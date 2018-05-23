> > >
Softpedia Homepage   

RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability

The hardware bug cannot be fully fixed with software updates

May 23, 2018 11:34 GMT  ·  By  · 
Share: 

As promised earlier this week, Red Hat released software mitigations for all of its affected products against the recently disclosed Spectre Variant 4 security vulnerability that also affects its derivatives, including CentOS Linux.

On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat's products and its derivatives, such as CentOS Linux.

Though its implementation is complex, Spectre Variant 4 could let an unprivileged attacker to read privileged memory and expose sensitive information by carrying targeted cache side-channel attacks. Red Hat released today a kernel update for Red Hat Enterprise Linux 7 systems on the x86_64 (64-bit) hardware architecture to mitigate the issue, but noted the fact that it cannot be fully patched through software updates.

"This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact," read Red Hat's security advisory.

CentOS Linux 7 now also patched against Spectre Variant 4

Affected Red Hat products include Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Server - Extended Update Support 7.5, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux for IBM z Systems 7, Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5, and Red Hat Enterprise Linux for Power, big endian 7.

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5, Red Hat Enterprise Linux for Scientific Computing 7, Red Hat Enterprise Linux EUS Compute Node 7.5, Red Hat Enterprise Linux for Power, little endian 7, Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5, Red Hat Virtualization Host 4, Red Hat Enterprise Linux for ARM 64 7, Red Hat Enterprise Linux for Power 9 7, and Red Hat Enterprise Linux for IBM System z (Structure A) 7 are also affected.

Being based on the Red Hat Enterprise Linux 7 operating system series, the CentOS Linux 7 open-source clone recently received mitigations for the Spectre Variant 4 security vulnerability based o the upstream kernel. All CentOS Linux 7 users are urged to update their installations to kernel-3.10.0-862.3.2.el7.x86_64.rpm as soon as possible, and also install the latest microcode firmware updates from their respective CPU vendors (Intel or AMD).

  Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy

Related Stories

Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw

All users are urged to update their systems immediately

Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw
Red Hat Says It'll Soon Fix the Speculative Store Bypass Security Vulnerability

Urges all users to update their systems as soon as possible

Red Hat Says It'll Soon Fix the Speculative Store Bypass Security Vulnerability
Emmabuntüs Debian Edition Linux Is Now Based on Debian GNU/Linux 9.4 "Stretch"

Emmabuntüs Debian Edition 2 1.02 now available to download

Emmabuntüs Debian Edition Linux Is Now Based on Debian GNU/Linux 9.4 "Stretch"
Bodhi Linux 5.0 Enters Development Based on Ubuntu 18.04 LTS, First Alpha Is Out

Ships with Enlightenment-based Moksha 0.3.0 desktop

Bodhi Linux 5.0 Enters Development Based on Ubuntu 18.04 LTS, First Alpha Is Out

Fresh Reviews

Pillars of Eternity II: Deadfire Review (PC)

The main issue with the second Pillars game is that it ends

Pillars of Eternity II: Deadfire Review (PC)
Little Witch Academia: Chamber of Time Review (PS4)

The Harry Potter wannabe fails to deliver, but there's hope

Little Witch Academia: Chamber of Time Review (PS4)
Fitbit Versa Review - Beauty and Performance All-in-One SmartWatch

It's not a perfect watch, but it's damn close

Fitbit Versa Review - Beauty and Performance All-in-One SmartWatch
Destiny 2: Warmind Review - Out with the Old, In with the Old Again?

This is the not content that you're looking for

Destiny 2: Warmind Review - Out with the Old, In with the Old Again?

Latest News

Qualcomm's Snapdragon 710 CPU Promises Premium Features, AI to Mid-Range Phones

The processor supports next-generation AI technologies

Qualcomm's Snapdragon 710 CPU Promises Premium Features, AI to Mid-Range Phones
Fujifilm's X-T100 Is an Entry-Level Mirrorless Camera with a Retro, Luxury Look

It's best for photography with its 24.2 MP CMOS sensor

Fujifilm's X-T100 Is an Entry-Level Mirrorless Camera with a Retro, Luxury Look
Windows 10 April 2018 Update Must Be Microsoft’s Buggiest Release in a Long Time

Way too many bugs, way too few official patches

Windows 10 April 2018 Update Must Be Microsoft’s Buggiest Release in a Long Time
How to Fix Blank Screen Bug in Windows 10 April 2018 Update

Computers rendered useless after upgrading to version 1803

How to Fix Blank Screen Bug in Windows 10 April 2018 Update
Apple Watch Maintains Lead as Top Smartwatch Worldwide

Apple accounts for 18% of the entire wearable market

Apple Watch Maintains Lead as Top Smartwatch Worldwide
Windows 10 April 2018 Update Now Causing Major Battery Drain on Laptops

Bug confirmed on a wide variety of hardware configurations

Windows 10 April 2018 Update Now Causing Major Battery Drain on Laptops
Microsoft Confirms Windows 10 April 2018 Update Black Screen of Death Bug

Workarounds available, but you’re not going to like them

Microsoft Confirms Windows 10 April 2018 Update Black Screen of Death Bug
iPhone 7 Plus Is America’s Favorite Smartphone, Outscores iPhone X, All Androids

ACSI says iPhone 7 Plus scored highest in its charts

iPhone 7 Plus Is America’s Favorite Smartphone, Outscores iPhone X, All Androids
Apple Starts Offering Credit for Out-of-Warranty iPhone Battery Replacements

Company announces refund campaign for battery servicing

Apple Starts Offering Credit for Out-of-Warranty iPhone Battery Replacements
iOS 12 Concept Fixes Some of iPhone’s Biggest Annoyances

Notification system redesigned in fresh concept

iOS 12 Concept Fixes Some of iPhone’s Biggest Annoyances