CVE-2018-3646
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
Find out more about CVE-2018-3646 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.
CVSS v3 metrics
| CVSS3 Base Score | 5.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Advanced Update Support 7.2 (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:2384 | 2018-08-14 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) | RHSA-2018:2388 | 2018-08-14 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2018:2404 | 2018-08-15 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) | RHSA-2018:2391 | 2018-08-14 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-release-virtualization-host) | RHSA-2018:2403 | 2018-08-15 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance) | RHSA-2018:2402 | 2018-08-16 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (kernel) | RHSA-2018:2392 | 2018-08-14 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (kernel) | RHSA-2018:2393 | 2018-08-14 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2018:2390 | 2018-08-14 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2018:2396 | 2018-08-14 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) | RHSA-2018:2394 | 2018-08-14 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (kernel) | RHSA-2018:2392 | 2018-08-14 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) | RHSA-2018:2387 | 2018-08-14 |
| Red Hat Enterprise Linux Server (v. 5 ELS) (kernel) | RHSA-2018:2602 | 2018-08-29 |
| Red Hat Enterprise Linux Long Life (v. 5.9 server) (kernel) | RHSA-2018:2603 | 2018-08-29 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) | RHSA-2018:2404 | 2018-08-15 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:2395 | 2018-08-14 |
Acknowledgements
Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.External References
- https://access.redhat.com/security/vulnerabilities/L1TF
- https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know
- https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow
- https://foreshadowattack.eu/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://access.redhat.com/articles/3562741