CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore

CVE ID

CVE-2018-3665

DESCRIPTION

A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.

CVSS3 Base Score  5.6 Medium





 

RESOLUTION

Resolution:
Apply Unitrends security update v10.29 from 07/27/2018 or later,
    containing kernel-2.6.32-754.2.1.el6

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section