CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel

Spectre Variant 4 Vulnerability screenshot sensorstechforum

A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machines. All system administrators are urged to apply the latest updates as soon as possible to mitigate any possible impact.

New Spectre Variant 4 Identified, Update Now! (CVE-2018-3639)

The newest Spectre vulnerability dubbed Variant 4 has been identified by security researchers Jann Horn and Ken Johnson. According to their findings this new attack gives potential hackers induce powerful intrusions into target systems. Its interesting to note that the two experts discovered the threat independently of each other and have published information about the vulnerability. This new Spectre version is also tracked with a unique identifier called CVE-2018-3639 that is assigned to the affected packages. It also allows specialists to track how the Linux distributions are amending the threat by responding in a timely manner with kernel updates.

The main reason why the bug is rated severe is the fact that it uses the microprocessors code itself. As a result of improper handling it allows for speculative execution of a Linux kernel memory read operation. This is done before the addresses of prior memory actions are fully complete. As a result criminals can reveal sensitive information about the machine. Practically all Linux kernels are affected including special images, a partial list taken from several major distributions reveals the following examples:

  • Linux Kernel for Desktop users
  • Linux kernel for Amazon Web Services (AWS) systems
  • Linux kernel for Microsoft Azure Cloud systems
  • Linux kernel for Google Cloud Platform (GCP) systems
  • Linux kernel for cloud environments
  • Linux kernel for OEM processors
  • Linux kernel for Virtualization servers
  • Linux kernel for SAP solutions
  • Linux kernel for various servers

Warning! System administrators are advised to update virtualization systems (QEMU and others) and Microcode packages as well (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: