Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:1675 - Security Advisory
Issued:
2018-05-21
Updated:
2018-05-21

RHSA-2018:1675 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: vdsm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This is the VDSM side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

CVEs

  • CVE-2018-3639

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/ssbd
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 7

SRPM
vdsm-4.20.27.2-1.el7ev.src.rpm SHA-256: b682fc6d93f59b93d6f7ede58ef8a46619a92b4ad4569236091a1d2a10fd223b
x86_64
vdsm-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 772f0e2b19031ac0401af748046b2cdda002506dc7c1f7791be5b2a0ce83e103
vdsm-api-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 642283738ef2c7112e3b2c7838376b4b40f667728a6e56c5760f7dc9de529897
vdsm-client-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 469a789f4257eef92ae6a82c32110bf9361e241bca5a8ebd406d539e73df5ef0
vdsm-common-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 664dd2b980026d7953325c5747c9981e45db5787fa136e40d78572576de07789
vdsm-hook-checkips-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: bb992e2ea121922faa6e8df2111506ab16be9e0e5b7ad1d0690705705217ba8a
vdsm-hook-cpuflags-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 218c1dd59fa7d5715ce632529bf50e2a9833e4e758e1edab131f342b2e96a4bc
vdsm-hook-ethtool-options-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 02422a5fe599d5681215a02c5c4ebd0fd0c844cd35a23bc4ee6a5500755eccc6
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 79724c4670fe92953cf24bf8472d0aabb94f04fab4a79914f2672512d379b2a2
vdsm-hook-fcoe-4.20.27.2-1.el7ev.noarch.rpm SHA-256: debafa402bcb9c357cb326f6e370e641613b879083e5c7c3b942961ed0cf60e3
vdsm-hook-localdisk-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 85167b8110b85c9ab0826caf1aacdff00d6d7c66377b6535199b56ebf3fbde4b
vdsm-hook-macspoof-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 341ac0c733295d596c3ed7601bfbe67c8e662fd7c03423d9b2b25b06b6ebeea0
vdsm-hook-nestedvt-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 66eefe7a92ab853564b42cbdc7fb317936ea147ebfeee4ccc9e36da6758a047e
vdsm-hook-openstacknet-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 5010a4aac623229f5fffaa35c00dcf2b9a76fc177d335539ab0ab088af5d6465
vdsm-hook-vfio-mdev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: cf422f52caf96612ed35a102de2f85f2a7c0b76b68b5e2f7f4f5a2360ad8721c
vdsm-hook-vhostmd-4.20.27.2-1.el7ev.noarch.rpm SHA-256: ce2d87505dcfe157a7fbbeb3bf5e90bf90e581f09756a021100fb72b8f31633b
vdsm-hook-vmfex-dev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: d4136b45a5a595e0c8db6d6290462b9d128cd33032fa143c56061af831356894
vdsm-http-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 17f9b7a802b3f61b3759b27dc13fc3641d4751ca67453406aab83d5fe88805b8
vdsm-jsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: baeb34c26d7380030cfed298971376c873c72f1582f504abc94265b9f2b78a40
vdsm-network-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 2822c304c63a6ce55a62091ef184f0355f2e4875453cbd2a2d86938caf7d800d
vdsm-python-4.20.27.2-1.el7ev.noarch.rpm SHA-256: b615f59cc0eb574bb1e27bf7ea3d6a3eef5cf34705ca68732acb55020c1aaa9f
vdsm-yajsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 1528d35ce6ada8fa95eb30111c344f097084c3084ac8bf4366657dedde318203

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
vdsm-4.20.27.2-1.el7ev.src.rpm SHA-256: b682fc6d93f59b93d6f7ede58ef8a46619a92b4ad4569236091a1d2a10fd223b
ppc64le
vdsm-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: d84a8e14d297a7386764be5439deb1d9252d2743896a16b6e463e9204f698de4
vdsm-api-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 642283738ef2c7112e3b2c7838376b4b40f667728a6e56c5760f7dc9de529897
vdsm-client-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 469a789f4257eef92ae6a82c32110bf9361e241bca5a8ebd406d539e73df5ef0
vdsm-common-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 664dd2b980026d7953325c5747c9981e45db5787fa136e40d78572576de07789
vdsm-hook-checkips-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: a31fe4ca9ad94167f1066aaa3bb9da3ee78af162978381bf1468badd570bedcf
vdsm-hook-cpuflags-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 218c1dd59fa7d5715ce632529bf50e2a9833e4e758e1edab131f342b2e96a4bc
vdsm-hook-ethtool-options-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 02422a5fe599d5681215a02c5c4ebd0fd0c844cd35a23bc4ee6a5500755eccc6
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: 082bdea31b73e4d5990cac3748df41f636623cfc3a14171b5a8e279776b8c4d8
vdsm-hook-fcoe-4.20.27.2-1.el7ev.noarch.rpm SHA-256: debafa402bcb9c357cb326f6e370e641613b879083e5c7c3b942961ed0cf60e3
vdsm-hook-localdisk-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 85167b8110b85c9ab0826caf1aacdff00d6d7c66377b6535199b56ebf3fbde4b
vdsm-hook-macspoof-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 341ac0c733295d596c3ed7601bfbe67c8e662fd7c03423d9b2b25b06b6ebeea0
vdsm-hook-nestedvt-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 66eefe7a92ab853564b42cbdc7fb317936ea147ebfeee4ccc9e36da6758a047e
vdsm-hook-openstacknet-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 5010a4aac623229f5fffaa35c00dcf2b9a76fc177d335539ab0ab088af5d6465
vdsm-hook-vfio-mdev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: cf422f52caf96612ed35a102de2f85f2a7c0b76b68b5e2f7f4f5a2360ad8721c
vdsm-hook-vhostmd-4.20.27.2-1.el7ev.noarch.rpm SHA-256: ce2d87505dcfe157a7fbbeb3bf5e90bf90e581f09756a021100fb72b8f31633b
vdsm-hook-vmfex-dev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: d4136b45a5a595e0c8db6d6290462b9d128cd33032fa143c56061af831356894
vdsm-http-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 17f9b7a802b3f61b3759b27dc13fc3641d4751ca67453406aab83d5fe88805b8
vdsm-jsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: baeb34c26d7380030cfed298971376c873c72f1582f504abc94265b9f2b78a40
vdsm-network-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: ba743f7748385fa1070885716e85a115656b8f686d1b6cad59d7982d52a4d316
vdsm-python-4.20.27.2-1.el7ev.noarch.rpm SHA-256: b615f59cc0eb574bb1e27bf7ea3d6a3eef5cf34705ca68732acb55020c1aaa9f
vdsm-yajsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 1528d35ce6ada8fa95eb30111c344f097084c3084ac8bf4366657dedde318203

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility