4.7
CVSSv2

CVE-2018-3620

Published: 14/08/2018 Updated: 24/08/2020
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 423
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Vulnerability Trend

Vendor Advisories

Synopsis Important: rhev-hypervisor7 security update Type/Severity Security Advisory: Important Topic An update for rhev-hypervisor7 is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7 ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Sol ...
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
This update provides mitigations for the L1 Terminal Fault vulnerability affecting a range of Intel CPUs For additional information please refer to xenbitsxenorg/xsa/advisory-273html The microcode updates mentioned there are not yet available in a form distributable by Debian In addition two denial of service vulnerabilities have been ...
Several security issues were mitigated in the Linux kernel ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimizati ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 1204 ESM ...
VMware Virtual Appliance Mitigations address L1 Terminal Fault - OS vulnerability Successful exploitation of this issue may lead to local information disclosure of sensitive information Unaffected products lines are documented in The Common Vulnerabilities and Exposures project (cvemitreorg) has assigned the identifier CVE-2018-3620 to this ...
Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged me ...
There are multiple vulnerabilities that affect the IBM OS Image for Red Hat Linux Systems in IBM PureApplication System IBM has released Version 2253 for IBM PureApplication System, in response to CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 The products that are identified for this support are: – PureApplication System – PureApplicatio ...
A new speculative execution side channel variant has been discovered called L1 Terminal Fault (L1TF) There are no reports that L1TF has been used in real world exploits This currently affects select Intel processors Mitigations will require microcode updates released earlier this year, plus operating system and hypervisor software updates ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community Meltdown and Spectre Vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 ...
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations These vulnerabilities are named by researchers as "Foreshadow" and "For ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
Several security issues have been identified that impact XenServer Customers should consider these issues and determine possible impact to their own systems  These updates provide a mitigation for recently disclosed issues affecting Intel CPUs  These issues, if exploited, could allow malicious unprivileged code in guest VMs to ...
Summary Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF) also known as Foreshadow This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) There is no indication that other CPU vendors are affected  The Foreshadow / L1-terminal- ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products Publication Date: 2018-10-09 Last Update: 2019-03-12 Current Version: 14 CVSS v30 Base Score: 79 SUMMARY ======= Security researchers published information on vulnerabilities known ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are ...
IBM Security Guardium has addressed the following vulnerabilities ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-608355: Processor Vulnerabilities Affecting SIMATIC WinAC RTX (F) 2010 Publication Date: 2019-10-08 Last Update: 2019-10-08 Current Version: 10 CVSS v30 Base Score: 79 SUMMARY ======= Security researchers published information on vulnerabilities known as Spec ...
Oracle VM Server for x86 Bulletin - October 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak These attacks are referred to as Meltdown and Spectre class vulnerabilities, and variants of them: o CVE-2017-5753 Variant ...
Oracle VM Server for x86 Bulletin - July 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
Palo Alto Networks is aware of recent vulnerability disclosures, known as L1 Terminal Fault, that affect modern CPU architectures At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices (CVE-2018-3615, CVE-2018-3620, and CVE-2017-3646) This security advisory will be updated as more i ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4274-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff August 16, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4279-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso August 20, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:09l1tf Security Advisory The FreeBSD Project Topic: L1 Terminal Fault (L1TF) Kernel Information Disclo ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 142 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 142 to mitigate security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/linux-44153/*: Upgraded This kernel update enabl ...

Github Repositories

An demonstrator for the L1TF/Foreshadow vulnerability

Overview This is a proof-of-concept self-contained L1TF demonstrator that works in the presence of the Linux kernel's default L1TF mitigation This code does by design not work on a vanilla Linux kernel The purpose is to help validate and improve defenses and not build a practical attack The Linux Kernel User's and Administrator's Guide describes two attack sce

livepatch overlay

Livepatch overlay Open standard for livepatch patches management for compatibility on different vendors Why We have differents livepatch services, each one with their own way of storing the livepatch patches This repository is trying to fix this by creating a open standard for storing and sharing livepatch patches in a reusable way This can be optimized, giving the freedom t

livepatch overlay

Livepatch overlay Open standard for livepatch patches management for compatibility on different vendors Why We have differents livepatch services, each one with their own way of storing the livepatch patches This repository is trying to fix this by creating a open standard for storing and sharing livepatch patches in a reusable way This can be optimized, giving the freedom t

Mirror of the Spectre / Meltdown tool for work use

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Speculation control powershell script

Overview SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown) For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell

Speculation control powershell script

Overview SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown) For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell

SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)

SpecuCheck SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 a

TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre. My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite.

Transient Execution Attack Pot TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite This project is mainly based on project Transient Fail developed by IAIK More information will be found on their paper A Sy

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

PowerShell DSC for enabling the Speculation Control (Meltdown/Spectre) on Windows

cSpeculationControlFixes Description PowerShell DSC for enabling Speculation Control fixes on Windows Authored by Kieran Jacobsen The Microsoft KB Windows Server guidance to protect against speculative execution side-channel vulnerabilities provides a number of options on what speculative controls you can implement, use the table below to map the titles of each mitgation in t

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown and Spectre Detection on Linux On Linux, the mod

Microarchitectural exploitation and other hardware attacks.

Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV

Recent Articles

Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016
BleepingComputer • Ionut Ilascu • 22 Aug 2018

Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities affecting Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault.
All security gaps covered by these patches are varieties of the Spectre vulnerability revealed on the first days of the year. It affects all microprocessors that use branch prediction and speculative code execution to ...

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'
The Register • Richard Chirgwin • 15 Aug 2018

El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe

Interview In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact.
Dr Yarom explained that one of the big impacts of Foreshadow is that it destroys an important trust model – SGX attestations, which guarantee that the code you publish is the code someone else is running.
Think of it as tamper-evident packaging for software: having published ...

Three more data-leaking security holes found in Intel chips as designers swap security for speed
The Register • Chris Williams, Editor in Chief • 14 Aug 2018

Apps, kernels, virtual machines, SGX, SMM at risk from attack

Intel will today disclose three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory.
These secrets can include passwords, personal and financial records, and encryption keys. They can be potentially lifted from other applications and other customers' virtual machines, as well as SGX enclaves, and System Management Mode (SMM) memory. SGX is Intel's technology that is supposed to p...

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
BleepingComputer • Catalin Cimpanu • 14 Aug 2018

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.
All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.
These flaws target data processed during speculative execution that is stored inside a processor's L1 cac...

References

CWE-203http://support.lenovo.com/us/en/solutions/LEN-24163http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enhttp://www.securityfocus.com/bid/105080http://www.securitytracker.com/id/1041451http://www.vmware.com/security/advisories/VMSA-2018-0021.htmlhttp://xenbits.xen.org/xsa/advisory-273.htmlhttps://access.redhat.com/errata/RHSA-2018:2384https://access.redhat.com/errata/RHSA-2018:2387https://access.redhat.com/errata/RHSA-2018:2388https://access.redhat.com/errata/RHSA-2018:2389https://access.redhat.com/errata/RHSA-2018:2390https://access.redhat.com/errata/RHSA-2018:2391https://access.redhat.com/errata/RHSA-2018:2392https://access.redhat.com/errata/RHSA-2018:2393https://access.redhat.com/errata/RHSA-2018:2394https://access.redhat.com/errata/RHSA-2018:2395https://access.redhat.com/errata/RHSA-2018:2396https://access.redhat.com/errata/RHSA-2018:2402https://access.redhat.com/errata/RHSA-2018:2403https://access.redhat.com/errata/RHSA-2018:2404https://access.redhat.com/errata/RHSA-2018:2602https://access.redhat.com/errata/RHSA-2018:2603https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfhttps://foreshadowattack.eu/https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2018/08/msg00029.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.aschttps://security.gentoo.org/glsa/201810-06https://security.netapp.com/advisory/ntap-20180815-0001/https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faulthttps://support.f5.com/csp/article/K95275140https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelhttps://usn.ubuntu.com/3740-1/https://usn.ubuntu.com/3740-2/https://usn.ubuntu.com/3741-1/https://usn.ubuntu.com/3741-2/https://usn.ubuntu.com/3742-1/https://usn.ubuntu.com/3742-2/https://usn.ubuntu.com/3823-1/https://www.debian.org/security/2018/dsa-4274https://www.debian.org/security/2018/dsa-4279https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.htmlhttps://www.kb.cert.org/vuls/id/982149https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.synology.com/support/security/Synology_SA_18_45https://www.rapid7.com/db/vulnerabilities/debian-cve-2018-3646https://access.redhat.com/errata/RHSA-2018:2404https://nvd.nist.govhttps://usn.ubuntu.com/3823-1/https://www.kb.cert.org/vuls/id/982149