Speculative execution makes a return to the #security world. Learn more about the just announced #L1TerminalFault and Foreshadow vulnerabilities from #RedHat‘s @jonmasters: https://t.co/EoUPj5cvjZ pic.twitter.com/vyVhSgrHfd
— Red Hat, Inc. (@RedHat) August 14, 2018
from Twitter https://twitter.com/UnixSysAdmin
Patches for RHEL 6 and RHEL 7 appear to be available already (14 August) – see below for the links:
Red Hat Knowledgebase article on L1TF
RHSA-2018:2384 – Security Advisory – RHEL 7
RHSA-2018:2390 – Security Advisory – RHEL 6
CVE-2018-3620 at mitre – Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
CVE-2018-3646 at Mitre – Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Wired Magazine: Spectre-Like Flaw Undermines Intel Processors’ Most Secure Element.
Phoronix: L1 Terminal Fault – The Latest Speculative Execution Side Channel Attack.