Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/speculativeexecution
Meltdown patches for 32-bit Red Hat Enterprise Linux 5
Red Hat has no current plans to provide mitigations for the Meltdown vulnerability in 32-bit Red Hat Enterprise Linux 5 environments.
Following many hours of engineering investigation and analysis, Red Hat has determined that introducing changes to the Red Hat Enterprise Linux 5 environment would destabilize customer deployments and violate our application binary interface (ABI) and kernel ABI commitments to customers who rely on Red Hat Enterprise Linux 5 to be absolutely stable.
Although Red Hat has delivered patches to mitigate the Meltdown vulnerability in other supported product offerings, the 32-bit Red Hat Enterprise Linux 5 environment presents unique challenges. The combination of limited address space in 32-bit environments plus the mechanism for passing control from the userspace to kernel and limitations on the stack during this transfer make the projected changes too invasive and disruptive for deployments that require the highest level of system stability. By contrast, 32-bit Meltdown mitigations have been delivered for Red Hat Enterprise Linux 6, where the changes are far less invasive and risky.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||5.5|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N|
Affected Packages State
|Red Hat Enterprise MRG 2||kernel-rt||Affected|
|Red Hat Enterprise Linux 7||kernel-alt||Affected|
|Red Hat Enterprise Linux 7||kernel||Affected|
|Red Hat Enterprise Linux 7||kernel-rt||Affected|
|Red Hat Enterprise Linux 6||kernel||Affected|
|Red Hat Enterprise Linux 5||kernel||Affected|