CVE-2018-3620
现代操作系统使用物理内存虚拟化技术来有效地使用系统的资源,并通过访问控制和隔离机制实现不同域之间的保护。但是,在 x86 微处理器的指令预测执行功能(常用的性能优化技术),以及在中断虚拟地址到物理地址解析过程中产生的 page-faults 错误的处理方式中发现存在 L1TF 安全问题。一个没有相关权限的攻击者,可以利用这个安全漏洞,通过针对缓存进行侧信道攻击(side-channel attack)的方法来读取需要特定权限才可以读取的内核内存中的数据、其它进程的数据,或跨虚拟客户机/主机边界读取主机的内存数据。
Find out more about CVE-2018-3620 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
这个问题会影响到 Red Hat Enterprise Linux 5、6、7 和 Red Hat Enterprise MRG 2 提供的 Linux 内核。以后发行的针对 Red Hat Enterprise Linux 5、6、7 和 Red Hat Enterprise MRG 2 的内核更新可以解决这个问题。
CVSS v3 metrics
| CVSS3 Base Score | 5.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Advanced Update Support 7.2 (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:2384 | 2018-08-14 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (kernel) | RHSA-2018:2389 | 2018-08-14 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) | RHSA-2018:2388 | 2018-08-14 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2018:2404 | 2018-08-15 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) | RHSA-2018:2391 | 2018-08-14 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-release-virtualization-host) | RHSA-2018:2403 | 2018-08-15 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance) | RHSA-2018:2402 | 2018-08-16 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (kernel) | RHSA-2018:2392 | 2018-08-14 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (kernel) | RHSA-2018:2393 | 2018-08-14 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2018:2390 | 2018-08-14 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2018:2396 | 2018-08-14 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) | RHSA-2018:2394 | 2018-08-14 |
| Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) | RHSA-2018:2387 | 2018-08-14 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (kernel) | RHSA-2018:2392 | 2018-08-14 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) | RHSA-2018:2404 | 2018-08-15 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:2395 | 2018-08-14 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | 受影响 |
Acknowledgements
红帽借此感谢 Intel OSSIRT (Intel.com) 报告了这个问题。External References
- https://access.redhat.com/security/vulnerabilities/L1TF
- https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know
- https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow
- https://foreshadowattack.eu/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://access.redhat.com/articles/3562741