ALT-PU-2019-2212-1
Package firmware-intel-ucode updated to version 9-alt1.20190514 for branch c7 in task 233907.
Closed vulnerabilities
Published: 2017-12-22
BDU:2018-00001
Уязвимость процессоров Intel и АRM, вызванная ошибкой контроля доступа к памяти при спекулятивном выполнении инструкций процессора, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-01-07
BDU:2018-00002
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-01-03
BDU:2018-00994
Уязвимость реализации технологии Software Guard eXtensions процессоров Intel, позволяющая получить несанкционированный доступ к данным, размещённым в защищённой области
Severity: HIGH (7.9)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References:
Published: 2018-01-03
BDU:2018-00995
Уязвимость процессоров Intel, связанная с возможностью спекулятивного выполнения команд и позволяющая нарушителю получить несанкционированный доступ к памяти ядра операционной системы или SMM-памяти
Severity: HIGH (7.1)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-01-03
BDU:2018-00996
Уязвимость процессоров Intel, связанная с возможностью спекулятивного выполнения команд и позволяющая нарушителю преодолеть механизм изоляции памяти виртуальных машин
Severity: HIGH (7.1)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-05-03
BDU:2019-00768
Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного выполнения и чтения из памяти до возврата адресов предыдущих операций записи в память, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-09-11
BDU:2019-01065
Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного считывания системных регистров, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.1)
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-01-04
Modified: 2025-01-14
Modified: 2025-01-14
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (5.6)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 102371
- 102371
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cdrdv2.intel.com/v1/dl/getContent/685359
- https://cdrdv2.intel.com/v1/dl/getContent/685359
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://spectreattack.com/
- https://spectreattack.com/
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3540-1
- USN-3540-1
- USN-3540-2
- USN-3540-2
- USN-3541-1
- USN-3541-1
- USN-3541-2
- USN-3541-2
- USN-3542-1
- USN-3542-1
- USN-3542-2
- USN-3542-2
- USN-3549-1
- USN-3549-1
- USN-3580-1
- USN-3580-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3516-1
- USN-3516-1
- DSA-4187
- DSA-4187
- DSA-4188
- DSA-4188
- 43427
- 43427
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Published: 2018-01-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- 102378
- 102378
- 106128
- 106128
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cdrdv2.intel.com/v1/dl/getContent/685358
- https://cdrdv2.intel.com/v1/dl/getContent/685358
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- https://meltdownattack.com/
- https://meltdownattack.com/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- FreeBSD-SA-18:03
- FreeBSD-SA-18:03
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://source.android.com/security/bulletin/2018-04-01
- https://source.android.com/security/bulletin/2018-04-01
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX234679
- https://support.citrix.com/article/CTX234679
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3522-3
- USN-3522-3
- USN-3522-4
- USN-3522-4
- USN-3523-1
- USN-3523-1
- USN-3540-2
- USN-3540-2
- USN-3541-2
- USN-3541-2
- USN-3583-1
- USN-3583-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3516-1
- USN-3516-1
- USN-3522-2
- USN-3522-2
- USN-3523-2
- USN-3523-2
- USN-3524-2
- USN-3524-2
- USN-3525-1
- USN-3525-1
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- DSA-4078
- DSA-4078
- DSA-4082
- DSA-4082
- DSA-4120
- DSA-4120
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2018-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (6.4)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
References:
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- 105080
- 105080
- 1041451
- 1041451
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://foreshadowattack.eu/
- https://foreshadowattack.eu/
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://support.f5.com/csp/article/K35558453
- https://support.f5.com/csp/article/K35558453
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- VU#982149
- VU#982149
- https://www.synology.com/support/security/Synology_SA_18_45
- https://www.synology.com/support/security/Synology_SA_18_45
Published: 2018-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3620
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- 105080
- 105080
- 1041451
- 1041451
- http://www.vmware.com/security/advisories/VMSA-2018-0021.html
- http://www.vmware.com/security/advisories/VMSA-2018-0021.html
- http://xenbits.xen.org/xsa/advisory-273.html
- http://xenbits.xen.org/xsa/advisory-273.html
- RHSA-2018:2384
- RHSA-2018:2384
- RHSA-2018:2387
- RHSA-2018:2387
- RHSA-2018:2388
- RHSA-2018:2388
- RHSA-2018:2389
- RHSA-2018:2389
- RHSA-2018:2390
- RHSA-2018:2390
- RHSA-2018:2391
- RHSA-2018:2391
- RHSA-2018:2392
- RHSA-2018:2392
- RHSA-2018:2393
- RHSA-2018:2393
- RHSA-2018:2394
- RHSA-2018:2394
- RHSA-2018:2395
- RHSA-2018:2395
- RHSA-2018:2396
- RHSA-2018:2396
- RHSA-2018:2402
- RHSA-2018:2402
- RHSA-2018:2403
- RHSA-2018:2403
- RHSA-2018:2404
- RHSA-2018:2404
- RHSA-2018:2602
- RHSA-2018:2602
- RHSA-2018:2603
- RHSA-2018:2603
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://foreshadowattack.eu/
- https://foreshadowattack.eu/
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update
- [debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- FEDORA-2018-f8cba144ae
- FEDORA-2018-f8cba144ae
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1c80fea1cd
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009
- FreeBSD-SA-18:09
- FreeBSD-SA-18:09
- GLSA-201810-06
- GLSA-201810-06
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://support.f5.com/csp/article/K95275140
- https://support.f5.com/csp/article/K95275140
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- USN-3740-1
- USN-3740-1
- USN-3740-2
- USN-3740-2
- USN-3741-1
- USN-3741-1
- USN-3741-2
- USN-3741-2
- USN-3742-1
- USN-3742-1
- USN-3742-2
- USN-3742-2
- USN-3823-1
- USN-3823-1
- DSA-4274
- DSA-4274
- DSA-4279
- DSA-4279
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- VU#982149
- VU#982149
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.synology.com/support/security/Synology_SA_18_45
- https://www.synology.com/support/security/Synology_SA_18_45
Published: 2018-05-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1438
- openSUSE-SU-2019:1438
- openSUSE-SU-2019:1439
- openSUSE-SU-2019:1439
- openSUSE-SU-2020:1325
- openSUSE-SU-2020:1325
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- [oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- [oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
- 104232
- 104232
- 1040949
- 1040949
- 1042004
- 1042004
- http://xenbits.xen.org/xsa/advisory-263.html
- http://xenbits.xen.org/xsa/advisory-263.html
- RHSA-2018:1629
- RHSA-2018:1629
- RHSA-2018:1630
- RHSA-2018:1630
- RHSA-2018:1632
- RHSA-2018:1632
- RHSA-2018:1633
- RHSA-2018:1633
- RHSA-2018:1635
- RHSA-2018:1635
- RHSA-2018:1636
- RHSA-2018:1636
- RHSA-2018:1637
- RHSA-2018:1637
- RHSA-2018:1638
- RHSA-2018:1638
- RHSA-2018:1639
- RHSA-2018:1639
- RHSA-2018:1640
- RHSA-2018:1640
- RHSA-2018:1641
- RHSA-2018:1641
- RHSA-2018:1642
- RHSA-2018:1642
- RHSA-2018:1643
- RHSA-2018:1643
- RHSA-2018:1644
- RHSA-2018:1644
- RHSA-2018:1645
- RHSA-2018:1645
- RHSA-2018:1646
- RHSA-2018:1646
- RHSA-2018:1647
- RHSA-2018:1647
- RHSA-2018:1648
- RHSA-2018:1648
- RHSA-2018:1649
- RHSA-2018:1649
- RHSA-2018:1650
- RHSA-2018:1650
- RHSA-2018:1651
- RHSA-2018:1651
- RHSA-2018:1652
- RHSA-2018:1652
- RHSA-2018:1653
- RHSA-2018:1653
- RHSA-2018:1654
- RHSA-2018:1654
- RHSA-2018:1655
- RHSA-2018:1655
- RHSA-2018:1656
- RHSA-2018:1656
- RHSA-2018:1657
- RHSA-2018:1657
- RHSA-2018:1658
- RHSA-2018:1658
- RHSA-2018:1659
- RHSA-2018:1659
- RHSA-2018:1660
- RHSA-2018:1660
- RHSA-2018:1661
- RHSA-2018:1661
- RHSA-2018:1662
- RHSA-2018:1662
- RHSA-2018:1663
- RHSA-2018:1663
- RHSA-2018:1664
- RHSA-2018:1664
- RHSA-2018:1665
- RHSA-2018:1665
- RHSA-2018:1666
- RHSA-2018:1666
- RHSA-2018:1667
- RHSA-2018:1667
- RHSA-2018:1668
- RHSA-2018:1668
- RHSA-2018:1669
- RHSA-2018:1669
- RHSA-2018:1674
- RHSA-2018:1674
- RHSA-2018:1675
- RHSA-2018:1675
- RHSA-2018:1676
- RHSA-2018:1676
- RHSA-2018:1686
- RHSA-2018:1686
- RHSA-2018:1688
- RHSA-2018:1688
- RHSA-2018:1689
- RHSA-2018:1689
- RHSA-2018:1690
- RHSA-2018:1690
- RHSA-2018:1696
- RHSA-2018:1696
- RHSA-2018:1710
- RHSA-2018:1710
- RHSA-2018:1711
- RHSA-2018:1711
- RHSA-2018:1737
- RHSA-2018:1737
- RHSA-2018:1738
- RHSA-2018:1738
- RHSA-2018:1826
- RHSA-2018:1826
- RHSA-2018:1854
- RHSA-2018:1854
- RHSA-2018:1965
- RHSA-2018:1965
- RHSA-2018:1967
- RHSA-2018:1967
- RHSA-2018:1997
- RHSA-2018:1997
- RHSA-2018:2001
- RHSA-2018:2001
- RHSA-2018:2003
- RHSA-2018:2003
- RHSA-2018:2006
- RHSA-2018:2006
- RHSA-2018:2060
- RHSA-2018:2060
- RHSA-2018:2161
- RHSA-2018:2161
- RHSA-2018:2162
- RHSA-2018:2162
- RHSA-2018:2164
- RHSA-2018:2164
- RHSA-2018:2171
- RHSA-2018:2171
- RHSA-2018:2172
- RHSA-2018:2172
- RHSA-2018:2216
- RHSA-2018:2216
- RHSA-2018:2228
- RHSA-2018:2228
- RHSA-2018:2246
- RHSA-2018:2246
- RHSA-2018:2250
- RHSA-2018:2250
- RHSA-2018:2258
- RHSA-2018:2258
- RHSA-2018:2289
- RHSA-2018:2289
- RHSA-2018:2309
- RHSA-2018:2309
- RHSA-2018:2328
- RHSA-2018:2328
- RHSA-2018:2363
- RHSA-2018:2363
- RHSA-2018:2364
- RHSA-2018:2364
- RHSA-2018:2387
- RHSA-2018:2387
- RHSA-2018:2394
- RHSA-2018:2394
- RHSA-2018:2396
- RHSA-2018:2396
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3396
- RHSA-2018:3396
- RHSA-2018:3397
- RHSA-2018:3397
- RHSA-2018:3398
- RHSA-2018:3398
- RHSA-2018:3399
- RHSA-2018:3399
- RHSA-2018:3400
- RHSA-2018:3400
- RHSA-2018:3401
- RHSA-2018:3401
- RHSA-2018:3402
- RHSA-2018:3402
- RHSA-2018:3407
- RHSA-2018:3407
- RHSA-2018:3423
- RHSA-2018:3423
- RHSA-2018:3424
- RHSA-2018:3424
- RHSA-2018:3425
- RHSA-2018:3425
- RHSA-2019:0148
- RHSA-2019:0148
- RHSA-2019:1046
- RHSA-2019:1046
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://support.citrix.com/article/CTX235225
- https://support.citrix.com/article/CTX235225
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
- https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- USN-3651-1
- USN-3651-1
- USN-3652-1
- USN-3652-1
- USN-3653-1
- USN-3653-1
- USN-3653-2
- USN-3653-2
- USN-3654-1
- USN-3654-1
- USN-3654-2
- USN-3654-2
- USN-3655-1
- USN-3655-1
- USN-3655-2
- USN-3655-2
- USN-3679-1
- USN-3679-1
- USN-3680-1
- USN-3680-1
- USN-3756-1
- USN-3756-1
- USN-3777-3
- USN-3777-3
- DSA-4210
- DSA-4210
- DSA-4273
- DSA-4273
- 44695
- 44695
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.synology.com/support/security/Synology_SA_18_23
- https://www.synology.com/support/security/Synology_SA_18_23
- TA18-141A
- TA18-141A
Published: 2018-05-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3640
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://support.lenovo.com/us/en/solutions/LEN-22133
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
- 104228
- 104228
- 1040949
- 1040949
- 1042004
- 1042004
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://security.netapp.com/advisory/ntap-20180521-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- 20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
- USN-3756-1
- USN-3756-1
- DSA-4273
- DSA-4273
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
- https://www.synology.com/support/security/Synology_SA_18_23
- https://www.synology.com/support/security/Synology_SA_18_23
- TA18-141A
- TA18-141A
Published: 2018-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-3646
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- 105080
- 105080
- 1041451
- 1041451
- 1042004
- 1042004
- http://www.vmware.com/security/advisories/VMSA-2018-0020.html
- http://www.vmware.com/security/advisories/VMSA-2018-0020.html
- http://xenbits.xen.org/xsa/advisory-273.html
- http://xenbits.xen.org/xsa/advisory-273.html
- RHSA-2018:2384
- RHSA-2018:2384
- RHSA-2018:2387
- RHSA-2018:2387
- RHSA-2018:2388
- RHSA-2018:2388
- RHSA-2018:2389
- RHSA-2018:2389
- RHSA-2018:2390
- RHSA-2018:2390
- RHSA-2018:2391
- RHSA-2018:2391
- RHSA-2018:2392
- RHSA-2018:2392
- RHSA-2018:2393
- RHSA-2018:2393
- RHSA-2018:2394
- RHSA-2018:2394
- RHSA-2018:2395
- RHSA-2018:2395
- RHSA-2018:2396
- RHSA-2018:2396
- RHSA-2018:2402
- RHSA-2018:2402
- RHSA-2018:2403
- RHSA-2018:2403
- RHSA-2018:2404
- RHSA-2018:2404
- RHSA-2018:2602
- RHSA-2018:2602
- RHSA-2018:2603
- RHSA-2018:2603
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://foreshadowattack.eu/
- https://foreshadowattack.eu/
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update
- [debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- FEDORA-2018-f8cba144ae
- FEDORA-2018-f8cba144ae
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1c80fea1cd
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
- FreeBSD-SA-18:09
- FreeBSD-SA-18:09
- GLSA-201810-06
- GLSA-201810-06
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://support.f5.com/csp/article/K31300402
- https://support.f5.com/csp/article/K31300402
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- USN-3740-1
- USN-3740-1
- USN-3740-2
- USN-3740-2
- USN-3741-1
- USN-3741-1
- USN-3741-2
- USN-3741-2
- USN-3742-1
- USN-3742-1
- USN-3742-2
- USN-3742-2
- USN-3756-1
- USN-3756-1
- USN-3823-1
- USN-3823-1
- DSA-4274
- DSA-4274
- DSA-4279
- DSA-4279
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- VU#982149
- VU#982149
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.synology.com/support/security/Synology_SA_18_45
- https://www.synology.com/support/security/Synology_SA_18_45
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24