First published: Wed Nov 27 2019(Updated: )
A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. The flushing of these structures helps to prevent SpectreRSB like attacks which may leak information from one user process to another. An unprivileged user could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attacks.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.31.1.el6 | 0:2.6.32-754.31.1.el6 |
redhat/kernel-alt | <0:4.14.0-115.17.1.el7a | 0:4.14.0-115.17.1.el7a |
redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
redhat/kernel | <0:3.10.0-957.56.1.el7 | 0:3.10.0-957.56.1.el7 |
redhat/kernel | <0:3.10.0-1062.21.1.el7 | 0:3.10.0-1062.21.1.el7 |
redhat/kernel | <0:4.18.0-147.8.1.el8_1 | 0:4.18.0-147.8.1.el8_1 |
redhat/kernel | <0:4.18.0-80.23.2.el8_0 | 0:4.18.0-80.23.2.el8_0 |
Linux Linux kernel | <5.4.1 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Canonical Ubuntu Linux | =19.10 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
openSUSE Leap | =15.1 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)