Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

Related Vulnerabilities: CVE-2020-10766   CVE-2020-10767   CVE-2020-10768   CVE-2018-3639  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Wade Mealing &lt;wmealing () redhat com&gt;

Date: Wed, 10 Jun 2020 21:21:03 +1000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
A number of flaws were discussed in the registers article this morning
( https://www.theregister.com/2020/06/09/linux_kernel_bugs_spectre )
which have been submitted for inclusion upstream already.

Listed below are the CVE's that Red Hat has assigned.  As far as I can
tell there are no existing  CVE assignments for these flaws. I have
not done adequate investigation to correctly identify affected
versions of the kernel, however this is a flaw in the fix for
CVE-2018-3639, affected systems would likely be affected by the flaws
listed below if they required the fix.

CVE-2020-10766
- Rogue cross-process SSBD shutdown. Linux scheduler logical bug
allows an attacker to turn off the SSBD protection.
https://lkml.org/lkml/2020/6/9/181

CVE-2020-10767
- Indirect Branch Prediction Barrier is force-disabled when STIBP is
unavailable or enhanced IBRS is available.
https://lkml.org/lkml/2020/6/9/183

CVE-2020-10768
-  Indirect branch speculation can be enabled after it was
force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
https://lkml.org/lkml/2020/6/9/184

The Red Hat Bugzillas for these flaws are

http://bugzilla.redhat.com/CVE-2020-10766
http://bugzilla.redhat.com/CVE-2020-10767
http://bugzilla.redhat.com/CVE-2020-10768

These  bugzillas are a work in progress and will be updated as I get
more time to correctly input adequate information.

Thank you.

-- 
Wade Mealing

Product Security - Kernel

Red Hat

wmealing () redhat com

TRIED. TESTED. TRUSTED.

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started