vulnerability

Oracle Linux: CVE-2018-15594: ELSA-2018-4208: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:H/Au:S/C:C/I:N/A:N)
Published
Aug 3, 2018
Added
Sep 5, 2018
Modified
Jan 23, 2025

Description

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.