what you don't know can hurt you
Showing 1 - 25 of 111 RSS Feed

CVE-2018-3639

Status Candidate

Overview

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Related Files

Red Hat Security Advisory 2019-1046-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1046-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed relate to a speculative execution vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 641d97d1f6dd3b4917b0928457d6f5445185b235d120f414bb77ea83f14f84fc
Red Hat Security Advisory 2019-0148-01
Posted Jan 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | cf6f99e1d878aeca36d32384df37ac2dc42e37a931da9993dc7f86d945451493
Apple Security Advisory 2018-10-30-9
Posted Oct 31, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-10-30-9 - macOS Mojave 10.14 addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-1777, CVE-2017-12613, CVE-2017-12618, CVE-2018-3639, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4321, CVE-2018-4324, CVE-2018-4326, CVE-2018-4331, CVE-2018-4332, CVE-2018-4333, CVE-2018-4334, CVE-2018-4336, CVE-2018-4337, CVE-2018-4338, CVE-2018-4340, CVE-2018-4341
SHA-256 | a8f2425703aa5eaa474d81432a525f24e9c54728383b179b22d71e8c0c9569df
Apple Security Advisory 2018-10-30-2
Posted Oct 31, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-10-30-2 - macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address buffer overflow, code execution, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2017-10784, CVE-2017-12613, CVE-2017-12618, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17742, CVE-2018-3639, CVE-2018-3640, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4242, CVE-2018-4259, CVE-2018-4286, CVE-2018-4287, CVE-2018-4288, CVE-2018-4291, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4326, CVE-2018-4331, CVE-2018-4334, CVE-2018-4340
SHA-256 | dd898f821c1c4cb27a0620ce5196317d76bde87c8c954f0aed14743d73203615
Red Hat Security Advisory 2018-3423-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3423-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 07ec0c363b5fc061ccfca5b010a64e17799f43dd3f3e19c4b5bc023203497a49
Red Hat Security Advisory 2018-3424-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3424-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | fc73d207dc1ffb37bc40af98aeb42d453db905e10528e863108bc3b0336c4fce
Red Hat Security Advisory 2018-3425-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3425-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | ec51b830505917f8f72fa3398cfe827eead8ac4d5eb66fc1bba306bdd58b5f42
Red Hat Security Advisory 2018-3407-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3407-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 3848085572b6f138f5476348e0af790d752a3d37580945d0cfd9f2cb7db31ae9
Red Hat Security Advisory 2018-3402-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3402-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | ae88a84682c17b1ee45a296c955f01819a582804be7501f980f4d3bc967bdee7
Red Hat Security Advisory 2018-3401-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3401-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 33c38b96686e76f6c70bf5d93c45a8dbbb16977b61f9673cd7464ac0b918feae
Red Hat Security Advisory 2018-3400-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3400-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | ceedb0f32a71770e53013489dd76a1e1356802907ad705386ab339651336249e
Red Hat Security Advisory 2018-3399-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3399-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 53c1b3d9f64c72ad486448dd3a78768f2402844a78c57090a2167687505442ff
Red Hat Security Advisory 2018-3398-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3398-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | ba939469c9b8511db049f0df3384b3927cd421b11c15bbb0e44e02e84663dff1
Red Hat Security Advisory 2018-3397-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3397-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | a2851ef12431e38f2637f3b12eceb255debee69dcf1812aa2b4a62bf9187e23b
Red Hat Security Advisory 2018-3396-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3396-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | f31d82b43795fe3bc47bbf6ab664ad70d79a4f16efa79c2255b79cc5d234e9f2
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
SHA-256 | 769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664
Debian Security Advisory 4273-2
Posted Sep 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-2 - This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1 (and thus provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a")).

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
SHA-256 | 9778d2c46fe7bad752642986b7321defd6ea504ebc24609016abebc7108cb5d9
Ubuntu Security Notice USN-3756-1
Posted Aug 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3756-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-3639, CVE-2018-3640, CVE-2018-3646
SHA-256 | 4d3e0fef07b4fa6cea9ef708a373c5f9e59546b79c7bad817f04b77621877e2f
Debian Security Advisory 4273-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
SHA-256 | 3063db9bd745bdaeeb09124be4f84fda09413e2977b37ed6971840c6ddf5d2f3
Red Hat Security Advisory 2018-2394-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2394-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-10901, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
SHA-256 | 96350d9f9d8697afd9a480724105b5aef15a51d0552d68e86492a160c232117a
Red Hat Security Advisory 2018-2396-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2396-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
SHA-256 | 27f95d8f12538d5e995d492c220a425b68f0efa491bbc715024624856f27653b
Red Hat Security Advisory 2018-2387-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2387-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3620, CVE-2018-3639, CVE-2018-3646
SHA-256 | 187751662383087323a41b0a9aba40a1986215a77aceb30a88afc2b0cd1a98f5
Red Hat Security Advisory 2018-2363-01
Posted Aug 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2363-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 1731d8429d900bc059978895ccfc58bfea9c4a138abd0aea7e54f8eef5c602b4
Red Hat Security Advisory 2018-2364-01
Posted Aug 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2364-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | f10fbdddd8b86021a5f6ff3a90830788c6ed22cec9ad8f974f6d048a08101950
Red Hat Security Advisory 2018-2328-01
Posted Aug 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2328-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | d572720438148dfc223df3559e05041f899254a9a093c2595d1a017982fc07db
Page 1 of 5
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close