4.7
CVSSv2

CVE-2018-3646

Published: 14/08/2018 Updated: 24/08/2020
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 422
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Vulnerability Trend

Vendor Advisories

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: rhev-hypervisor7 security update Type/Severity Security Advisory: Important Topic An update for rhev-hypervisor7 is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7 ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Sol ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel ...
This update provides mitigations for the L1 Terminal Fault vulnerability affecting a range of Intel CPUs For additional information please refer to xenbitsxenorg/xsa/advisory-273html The microcode updates mentioned there are not yet available in a form distributable by Debian In addition two denial of service vulnerabilities have been ...
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache The ...
Several security issues were mitigated in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache The ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimizati ...
The system could be made to expose sensitive information ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 1204 ESM ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged me ...
There are multiple vulnerabilities that affect the IBM OS Image for Red Hat Linux Systems in IBM PureApplication System IBM has released Version 2253 for IBM PureApplication System, in response to CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 The products that are identified for this support are: – PureApplication System – PureApplicatio ...
A new speculative execution side channel variant has been discovered called L1 Terminal Fault (L1TF) There are no reports that L1TF has been used in real world exploits This currently affects select Intel processors Mitigations will require microcode updates released earlier this year, plus operating system and hypervisor software updates ...
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations These vulnerabilities are named by researchers as "Foreshadow" and "For ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community Meltdown and Spectre Vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
Several security issues have been identified that impact XenServer Customers should consider these issues and determine possible impact to their own systems  These updates provide a mitigation for recently disclosed issues affecting Intel CPUs  These issues, if exploited, could allow malicious unprivileged code in guest VMs to ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Summary Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF) also known as Foreshadow This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) There is no indication that other CPU vendors are affected  The Foreshadow / L1-terminal- ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products Publication Date: 2018-10-09 Last Update: 2019-03-12 Current Version: 14 CVSS v30 Base Score: 79 SUMMARY ======= Security researchers published information on vulnerabilities known ...
In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
IBM Security Guardium has addressed the following vulnerabilities ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-608355: Processor Vulnerabilities Affecting SIMATIC WinAC RTX (F) 2010 Publication Date: 2019-10-08 Last Update: 2019-10-08 Current Version: 10 CVSS v30 Base Score: 79 SUMMARY ======= Security researchers published information on vulnerabilities known as Spec ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak These attacks are referred to as Meltdown and Spectre class vulnerabilities, and variants of them: o CVE-2017-5753 Variant ...
Oracle VM Server for x86 Bulletin - July 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4274-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff August 16, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4279-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso August 20, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:09l1tf Security Advisory The FreeBSD Project Topic: L1 Terminal Fault (L1TF) Kernel Information Disclo ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...

Github Repositories

Description on how I configured the installation and Security of Windows 10 Home, and how I keep it fit for use and purpose.

Home-Security-by-W10-Hardening Description on how I configured the installation and Security of Windows 10 Home and Pro, and how I keep it fit for use and purpose Table of Contents Introduction The Scope Steps to take 1 - Control Panel 2 - Settings 3 - Xbox Game Bar 4 - Explorer 5 - Registry 6 - Remove third-party software 7 - Systems repair Introduction The goal of this

L1TF (Foreshadow) VM guest to host memory read PoC

L1TF (Foreshadow) VM guest to host memory read PoC This is a PoC for CVE-2018-3646 This is a vulnerability that enables malicious/compromised VM guests to read host machine physical memory The vulnerability is exploitable on most Intel CPUs that support VT-x and EPT (extended page tables) This includes all Intel Core iX CPUs This PoC works only on 64 bit x86-64 systems (hos

An demonstrator for the L1TF/Foreshadow vulnerability

Overview This is a proof-of-concept self-contained L1TF demonstrator that works in the presence of the Linux kernel's default L1TF mitigation This code does by design not work on a vanilla Linux kernel The purpose is to help validate and improve defenses and not build a practical attack The Linux Kernel User's and Administrator's Guide describes two attack sce

r151019 r151019 / Mar20 Date Subject Commit 20Mar2014 OS-2834 ship lx brand e8facfd99e91cf5fefa4291a3ba0b6a0710eea09 r151019 / Jun08 Date Subject Commit 20Mar2014 OS-2836 lx brand installer hardcodes /usr/sfw/bin/gtar ea8e5e6536094a59f04195b1aa255e96ac1bbc44 28Mar2014 OS-2863 lx brand need finer grained control over version 75c15d410d1e0a2763da7339ed8f40732c3

Mirror of the Spectre / Meltdown tool for work use

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre. My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite.

Transient Execution Attack Pot TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite This project is mainly based on project Transient Fail developed by IAIK More information will be found on their paper A Sy

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

PowerShell DSC for enabling the Speculation Control (Meltdown/Spectre) on Windows

cSpeculationControlFixes Description PowerShell DSC for enabling Speculation Control fixes on Windows Authored by Kieran Jacobsen The Microsoft KB Windows Server guidance to protect against speculative execution side-channel vulnerabilities provides a number of options on what speculative controls you can implement, use the table below to map the titles of each mitgation in t

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown and Spectre Detection on Linux On Linux, the mod

Microarchitectural exploitation and other hardware attacks.

Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV

Recent Articles

Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016
BleepingComputer • Ionut Ilascu • 22 Aug 2018

Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities affecting Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault.
All security gaps covered by these patches are varieties of the Spectre vulnerability revealed on the first days of the year. It affects all microprocessors that use branch prediction and speculative code execution to ...

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'
The Register • Richard Chirgwin • 15 Aug 2018

El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe

Interview In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact.
Dr Yarom explained that one of the big impacts of Foreshadow is that it destroys an important trust model – SGX attestations, which guarantee that the code you publish is the code someone else is running.
Think of it as tamper-evident packaging for software: having published ...

Three more data-leaking security holes found in Intel chips as designers swap security for speed
The Register • Chris Williams, Editor in Chief • 14 Aug 2018

Apps, kernels, virtual machines, SGX, SMM at risk from attack

Intel will today disclose three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory.
These secrets can include passwords, personal and financial records, and encryption keys. They can be potentially lifted from other applications and other customers' virtual machines, as well as SGX enclaves, and System Management Mode (SMM) memory. SGX is Intel's technology that is supposed to p...

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
BleepingComputer • Catalin Cimpanu • 14 Aug 2018

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.
All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.
These flaws target data processed during speculative execution that is stored inside a processor's L1 cac...

References

NVD-CWE-noinfohttp://support.lenovo.com/us/en/solutions/LEN-24163http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enhttp://www.securityfocus.com/bid/105080http://www.securitytracker.com/id/1041451http://www.securitytracker.com/id/1042004http://www.vmware.com/security/advisories/VMSA-2018-0020.htmlhttp://xenbits.xen.org/xsa/advisory-273.htmlhttps://access.redhat.com/errata/RHSA-2018:2384https://access.redhat.com/errata/RHSA-2018:2387https://access.redhat.com/errata/RHSA-2018:2388https://access.redhat.com/errata/RHSA-2018:2389https://access.redhat.com/errata/RHSA-2018:2390https://access.redhat.com/errata/RHSA-2018:2391https://access.redhat.com/errata/RHSA-2018:2392https://access.redhat.com/errata/RHSA-2018:2393https://access.redhat.com/errata/RHSA-2018:2394https://access.redhat.com/errata/RHSA-2018:2395https://access.redhat.com/errata/RHSA-2018:2396https://access.redhat.com/errata/RHSA-2018:2402https://access.redhat.com/errata/RHSA-2018:2403https://access.redhat.com/errata/RHSA-2018:2404https://access.redhat.com/errata/RHSA-2018:2602https://access.redhat.com/errata/RHSA-2018:2603https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfhttps://foreshadowattack.eu/https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2018/08/msg00029.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.aschttps://security.gentoo.org/glsa/201810-06https://security.netapp.com/advisory/ntap-20180815-0001/https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faulthttps://support.f5.com/csp/article/K31300402https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelhttps://usn.ubuntu.com/3740-1/https://usn.ubuntu.com/3740-2/https://usn.ubuntu.com/3741-1/https://usn.ubuntu.com/3741-2/https://usn.ubuntu.com/3742-1/https://usn.ubuntu.com/3742-2/https://usn.ubuntu.com/3756-1/https://usn.ubuntu.com/3823-1/https://www.debian.org/security/2018/dsa-4274https://www.debian.org/security/2018/dsa-4279https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.htmlhttps://www.kb.cert.org/vuls/id/982149https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.synology.com/support/security/Synology_SA_18_45https://access.redhat.com/errata/RHSA-2018:2387https://nvd.nist.govhttps://github.com/teusink/Home-Security-by-W10-Hardeninghttps://www.kb.cert.org/vuls/id/982149