Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.812601
Category:Red Hat Local Security Checks
Title:RedHat Update for linux-firmware RHSA-2018:0014-01
Summary:The remote host is missing an update for the 'linux-firmware'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'linux-firmware'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The linux-firmware packages contain all of
the firmware files that are required by various devices to operate. Security
Fix(es): * An industry-wide issue was found in the way many modern
microprocessor designs have implemented speculative execution of instructions (a
commonly used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing branch
target injection. It relies on the presence of a precisely-defined instruction
sequence in the privileged code as well as the fact that memory accesses may
cause allocation into the microprocessor's data cache even for speculatively
executed instructions that never actually commit (retire). As a result, an
unprivileged attacker could use this flaw to cross the syscall and guest/host
boundaries and read privileged memory by conducting targeted cache side-channel
attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the
CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero
for reporting this issue.

Affected Software/OS:
linux-firmware on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5715
BugTraq ID: 102376
http://www.securityfocus.com/bid/102376
Bugtraq: 20190624 [SECURITY] [DSA 4469-1] libvirt security update (Google Search)
https://seclists.org/bugtraq/2019/Jun/36
Bugtraq: 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu (Google Search)
https://seclists.org/bugtraq/2019/Nov/16
CERT/CC vulnerability note: VU#180049
https://www.kb.cert.org/vuls/id/180049
CERT/CC vulnerability note: VU#584653
http://www.kb.cert.org/vuls/id/584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Debian Security Information: DSA-4120 (Google Search)
https://www.debian.org/security/2018/dsa-4120
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
Debian Security Information: DSA-4213 (Google Search)
https://www.debian.org/security/2018/dsa-4213
https://www.exploit-db.com/exploits/43427/
FreeBSD Security Advisory: FreeBSD-SA-19:26
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
https://security.gentoo.org/glsa/201810-06
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://spectreattack.com/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
RedHat Security Advisories: RHSA-2018:0292
https://access.redhat.com/errata/RHSA-2018:0292
http://www.securitytracker.com/id/1040071
SuSE Security Announcement: SUSE-SU-2018:0006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html
SuSE Security Announcement: SUSE-SU-2018:0007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html
SuSE Security Announcement: SUSE-SU-2018:0008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
SuSE Security Announcement: SUSE-SU-2018:0009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
SuSE Security Announcement: SUSE-SU-2018:0019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html
SuSE Security Announcement: SUSE-SU-2018:0020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2018:0013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
https://usn.ubuntu.com/usn/usn-3516-1/
https://usn.ubuntu.com/3531-1/
https://usn.ubuntu.com/3531-3/
https://usn.ubuntu.com/3540-2/
https://usn.ubuntu.com/3541-2/
https://usn.ubuntu.com/3542-2/
https://usn.ubuntu.com/3549-1/
https://usn.ubuntu.com/3560-1/
https://usn.ubuntu.com/3561-1/
https://usn.ubuntu.com/3580-1/
https://usn.ubuntu.com/3581-1/
https://usn.ubuntu.com/3581-2/
https://usn.ubuntu.com/3582-1/
https://usn.ubuntu.com/3582-2/
https://usn.ubuntu.com/3594-1/
https://usn.ubuntu.com/3597-1/
https://usn.ubuntu.com/3597-2/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3690-1/
https://usn.ubuntu.com/3777-3/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.