RHSA-2018:2309: Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD)</li> Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:2309?
The severity of RHSA-2018:2309 is critical due to the potential for remote code execution vulnerabilities.
How do I fix RHSA-2018:2309?
To fix RHSA-2018:2309, you need to update the kernel packages to version 2.6.32-504.72.1.el6 or later.
Which systems are affected by RHSA-2018:2309?
RHSA-2018:2309 affects systems running versions of the kernel prior to 2.6.32-504.72.1.el6.
What are the potential impacts of RHSA-2018:2309?
The potential impacts of RHSA-2018:2309 include unauthorized access and execution of arbitrary code on vulnerable systems.
Is there a workaround for RHSA-2018:2309?
There is no reliable workaround for RHSA-2018:2309; updating the kernel is the recommended action to mitigate the vulnerability.