Описание
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure and/or a denial of service via local access.
Отчет
This is a hardware flaw that affects select Intel processors and is not a Red Hat Enterprise Linux defect/vulnerability - no Red Hat products are affected by this CVE. Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content. In most cases, it merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat-owned development processes and QA documentation) for releasing this content as RHSA. For more information, please contact the binary content vendor. For microcode availability, check the Red Hat article at https://access.redhat.com/articles/7044453
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | microcode_ctl | Not affected | ||
| Red Hat Enterprise Linux 7 | microcode_ctl | Not affected | ||
| Red Hat Enterprise Linux 8 | microcode_ctl | Not affected | ||
| Red Hat Enterprise Linux 9 | microcode_ctl | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
Sequence of processor instructions leads to unexpected behavior for so ...
EPSS
8.8 High
CVSS3