Bug 1585005 – CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1585005 - (CVE-2018-3620, CVE-2018-3646) CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

Summary:	CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

Status:	CLOSED ERRATA

Aliases:	CVE-2018-3620, CVE-2018-3646

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20180814:1700...
Keywords:	Security

Depends On:	1616046 1593373 1593374 1593375 1593376 1593377 1593378 1593379 1593380 1593381 1593382 1593383 1593384 1593385 1593386 1593387 1593388 1593389 1593390 1615998
Blocks:	1581205 1593291 1593292 1593293 1593294
	Show dependency tree / graph

Reported:	2018-06-01 02:40 EDT by Prasad J Pandit
Modified:	2018-09-20 03:48 EDT (History)
CC List:	67 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-09-07 03:24:56 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2384	None	None	None	2018-08-14 14:45 EDT
Red Hat Product Errata	RHSA-2018:2387	None	None	None	2018-08-14 16:15 EDT
Red Hat Product Errata	RHSA-2018:2388	None	None	None	2018-08-14 16:06 EDT
Red Hat Product Errata	RHSA-2018:2389	None	None	None	2018-08-14 16:23 EDT
Red Hat Product Errata	RHSA-2018:2390	None	None	None	2018-08-14 14:26 EDT
Red Hat Product Errata	RHSA-2018:2391	None	None	None	2018-08-14 16:31 EDT
Red Hat Product Errata	RHSA-2018:2392	None	None	None	2018-08-14 16:17 EDT
Red Hat Product Errata	RHSA-2018:2393	None	None	None	2018-08-14 16:20 EDT
Red Hat Product Errata	RHSA-2018:2394	None	None	None	2018-08-14 16:19 EDT
Red Hat Product Errata	RHSA-2018:2395	None	None	None	2018-08-14 16:24 EDT
Red Hat Product Errata	RHSA-2018:2396	None	None	None	2018-08-14 16:18 EDT
Red Hat Product Errata	RHSA-2018:2402	None	None	None	2018-08-16 01:21 EDT
Red Hat Product Errata	RHSA-2018:2403	None	None	None	2018-08-15 06:20 EDT
Red Hat Product Errata	RHSA-2018:2404	None	None	None	2018-08-15 11:25 EDT
Red Hat Product Errata	RHSA-2018:2602	None	None	None	2018-08-29 14:29 EDT
Red Hat Product Errata	RHSA-2018:2603	None	None	None	2018-08-29 14:29 EDT

Groups: None (edit)

Description Prasad J Pandit 2018-06-01 02:40:12 EDT

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation.

The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process.

As a result, an unprivileged attacker could use this flaw to read privileged
memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

CVE-2018-3620: for attack vector against the operating system (Kernel)
CVE-2018-3646: for attack vector against virtualization hypervisor (KVM)

Upstream patches:
-----------------
  -> https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d

Comment 3 Prasad J Pandit 2018-06-27 09:08:12 EDT

Statement:

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.

Comment 4 Prasad J Pandit 2018-07-24 14:29:43 EDT

Acknowledgments:

Name: Intel OSSIRT (Intel.com)

Comment 5 Prasad J Pandit 2018-07-31 06:03:12 EDT

External References:

https://access.redhat.com/security/vulnerabilities/L1TF
https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know
https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow
https://foreshadowattack.eu/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://access.redhat.com/articles/3562741

Comment 7 Prasad J Pandit 2018-08-14 13:04:22 EDT

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1615998]

Comment 8 errata-xmlrpc 2018-08-14 14:26:05 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390

Comment 9 errata-xmlrpc 2018-08-14 14:44:59 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384

Comment 11 errata-xmlrpc 2018-08-14 16:06:29 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:2388 https://access.redhat.com/errata/RHSA-2018:2388

Comment 12 errata-xmlrpc 2018-08-14 16:15:17 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2387

Comment 13 errata-xmlrpc 2018-08-14 16:16:39 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2392

Comment 14 errata-xmlrpc 2018-08-14 16:18:01 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2396

Comment 15 errata-xmlrpc 2018-08-14 16:19:22 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2394

Comment 16 errata-xmlrpc 2018-08-14 16:20:00 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2393

Comment 17 errata-xmlrpc 2018-08-14 16:22:58 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:2389 https://access.redhat.com/errata/RHSA-2018:2389

Comment 18 errata-xmlrpc 2018-08-14 16:24:28 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395

Comment 19 errata-xmlrpc 2018-08-14 16:31:21 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2391

Comment 20 errata-xmlrpc 2018-08-15 06:20:15 EDT

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2018:2403 https://access.redhat.com/errata/RHSA-2018:2403

Comment 21 errata-xmlrpc 2018-08-15 11:24:56 EDT

This issue has been addressed in the following products:

  RHEV 3.X Hypervisor and Agents for RHEL-6
  RHEV 3.X Hypervisor and Agents for RHEL-7 ELS

Via RHSA-2018:2404 https://access.redhat.com/errata/RHSA-2018:2404

Comment 22 errata-xmlrpc 2018-08-16 01:20:48 EDT

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2018:2402 https://access.redhat.com/errata/RHSA-2018:2402

Comment 23 errata-xmlrpc 2018-08-29 14:28:49 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2018:2602 https://access.redhat.com/errata/RHSA-2018:2602

Comment 24 errata-xmlrpc 2018-08-29 14:29:33 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2018:2603 https://access.redhat.com/errata/RHSA-2018:2603

Note You need to log in before you can comment on or make changes to this bug.

aarcange
abhgupta
airlied
aquini
bhu
bskeggs
cperry
crecklin
crrobins
dbaker
dfediuck
dhoward
dvlasenk
esammons
ewk
fhrbata
gklein
hannsj_uhl
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jbastian
jcm
jen
jforbes
jglisse
jkacur
john.j5live
jokerman
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
lilu
linville
matt
mchehab
mcressma
mjg59
mvanderw
nmurray
plougher
pmatouse
rbarry
rcain
rt-maint
rvrbovsk
security-response-team
skontar
skozina
slawomir
steved
sthangav
trankin
williams
yjog
ykopkova
yozone