Urges all users to update their systems as soon as possible

May 21, 2018 21:33 GMT  ·  By

Red Hat informed us today that they are aware of the recently disclosed Speculative Store Bypass (CVE-2018-3639) security vulnerability and will soon release updates to mitigate the issue on all of its affected products.

Speculative Store Bypass (CVE-2018-3639) is a security vulnerability recently unearthed by various security researchers from Google and Microsoft, and it appears to be a fourth variant of the Spectre hardware bug publicly disclosed earlier this year in modern microprocessor, and later discovered to affect billions of devices. The Speculative Store Bypass vulnerability appearently lets an unprivileged attacker to bypass restrictions and gain read access to privileged memory.

"Because of the threat posed by vulnerability chaining (the ability to exploit one vulnerability by exploiting another one first), Red Hat strongly suggests that users update all systems even if they do not believe their configuration is directly threatened. Customers are advised to apply CPU microcode as soon as it is available so that operating system and userland updates can use the new microprocessor updates," said Red Hat in a press release.

Red Hat urges all users to update their systems in the coming days

The vulnerability affects most if not all of Red Hat's products, including Red Hat Enterprise Linux 5, 6, and 7 series, Red Hat Enterprise Linux 7 for ARM and Power LE, RHEL Atomic Host, Red Hat Enterprise MRG 2, Red Hat Virtualization (RHEV-H/RHV-H), Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL7, as well as Red Hat OpenStack Platform 8.0 (Liberty), 9.0 (Mitaka), 10.0 (Newton), 11.0 (Ocata), and 12.0 (Pike). Affected architectures include x86 (Intel and AMD chipsets), POWER 8, POWER 9, IBM System z, and ARM.

Therefore, Red Hat urges all users to update their system in the coming days when the patches against the Speculative Store Bypass (CVE-2018-3639) security vulnerability will be released. For those who want to learn more about this recently unearthed vulnerability, Red Hat wrote an extensive article to explain what Speculative Store Bypass is and how it works. They even published a video for those who don't have time to write the in-depth article.

Update 23/05/18: Red Hat released software mitigations for Spectre Variant 4 vulnerability. All users are urged to update their installations to the new kernel versions as soon as possible.