Google [Jann Horn (Google Project Zero) ] and Microsoft [Ken Johnson (Microsoft Security Response Center) ] found another security flaw on the modern processor architecture. An unprivileged attacker can use this flaw to bypass restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. This issue has been assigned CVE-2018-3639 and is also referred to as “Variant 4” or “Speculative Store Bypass”. The following CPU Architectures are affected on
- AMD processors
- ARM processors
- IBM POWER8, POWER9 processors and SystemZ series
- Intel processors.
All currently supported versions of Red Hat Enterprise Linux, Red Hat OpenShift, Red Hat Virtualization, and Red Hat OpenStack Platform are affected. Redhat has confirmed that , “A malicious, unprivileged user could use this flaw to read privileged system memory and/or memory outside of a sandboxed environment like a web-browser or JIT execution run times.”
To fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers, but at a future time Red Hat will release the tested and signed updates as we receive them.
| CVSS3 Base Score | 5.6 |
|---|
To know the affected packages on Redhat Enterprise Linux , please visit https://red.ht/2rZcflp
Explains about Speculative Store Buffer:
Intel , AMD, Redhat, VMware & Microsoft are working closely to mitigate the issues on their virtualization platform, operating systems , firmware. very soon will update the fixes information on each products once it’s available for enterprise.
Firmware with fixes might reduce the system performance by 2 to 8% .