vulnerability

Oracle Linux: CVE-2020-4788: ELSA-2021-9305: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:H/Au:N/C:C/I:N/A:N)
Published
2020-11-20
Added
2021-06-15
Modified
2025-01-23

Description

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. The attack has limited access to memory and is only able to access memory normally permissible to the execution context. The highest threat from this vulnerability is to data confidentiality.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.