what you don't know can hurt you
Showing 1 - 25 of 110 RSS Feed

CVE-2018-3639

Status Candidate

Overview

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Related Files

Red Hat Security Advisory 2019-0148-01
Posted Jan 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 0fda3561dea8fdd3daf9111ad9608801
Apple Security Advisory 2018-10-30-9
Posted Oct 31, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-10-30-9 - macOS Mojave 10.14 addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-1777, CVE-2017-12613, CVE-2017-12618, CVE-2018-3639, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4321, CVE-2018-4324, CVE-2018-4326, CVE-2018-4331, CVE-2018-4332, CVE-2018-4333, CVE-2018-4334, CVE-2018-4336, CVE-2018-4337, CVE-2018-4338, CVE-2018-4340, CVE-2018-4341
MD5 | 11701ebf662e62c543b6d5d6904f76fc
Apple Security Advisory 2018-10-30-2
Posted Oct 31, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-10-30-2 - macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address buffer overflow, code execution, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2017-10784, CVE-2017-12613, CVE-2017-12618, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17742, CVE-2018-3639, CVE-2018-3640, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4242, CVE-2018-4259, CVE-2018-4286, CVE-2018-4287, CVE-2018-4288, CVE-2018-4291, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4326, CVE-2018-4331, CVE-2018-4334, CVE-2018-4340
MD5 | 8c8e8b2371c732c8c18cc33fbce89068
Red Hat Security Advisory 2018-3423-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3423-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | d42dc1500e86561522ed372fb2e0c645
Red Hat Security Advisory 2018-3424-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3424-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 0b4299f4410c0e68dad477055c7899c2
Red Hat Security Advisory 2018-3425-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3425-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 4ef5dc721ebec1fe0ffde652cdb1b170
Red Hat Security Advisory 2018-3407-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3407-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | fa44a86b5e3a18726fee16a7a2b94f64
Red Hat Security Advisory 2018-3402-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3402-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 820f2b6ee571ad293adfef074bed2a04
Red Hat Security Advisory 2018-3401-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3401-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 6ef9b7684a744b6b17fa95e8e09a712c
Red Hat Security Advisory 2018-3400-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3400-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | d5772e64ff73653c8b61c4c8ebb9ed42
Red Hat Security Advisory 2018-3399-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3399-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 559e7cfd6f547d39574d3fbd2e82958d
Red Hat Security Advisory 2018-3398-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3398-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 9e9d77fde3ac859b08319ec47fa3be22
Red Hat Security Advisory 2018-3397-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3397-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 3163779353f3751fe824049783a16304
Red Hat Security Advisory 2018-3396-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3396-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | cbc11a88c220fbc60a44048f7a61c4c5
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
MD5 | 9d5422023e24d370d36309f152f01b10
Debian Security Advisory 4273-2
Posted Sep 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-2 - This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1 (and thus provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a")).

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
MD5 | 8d3bff6c7eba959568a9bbd92b2ec137
Ubuntu Security Notice USN-3756-1
Posted Aug 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3756-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-3639, CVE-2018-3640, CVE-2018-3646
MD5 | 0beb2e2ffd5d058e98df53cffa756afb
Debian Security Advisory 4273-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
MD5 | 03ce223784ae024cf6f9ba3fb745df45
Red Hat Security Advisory 2018-2394-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2394-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
MD5 | 14f3c60bc7297b2894f63fd0687edb78
Red Hat Security Advisory 2018-2396-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2396-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
MD5 | 5e3403f4ef9ef7eb50906783ec76098a
Red Hat Security Advisory 2018-2387-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2387-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
MD5 | 59108e2a3b8f624b8c7e278e385a1d36
Red Hat Security Advisory 2018-2363-01
Posted Aug 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2363-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | f39789c1cbfeacc275583986ae3ef016
Red Hat Security Advisory 2018-2364-01
Posted Aug 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2364-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 4ba2017bc1278237736dec4c2ebc3323
Red Hat Security Advisory 2018-2328-01
Posted Aug 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2328-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | c060a397c9c42bd68a0aab76cb732900
Red Hat Security Advisory 2018-2309-01
Posted Aug 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2309-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 1e0323f0367612bfb37718139c812ea0
Page 1 of 5
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close