First published: Wed Oct 14 2020(Updated: )
A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. The attack has limited access to memory and is only able to access memory normally permissible to the execution context. The highest threat from this vulnerability is to data confidentiality.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM i | <=7.1 | |
IBM i | <=7.2 | |
IBM i | <=7.3 | |
IBM i | <=7.4 | |
IBM AIX | <=7.1 | |
IBM AIX | <=7.2 | |
IBM VIOS | <=3.1 | |
redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
IBM VIOS | =3.1.0 | |
IBM VIOS | =3.1.1 | |
IBM VIOS | =3.1.2 | |
IBM AIX | =7.1.0 | |
IBM AIX | =7.1.5 | |
IBM AIX | =7.2.0 | |
IBM AIX | =7.2.3 | |
IBM AIX | =7.2.4 | |
IBM AIX | =7.2.5 | |
IBM Power9 | ||
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
Oracle Communications Cloud Native Core Policy | =22.2.0 | |
IBM AIX | <=7.1 | |
IBM AIX | <=7.2 | |
IBM VIOS | <=3.1 | |
All of | ||
Any of | ||
IBM VIOS | =3.1.0 | |
IBM VIOS | =3.1.1 | |
IBM VIOS | =3.1.2 | |
IBM AIX | =7.1.0 | |
IBM AIX | =7.1.5 | |
IBM AIX | =7.2.0 | |
IBM AIX | =7.2.3 | |
IBM AIX | =7.2.4 | |
IBM AIX | =7.2.5 | |
IBM Power9 | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.