Urges users to update their systems as soon as possible

Nov 12, 2019 21:30 GMT  ·  By

Red Hat informes Softpedia today on a series of three new security vulnerabilities affecting the Intel CPU microarchitecture, but which have been already patched in the Linux kernel.

The three new security vulnerabilities are CVE-2018-12207 (Machine Check Error on Page Size Change), CVE-2019-11135 (TSX Asynchronous Abort), as well as CVE-2019-0155 and CVE-2019-0154 (i915 graphics driver-related vulnerabilities). These are marked by Red Hat Security team as having an important and moderate security impact, which could allow attacker to gain read access to sensitive data, and which affects all supported Red Hat Enterprise Linux systems.

"Red Hat is aware of a microarchitectural (hardware) implementation issue that could allow an unprivileged local attacker to bypass conventional system security controls to cause system wide denial-of-service condition. At this time, this specific flaw is only known to affect Intel-based processors. This flaw is hardware-based and requires kernel updates to remediate. This issue affects all releases of Red Hat Enterprise Linux 8 and earlier," said Red Hat.

Red Hat recommends all users to update their systems immediately

New Linux kernel versions have been released today to mitigate these new security vulnerabilities affecting Intel CPUs, so they should soon be available in the stable software repositories of your favorite GNU/Linux distribution. Red Hat recommends all users to update their systems as soon as possible even if they do not believe their configuration poses a direct threat.

We will keep you posted on any further update from Red Hat when updated Linux kernel packages are available for all supported Red Hat Enterprise Linux operating systems, as well as when other Linux OS vendors will publish patches to mitigate these vulnerabilities in the Linux kernel packages of their supported distributions, so stay tuned for more information soon.