RedHat Releases Patches to Spectre Variant 4 Vulnerability

As promised earlier this week, Red Hat released software updates for derivative systems such as RHEL and CentOS that mitigated and mitigated the negative impact of the recently disclosed Spectre Variant 4 vulnerability. On May 21, 2018, the Project Zero team from Google and Microsoft Security Correspondence Center jointly announced Variants 3a and variants 4 of the Spectre vulnerability. The latter Spectre Variant 4 has been numbered CVE-2018-3639, and almost all Linux systems (including Red Hat products and derivatives such as CentOS) will be affected.

Although real-life attacks through this variant of vulnerabilities are very complicated, Spectre Variant 4 allows non-privileged attackers to gain access to read memory and can obtain sensitive information through targeted Cache Side-channel attacks.

Red Hat today released a kernel update for the x86_64 (64-bit) architecture Red Hat Enterprise Linux 7 system to alleviate the problem and stated that it cannot be completely fixed through software updates.

Red Hat’s security bulletin stated: “This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.”

Source: Softpedia