Test ID:	1.3.6.1.4.1.25623.1.1.2.2018.1350
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2018-1350)
Summary:	The remote host is missing an update for the Huawei EulerOS 'kvm' package(s) announced via the EulerOS-SA-2018-1350 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'kvm' package(s) announced via the EulerOS-SA-2018-1350 advisory. Vulnerability Insight: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3646) Affected Software/OS: 'kvm' package(s) on Huawei EulerOS Virtualization 2.5.0. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-3646 BugTraq ID: 105080 http://www.securityfocus.com/bid/105080 CERT/CC vulnerability note: VU#982149 https://www.kb.cert.org/vuls/id/982149 Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.vmware.com/security/advisories/VMSA-2018-0020.html http://xenbits.xen.org/xsa/advisory-273.html https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010 https://security.netapp.com/advisory/ntap-20180815-0001/ https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault https://support.f5.com/csp/article/K31300402 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.synology.com/support/security/Synology_SA_18_45 Debian Security Information: DSA-4274 (Google Search) https://www.debian.org/security/2018/dsa-4274 Debian Security Information: DSA-4279 (Google Search) https://www.debian.org/security/2018/dsa-4279 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ FreeBSD Security Advisory: FreeBSD-SA-18:09 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc https://security.gentoo.org/glsa/201810-06 https://foreshadowattack.eu/ https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html RedHat Security Advisories: RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384 RedHat Security Advisories: RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2387 RedHat Security Advisories: RHSA-2018:2388 https://access.redhat.com/errata/RHSA-2018:2388 RedHat Security Advisories: RHSA-2018:2389 https://access.redhat.com/errata/RHSA-2018:2389 RedHat Security Advisories: RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 RedHat Security Advisories: RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2391 RedHat Security Advisories: RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2392 RedHat Security Advisories: RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2393 RedHat Security Advisories: RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2394 RedHat Security Advisories: RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395 RedHat Security Advisories: RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2396 RedHat Security Advisories: RHSA-2018:2402 https://access.redhat.com/errata/RHSA-2018:2402 RedHat Security Advisories: RHSA-2018:2403 https://access.redhat.com/errata/RHSA-2018:2403 RedHat Security Advisories: RHSA-2018:2404 https://access.redhat.com/errata/RHSA-2018:2404 RedHat Security Advisories: RHSA-2018:2602 https://access.redhat.com/errata/RHSA-2018:2602 RedHat Security Advisories: RHSA-2018:2603 https://access.redhat.com/errata/RHSA-2018:2603 http://www.securitytracker.com/id/1041451 http://www.securitytracker.com/id/1042004 https://usn.ubuntu.com/3740-1/ https://usn.ubuntu.com/3740-2/ https://usn.ubuntu.com/3741-1/ https://usn.ubuntu.com/3741-2/ https://usn.ubuntu.com/3742-1/ https://usn.ubuntu.com/3742-2/ https://usn.ubuntu.com/3756-1/ https://usn.ubuntu.com/3823-1/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.