Users are urged to update their installations immediately
Now that Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series were patched against the Spectre Variant 4 (CVE-2018-3639) security vulnerability, as well as the Lazy FPU State Save/Restore CPU flaw, it’s time for Red Hat Enterprise Linux 6 and CentOS Linux 6 to receive these important security updates, which users can now install them on their computers.
As expected, the most important fix is that for Spectre Variant 4, an industry-wide CPU flaw that affects numerous modern microprocessor using a common performance optimization known as speculative execution of Load & Store instructions, which could allow an unprivileged attacker to read privileged memory via targeted cache side-channel attacks. Patches are now available for Intel x86 and AMD CPUs.
« It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire), » reads Red Hat’s security advisory .
The Lazy FPU state save/restore CPU flaw (CVE-2018-3665) was patched as well in this latest kernel security update to the Red Hat Enterprise Linux 6 and CentOS Linux 6 operating system series, which could lead to leakage of FPU state information. Additionally, the new kernel updates also address a use-after-free vulnerability in the mm/mempolicy.c:do_get_mempolicy function (CVE-2018-10675), which could lead to local denial of service attacks.
Also fixed is a kernel error in exception handling (CVE-2018-8897 regression and CVE-2018-10872), which could also lead to denial of service attacks. Red Hat Enterprise Linux 6 users are urged to update their installations as soon as possible, and CentOS Linux 6 users should update their systems as well to kernel-2.6.32-754.2.1.el6.i686.rpm on 32-bit and kernel-2.6.32-754.2.1.el6.x86_64.rpm on 64-bit. More details are available here.
