14 DAY TRIAL // Earlier this week, Red Hat informed Softpedia about a moderate security vulnerability publicly disclosed on June 14, 2018, known as Floating Point Lazy State Save/Restore, which affected the Red Hat Enterprise Linux 7 operating system series.
Red Hat promised to release patches for the new speculative execution security vulnerability (CVE-2018-3665), which affects the "lazy restore" function for floating point state (FPU) in modern processors, leading to the leak of sensitive information, and the patches are now available for all Red Hat Enterprise Linux 7 users. The company urges everyone using any of the systems listed below to update immediately.
Affected systems include Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Server - Extended Update Support 7.5, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux 7 for IBM System z, POWER, ARM64 systems, Red Hat Enterprise Linux for Scientific Computing 7, Red Hat Enterprise Linux EUS Compute Node 7.5, and Red Hat Virtualization Host 4.
The kernel patch is now available for CentOS Linux 7 systems too
Based on the Red Hat Enterprise Linux Server 7 operating system series, the open-source CentOS Linux 7 distribution also received to a kernel security update addressing the new "Lazy FPU" speculative execution security vulnerability. Therefore, all CentOS Linux 7 users are urged to update their kernels immediately to version kernel-3.10.0-862.3.3.el7.x86_64.rpm. For more details, check out the security advisory published today.
In their security advisory, Red Hat thanks to Julian Stecklina of Amazon.de), Thomas Prescher of cyberus-technology.de, and Zdenek Sojka of sysgo.com for reporting the vulnerability. Details on how to apply the kernel update are available for Red Hat Enterprise Linux users at https://access.redhat.com/articles/11258. Please always keep in mind to reboot your machines after updating the new kernel packages.