csaf_redhat - rhsa-2018

rhsa-2018_1696

Vulnerability from csaf_redhat

Published

2018-05-23 08:29

Modified

2024-11-05 20:36

Summary

Red Hat Security Advisory: redhat-virtualization-host security update

Notes

Topic

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the redhat-virtualization-host side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the redhat-virtualization-host side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1696",
        "url": "https://access.redhat.com/errata/RHSA-2018:1696"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "category": "external",
        "summary": "1566890",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1696.json"
      }
    ],
    "title": "Red Hat Security Advisory: redhat-virtualization-host security update",
    "tracking": {
      "current_release_date": "2024-11-05T20:36:04+00:00",
      "generator": {
        "date": "2024-11-05T20:36:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2018:1696",
      "initial_release_date": "2018-05-23T08:29:16+00:00",
      "revision_history": [
        {
          "date": "2018-05-23T08:29:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-05-23T08:29:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T20:36:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                "product": {
                  "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                  "product_id": "7Server-RHEV-4-Hypervisor-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
                "product": {
                  "name": "redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
                  "product_id": "redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20180518.2.el7_5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch",
                "product": {
                  "name": "redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch",
                  "product_id": "redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20180518.2.el7_5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-0:4.2-20180518.2.el7_5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180518.2.el7_5.src"
        },
        "product_reference": "redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch"
        },
        "product_reference": "redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        },
        {
          "names": [
            "Ken Johnson"
          ],
          "organization": "Microsoft Security Response Center"
        }
      ],
      "cve": "CVE-2018-3639",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1566890"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: cpu: speculative store bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
          "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "RHBZ#1566890",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
          "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        }
      ],
      "release_date": "2018-05-21T21:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-23T08:29:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1696"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180518.2.el7_5.src",
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: cpu: speculative store bypass"
    }
  ]
}

cve-2018-3639

Vulnerability from cvelistv5

Published

2018-05-22 12:00

Modified

2024-09-16 22:55

Severity ?

Summary

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2018:1689	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2162	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1641	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3680-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1997	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1665	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3407	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2164	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2001	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3423	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2003	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1645	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1643	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1652	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3424	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3402	vendor-advisory, x_refsource_REDHAT
	https://www.us-cert.gov/ncas/alerts/TA18-141A	third-party-advisory, x_refsource_CERT
	https://access.redhat.com/errata/RHSA-2018:1656	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1664	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2258	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1688	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1658	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1657	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2289	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1666	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1042004	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1675	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1660	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1965	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1661	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1633	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1636	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1854	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2006	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2250	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1040949	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3401	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1737	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1826	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3651-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4210	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/44695/	exploit, x_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:1651	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1638	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1696	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2246	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1644	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1646	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:1639	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1668	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1637	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://www.kb.cert.org/vuls/id/180049	third-party-advisory, x_refsource_CERT-VN
	https://access.redhat.com/errata/RHSA-2018:1686	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2172	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1663	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3652-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1629	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1655	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1640	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1669	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1676	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://access.redhat.com/errata/RHSA-2018:3425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2363	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1632	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1650	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2364	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2216	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1649	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2309	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/104232	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1653	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2171	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1635	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1710	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1659	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1711	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4273	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1738	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1674	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1667	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1662	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1630	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1647	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1967	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3399	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2060	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1690	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2161	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2328	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1648	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0148	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1654	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3679-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3777-3/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1642	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3397	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3756-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3398	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3400	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2228	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1046	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html	vendor-advisory, x_refsource_SUSE
	https://seclists.org/bugtraq/2019/Jun/36	mailing-list, x_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2020/06/10/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/5	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-22133	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX235225	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_23	x_refsource_CONFIRM
	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	x_refsource_CONFIRM
	http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-263.html	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf	x_refsource_CONFIRM
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	x_refsource_CONFIRM
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1528	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180521-0001/	x_refsource_CONFIRM
	https://nvidia.custhelp.com/app/answers/detail/a_id/4787	x_refsource_CONFIRM
	https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	Intel Corporation	Multiple

Show details on NVD website