It was found that arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandle certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests. An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1620557]
This was fixed for Fedora users with the 4.17.14-202 kernel update.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-15594