105 errata-xmlrpc 2018-01-22 05:40:49 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support

Via RHSA-2018:0112 https://access.redhat.com/errata/RHSA-2018:0112

Comment 106 errata-xmlrpc 2018-01-22 05:41:39 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2018:0111 https://access.redhat.com/errata/RHSA-2018:0111

Comment 107 errata-xmlrpc 2018-01-22 05:43:59 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2018:0110 https://access.redhat.com/errata/RHSA-2018:0110

Comment 108 errata-xmlrpc 2018-01-22 05:45:05 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0104 https://access.redhat.com/errata/RHSA-2018:0104

Comment 109 errata-xmlrpc 2018-01-22 05:45:51 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0109 https://access.redhat.com/errata/RHSA-2018:0109

Comment 110 errata-xmlrpc 2018-01-22 05:49:43 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:0108 https://access.redhat.com/errata/RHSA-2018:0108

Comment 111 errata-xmlrpc 2018-01-25 06:27:54 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151

Comment 112 errata-xmlrpc 2018-01-25 07:01:04 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:0182 https://access.redhat.com/errata/RHSA-2018:0182

Comment 114 errata-xmlrpc 2018-02-09 07:57:24 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292

Comment 115 errata-xmlrpc 2018-03-13 10:46:05 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:0496 https://access.redhat.com/errata/RHSA-2018:0496

Comment 116 errata-xmlrpc 2018-03-13 14:25:06 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0512 https://access.redhat.com/errata/RHSA-2018:0512

Comment 117 errata-xmlrpc 2018-04-10 01:08:12 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0654

Comment 118 errata-xmlrpc 2018-04-23 08:58:49 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2018:1196 https://access.redhat.com/errata/RHSA-2018:1196

Comment 120 errata-xmlrpc 2018-04-25 16:37:03 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2018:1252 https://access.redhat.com/errata/RHSA-2018:1252

Comment 124 errata-xmlrpc 2018-06-26 11:41:03 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1967 https://access.redhat.com/errata/RHSA-2018:1967

Note You need to log in before you can comment on or make changes to this bug.

admin
airlied
ajax
apevec
apmukher
aquini
areis
berrange
bhu
blc
bmcclain
bskeggs
ccui
chrisw
cperry
crobinso
cvsbot-xmlrpc
cye
danken
dblechte
dfediuck
dhoward
dominik.mierzejewski
dougsland
dracut-maint-list
dvlasenk
eblake
eedri
esammons
ewk
fadamo
fhrbata
gklein
gmollett
hannsj_uhl
haoqf
hdegoede
herrold
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jbastian
jdenemar
jen
jforbes
jglisse
jjoyce
jkacur
jkastner
joe
john.j5live
jonathan
jon.dufresne
jonte.regnell
josef
jpriddy
jross
jrusnack
jschluet
jstancek
jsuchane
jwboyer
kbasil
kernel-maint
kernel-mgr
klaas
knoel
kraxel
labbott
lersek
lgoncalv
lhh
libvirt-maint
linville
liwan
lpeer
lsurette
lwang
markmc
matt
mburns
mchehab
mcressma
mgoldboi
mguzik
michal.skrivanek
mjg59
mkenneth
mlangsdo
mmilgram
mpoole
mrezanin
mst
nmurray
pbonzini
pbrobinson
pkrempa
plougher
pmatouse
poros
ppandit
pstehlik
qguo
rbalakri
rbarry
rbryant
rcain
rvrbovsk
sbonazzo
sclewis
security-response-team
sherold
skozina
slawomir
slinaber
srevivo
steved
tdecacqu
ubellavance
vcojot
victor.melnichenko
virt-maint
wainersm
williams
ycui
ykaul
ykopkova
ylavi
yozone
yturgema
zhijwang