CESA-2018:1965 -- centos 7 kernel,python-perf,perfID: oval:org.secpod.oval:def:204837 | Date: (C)2018-07-04 (M)2024-04-17 |
Class: PATCH | Family: unix |
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load amp; Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Ken Johnson and Jann Horn for reporting CVE-2018-3639. Bug Fix: These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871
Product: |
kernel |
python-perf |
perf |