what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

CVE-2018-3620

Status Candidate

Overview

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Related Files

Ubuntu Security Notice USN-3823-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 31f8e6ed4e51034194ee99c3c3f4111fc4a66b43bb164b2be0acf59e4a893bb3
Gentoo Linux Security Advisory 201810-06
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-6 - Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Versions less than 4.10.1-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-3620, CVE-2018-3646, CVE-2018-5244, CVE-2018-7540, CVE-2018-7541, CVE-2018-7542
SHA-256 | b217f9accfba4a764bd6f85c953f7739d90f11d6b6ba34b105c6fadfa4adafee
Kernel Live Patch Security Notice LSN-0044-1
Posted Oct 8, 2018
Authored by Benjamin M. Romer

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3620, CVE-2018-3646, CVE-2018-6555
SHA-256 | 1ae6dc1bc4438da330374ea7c963d1a59dd4454020d117a4fef1a28f4474b821
Red Hat Security Advisory 2018-2602-01
Posted Aug 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2602-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | f6b54b09c6a2d9f3064c6d9bccdcf343bb3d049d98acdfd1f89cf311ab6000f2
Red Hat Security Advisory 2018-2603-01
Posted Aug 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2603-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 3d81e96dde42a990c58ceedf86f6ffc84242f9f9b4c00806585ade31a234b825
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Aug 29, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-3546, CVE-2018-3615, CVE-2018-3620
SHA-256 | ea856943ce3323e90a62f9f0444ae61a7c2cd21247544d82273f957d98b39be2
Ubuntu Security Notice USN-3742-3
Posted Aug 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-3 - USN-3742-2 introduced mitigations in the Linux Hardware Enablement kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault vulnerabilities. Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. Various other issues were also addressed.

tags | advisory, java, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | 117ca5698e3423dcf9d211649ddf4777ad1e2cebd10deb52b0430ebb6315d012
Debian Security Advisory 4279-1
Posted Aug 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4279-1 - Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory.

tags | advisory, arbitrary, kernel
systems | linux, debian
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 9410b67f93cdf89de85befb58831cd2cf4bfabe1dd3938c4a6c3e982231537ea
Debian Security Advisory 4274-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.

tags | advisory
systems | linux, debian
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 090e52f65938d37c9d400bbfae4c12bff0fad68fc7f006a27c5b57d8da365fcc
Red Hat Security Advisory 2018-2402-01
Posted Aug 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2402-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390
SHA-256 | 255c58742e78f56152ffc709f8738c8457c04a31f66a87e2cc5738d46dea2b1a
Red Hat Security Advisory 2018-2404-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2404-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Issues addressed include an L1TF problem.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | b0fb7588dd260425d75cd1ccecc41fed92d09e8d34bffa2f1830de61840a6d73
Red Hat Security Advisory 2018-2403-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2403-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390
SHA-256 | 05614d3f47ad2de76096fa4834b1c267cdc304f39da1abf393a87b454245c715
FreeBSD Security Advisory - FreeBSD-SA-18:09.l1tf
Posted Aug 15, 2018
Site security.freebsd.org

FreeBSD Security Advisory - On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine.

tags | advisory, x86, kernel
systems | freebsd, bsd
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | cefb966a54c71660104d771e9b47f0ccf9946572b0b4b5e62764577a14a88866
Ubuntu Security Notice USN-3742-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-2 - USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | fb6596a35a24622812cff1ed302b520e11da3ba722f0c644f087c285bc64787d
Ubuntu Security Notice USN-3741-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3741-2 - USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | e1aafce51f46e74efaddf92750c8c94b8ad92ef6b84f541c1a5767c7d5ea30f3
Ubuntu Security Notice USN-3742-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | c035bba325d96f94a43d62767f3c94a54df04c540dd08cb90ddde8af1e49cf84
Ubuntu Security Notice USN-3741-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3741-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
SHA-256 | f4ad9ec6c7b1304f2cf2f16dd624333762bc9822192758d80cf56e3896e99004
Ubuntu Security Notice USN-3740-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3740-2 - USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5391
SHA-256 | 1891e52ccd1f77545c4c6b576b6cf52f3f8c6989badddc0ca53c4e864bc513c1
Ubuntu Security Notice USN-3740-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3740-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5391
SHA-256 | 94e90f29119f0fb45403f3c4a6ddf2e627803fa80f8951645bf375f214822415
Red Hat Security Advisory 2018-2391-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2391-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3646
SHA-256 | e0918e305e3fc1408bdb123ee18582a548b098d88b875af92d2b93fa76e4f780
Red Hat Security Advisory 2018-2389-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2389-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 07d1306cd403f7a01608409a4f0ec531c0653fe11efff7af1be0809f3f90b30e
Red Hat Security Advisory 2018-2395-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2395-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-13215, CVE-2018-10675, CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-5390, CVE-2018-7566
SHA-256 | a77aa01b492637471ec87b6af57a41ebf6aa281cf9f67e4d41b1e4ddcd52ac91
Red Hat Security Advisory 2018-2393-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2393-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3646
SHA-256 | eb26a0479759b3cd568f0f586550ccb96de56c27d15cb93637e68ea3bde94bef
Red Hat Security Advisory 2018-2394-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2394-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
SHA-256 | 96350d9f9d8697afd9a480724105b5aef15a51d0552d68e86492a160c232117a
Red Hat Security Advisory 2018-2392-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2392-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3646
SHA-256 | 044fae32edc1ef7d67944bde621ecbeb436954abee5f536e51168d50339e888a
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close