Users are urged to update their installations immediately
Now that Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series were patched against the Spectre Variant 4 (CVE-2018-3639) security vulnerability, as well as the Lazy FPU State Save/Restore CPU flaw, it’s time for Red Hat Enterprise Linux 6 and CentOS Linux 6 to receive these important security updates, which users can now install them on their computers.
As expected, the most important fix is that for Spectre Variant 4, an industry-wide CPU flaw that affects numerous modern microprocessor using a common performance optimization known as speculative execution of Load & Store instructions, which could allow an unprivileged attacker to read privileged memory via targeted cache side-channel attacks. Patches are now available for Intel x86 and AMD CPUs.
“It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire),” reads Red Hat’s security advisory .
The Lazy FPU state save/restore CPU flaw (CVE-2018-3665) was patched as well in this latest kernel security update to the Red Hat Enterprise Linux 6 and CentOS Linux 6 operating system series, which could lead to leakage of FPU state information. Additionally, the new kernel updates also address a use-after-free vulnerability in the mm/mempolicy.c:do_get_mempolicy function (CVE-2018-10675), which could lead to local denial of service attacks.
Also fixed is a kernel error in exception handling (CVE-2018-8897 regression and CVE-2018-10872), which could also lead to denial of service attacks. Red Hat Enterprise Linux 6 users are urged to update their installations as soon as possible, and CentOS Linux 6 users should update their systems as well to kernel-2.6.32-754.2.1.el6.i686.rpm on 32-bit and kernel-2.6.32-754.2.1.el6.x86_64.rpm on 64-bit. More details are available here.