Americas

  • United States
sandra_henrystocker
Unix Dweeb

4 vulnerabilities and exposures affect Intel-based systems; Red Hat responds

News
May 15, 20192 mins
LinuxSecurity

Red Hat issued a security advisory on recently disclosed CVEs (common vulnerabilities and exposures) in Intel microprocessors.

intel cpu background
Credit: Melissa Riofrio/IDG

Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs):

  • CVE-2018-12126 – a flaw that could lead to information disclosure from the processor store buffer
  • CVE-2018-12127 – an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline
  • CVE-2018-12130 – the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer
  • CVE-2019-11091 – a flaw in the implementation of the “fill buffer,” a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache

Red Hat customers should update their systems

Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.

Red Hat versions affected include:

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Atomic Host
  • Red Hat Enterprise MRG 2
  • Red Hat OpenShift Online v2
  • Red Hat OpenShift Online v3
  • Red Hat Virtualization (RHV/RHV-H)
  • Red Hat OpenStack Platform

For Red Hat, vulnerability information is available at this Red Hat vulnerabilities site.

It is important to understand that an attacker cannot use this vulnerability to target specific data. Attacks would likely require sampling over a period of time, along with the application of statistical methods to reconstruct data that might be of value to them.

sandra_henrystocker
Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.