An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). This flaw is a variant on the previous "speculative execution" attack vectors. A spectre-v1 like side-channel was found on the kernels implementation of system calls where a local user could use branch misprediction to create an observable timing changes which can inadvertently reveal private data. Note: This flaw affects both Intel x86-64 and AMD Microprocessors. Other non x86 architectures do not have this attack vector available. Red Hat product security is not aware of a method that an attacker can use this method of attack directly, fixing this flaw as part of the larger speculative execution issues reduces this attack vector if one becomes known. After installing the updated kernel package, the system will need to be rebooted for the changes to take effect. Upstream patch set: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2059825986a1c8143fd6698774fa9d83733bb11
Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821
Mitigation: For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1738285]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2405
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1125
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2411 https://access.redhat.com/errata/RHSA-2019:2411
Public Via: Whitepaper [1] by BitDefender and Article [2] by Intel [1] https://businessresources.bitdefender.com/speculatively-executing-segmentation-related-instructions-intel-cpus?utm_campaign=swapgs&utm_source=web [2] https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:2476 https://access.redhat.com/errata/RHSA-2019:2476
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2609
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:2695 https://access.redhat.com/errata/RHSA-2019:2695
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2696
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2730
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2899
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2900
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:2975
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:3011 https://access.redhat.com/errata/RHSA-2019:3011
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220
OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects.