ALT-PU-2018-2096-1
Package firmware-intel-ucode updated to version 6-alt1.20180703 for branch sisyphus in task 211084.
Closed vulnerabilities
Published: 2018-05-03
BDU:2019-00768
Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного выполнения и чтения из памяти до возврата адресов предыдущих операций записи в память, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-09-11
BDU:2019-01065
Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного считывания системных регистров, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
References:
Published: 2018-05-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1438
- openSUSE-SU-2019:1438
- openSUSE-SU-2019:1439
- openSUSE-SU-2019:1439
- openSUSE-SU-2020:1325
- openSUSE-SU-2020:1325
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- [oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- 104232
- 104232
- 1040949
- 1040949
- 1042004
- 1042004
- http://xenbits.xen.org/xsa/advisory-263.html
- http://xenbits.xen.org/xsa/advisory-263.html
- RHSA-2018:1629
- RHSA-2018:1629
- RHSA-2018:1630
- RHSA-2018:1630
- RHSA-2018:1632
- RHSA-2018:1632
- RHSA-2018:1633
- RHSA-2018:1633
- RHSA-2018:1635
- RHSA-2018:1635
- RHSA-2018:1636
- RHSA-2018:1636
- RHSA-2018:1637
- RHSA-2018:1637
- RHSA-2018:1638
- RHSA-2018:1638
- RHSA-2018:1639
- RHSA-2018:1639
- RHSA-2018:1640
- RHSA-2018:1640
- RHSA-2018:1641
- RHSA-2018:1641
- RHSA-2018:1642
- RHSA-2018:1642
- RHSA-2018:1643
- RHSA-2018:1643
- RHSA-2018:1644
- RHSA-2018:1644
- RHSA-2018:1645
- RHSA-2018:1645
- RHSA-2018:1646
- RHSA-2018:1646
- RHSA-2018:1647
- RHSA-2018:1647
- RHSA-2018:1648
- RHSA-2018:1648
- RHSA-2018:1649
- RHSA-2018:1649
- RHSA-2018:1650
- RHSA-2018:1650
- RHSA-2018:1651
- RHSA-2018:1651
- RHSA-2018:1652
- RHSA-2018:1652
- RHSA-2018:1653
- RHSA-2018:1653
- RHSA-2018:1654
- RHSA-2018:1654
- RHSA-2018:1655
- RHSA-2018:1655
- RHSA-2018:1656
- RHSA-2018:1656
- RHSA-2018:1657
- RHSA-2018:1657
- RHSA-2018:1658
- RHSA-2018:1658
- RHSA-2018:1659
- RHSA-2018:1659
- RHSA-2018:1660
- RHSA-2018:1660
- RHSA-2018:1661
- RHSA-2018:1661
- RHSA-2018:1662
- RHSA-2018:1662
- RHSA-2018:1663
- RHSA-2018:1663
- RHSA-2018:1664
- RHSA-2018:1664
- RHSA-2018:1665
- RHSA-2018:1665
- RHSA-2018:1666
- RHSA-2018:1666
- RHSA-2018:1667
- RHSA-2018:1667
- RHSA-2018:1668
- RHSA-2018:1668
- RHSA-2018:1669
- RHSA-2018:1669
- RHSA-2018:1674
- RHSA-2018:1674
- RHSA-2018:1675
- RHSA-2018:1675
- RHSA-2018:1676
- RHSA-2018:1676
- RHSA-2018:1686
- RHSA-2018:1686
- RHSA-2018:1688
- RHSA-2018:1688
- RHSA-2018:1689
- RHSA-2018:1689
- RHSA-2018:1690
- RHSA-2018:1690
- RHSA-2018:1696
- RHSA-2018:1696
- RHSA-2018:1710
- RHSA-2018:1710
- RHSA-2018:1711
- RHSA-2018:1711
- RHSA-2018:1737
- RHSA-2018:1737
- RHSA-2018:1738
- RHSA-2018:1738
- RHSA-2018:1826
- RHSA-2018:1826
- RHSA-2018:1854
- RHSA-2018:1854
- RHSA-2018:1965
- RHSA-2018:1965
- RHSA-2018:1967
- RHSA-2018:1967
- RHSA-2018:1997
- RHSA-2018:1997
- RHSA-2018:2001
- RHSA-2018:2001
- RHSA-2018:2003
- RHSA-2018:2003
- RHSA-2018:2006
- RHSA-2018:2006
- RHSA-2018:2060
- RHSA-2018:2060
- RHSA-2018:2161
- RHSA-2018:2161
- RHSA-2018:2162
- RHSA-2018:2162
- RHSA-2018:2164
- RHSA-2018:2164
- RHSA-2018:2171
- RHSA-2018:2171
- RHSA-2018:2172
- RHSA-2018:2172
- RHSA-2018:2216
- RHSA-2018:2216
- RHSA-2018:2228
- RHSA-2018:2228
- RHSA-2018:2246
- RHSA-2018:2246
- RHSA-2018:2250
- RHSA-2018:2250
- RHSA-2018:2258
- RHSA-2018:2258
- RHSA-2018:2289
- RHSA-2018:2289
- RHSA-2018:2309
- RHSA-2018:2309
- RHSA-2018:2328
- RHSA-2018:2328
- RHSA-2018:2363
- RHSA-2018:2363
- RHSA-2018:2364
- RHSA-2018:2364
- RHSA-2018:2387
- RHSA-2018:2387
- RHSA-2018:2394
- RHSA-2018:2394
- RHSA-2018:2396
- RHSA-2018:2396
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3396
- RHSA-2018:3396
- RHSA-2018:3397
- RHSA-2018:3397
- RHSA-2018:3398
- RHSA-2018:3398
- RHSA-2018:3399
- RHSA-2018:3399
- RHSA-2018:3400
- RHSA-2018:3400
- RHSA-2018:3401
- RHSA-2018:3401
- RHSA-2018:3402
- RHSA-2018:3402
- RHSA-2018:3407
- RHSA-2018:3407
- RHSA-2018:3423
- RHSA-2018:3423
- RHSA-2018:3424
- RHSA-2018:3424
- RHSA-2018:3425
- RHSA-2018:3425
- RHSA-2019:0148
- RHSA-2019:0148
- RHSA-2019:1046
- RHSA-2019:1046
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://support.citrix.com/article/CTX235225
- https://support.citrix.com/article/CTX235225
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
- https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- USN-3651-1
- USN-3651-1
- USN-3652-1
- USN-3652-1
- USN-3653-1
- USN-3653-1
- USN-3653-2
- USN-3653-2
- USN-3654-1
- USN-3654-1
- USN-3654-2
- USN-3654-2
- USN-3655-1
- USN-3655-1
- USN-3655-2
- USN-3655-2
- USN-3679-1
- USN-3679-1
- USN-3680-1
- USN-3680-1
- USN-3756-1
- USN-3756-1
- USN-3777-3
- USN-3777-3
- DSA-4210
- DSA-4210
- DSA-4273
- DSA-4273
- 44695
- 44695
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.synology.com/support/security/Synology_SA_18_23
- https://www.synology.com/support/security/Synology_SA_18_23
- TA18-141A
- TA18-141A
Published: 2018-05-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3640
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- 104228
- 104228
- 1040949
- 1040949
- 1042004
- 1042004
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- USN-3756-1
- USN-3756-1
- DSA-4273
- DSA-4273
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.synology.com/support/security/Synology_SA_18_23
- https://www.synology.com/support/security/Synology_SA_18_23
- TA18-141A
- TA18-141A