Описание
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core.
Меры по смягчению последствий
The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2023:7424 | 21.11.2023 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2023:7423 | 21.11.2023 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | kernel | Fixed | RHSA-2024:3319 | 23.05.2024 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:6901 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7077 | 14.11.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2024:1268 | 12.03.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | kernel-rt | Fixed | RHSA-2024:1269 | 12.03.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | kernel | Fixed | RHSA-2024:1268 | 12.03.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | kernel | Fixed | RHSA-2024:1268 | 12.03.2024 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Information exposure through microarchitectural state after transient ...
ELSA-2023-12786: Unbreakable Enterprise kernel-container security update (IMPORTANT)
ELSA-2023-12785: Unbreakable Enterprise kernel-container security update (IMPORTANT)
6.5 Medium
CVSS3