Red Hat calls for updating Linux software to address Intel processor flaws that can lead to data-theft exploits Credit: Stephen Lawson/IDG Three Common Vulnerabilities and Exposures (CVEs) opened yesterday track three flaws in certain Intel processors, which, if exploited, can put sensitive data at risk. Of the flaws reported, the newly discovered Intel processor flaw is a variant of the Zombieload attack discovered earlier this year and is only known to affect Intel’s Cascade Lake chips. Red Hat strongly suggests that all Red Hat systems be updated even if they do not believe their configuration poses a direct threat, and it is providing resources to their customers and to the enterprise IT community. The three CVEs are: CVE-2018-12207 – Machine Check Error on Page Size Change CVE-2019-11135 – TSX Asynchronous Abort CVE-2019-0155 and CVE-2019-0154 – i915 graphics driver CVE-2018-12207 Red Hat rates this vulnerability as important. It is a vulnerability that could allow a local and unprivileged attacker to bypass security controls and cause a system-wide denial of service. The hardware flaw was found in Intel microprocessors and is related to the Instruction Translation Lookaside Buffer (ITLB). It caches translations from virtual to physical addresses and is intended to improve performance. However, a delay in invalidating cached entries after cache page changes could lead to a processor using an invalid address translation causing a machine check error exception and moving the system into a hang state. This kind of scenario could be crafted by an attacker to take a system down. CVE-2019-11135 Red Hat rates this vulnerability as moderate. This Transactional Synchronization Extensions (TSX) Asynchronous Abort is a Microarchitectural Data Sampling (MDS) flaw. A local attacker using custom code could use this flaw to gather information from cache contents on the processor and processors that support simultaneous multithreading (SMT) and TSX. CVE-2019-0155, CVE-2019-0154 Red Hat rates the CVE-2019-0155 flaw as important and the CVE-2019-0154 as moderate. Both flaws are related to the i915 graphics driver. CVE-2019-0155 allows allows an attacker to bypass conventional memory security restrictions, allowing write access to privileged memory that ought to be restricted. CVE-2019-0154 could allow an local attacker to create an invalid system state when the Graphics Processing Unit (GPU) is in low power mode, leading to the system becoming inaccessible. The only affected graphics card affected by CVE-2019-0154 is on the i915 kernel module. The lsmod command can be used to indicate vulnerability. Any output like that shown below (i.e., starting with i915) indicates that this system is vulnerable: $ lsmod | grep ^i915 i915 2248704 10 Additional resources Red Hat has provided details and further instructions to its customers and others in the following links: https://access.redhat.com/security/vulnerabilities/ifu-page-mce https://access.redhat.com/solutions/tsx-asynchronousabort https://access.redhat.com/solutions/i915-graphics Related content brandpost Sponsored by Zscaler NYC Department of Education builds the pipeline for future cybersecurity professionals NYC Department of Education's innovative programs empower students through hands-on experience and partnerships in cybersecurity, paving the way for diverse career pathways and long-term success in the digital workforce. By Demond Waters, CISO, and Anthony Dixon, Director of Cybersecurity Engineering at the New York City (NYC) Department of Education (DOE) Oct 21, 2024 10 mins Security brandpost Sponsored by Zscaler Are Your Firewalls and VPNs the Weakest Link in Your Security Stack? In an era when traditional network perimeters no longer exist, it’s time to adopt the Zero Trust mantra, "never trust, always verify.” By Zscaler Oct 21, 2024 9 mins Security brandpost Sponsored by Zscaler 6 key mobile and IoT/OT attack trend findings Zscaler ThreatLabz analysis shows more than 100% growth in spyware, much of which can bypass multifactor authentication, and 45% growth in IoT attacks. By Will Seaton, Viral Gandhi, Yesenia Barajas Oct 18, 2024 6 mins Security news Admins warned to update Palo Alto Networks Expedition tool immediately Six holes in the configuration migration tool could allow theft of cleartext passwords and more. By Howard Solomon Oct 11, 2024 1 min Network Security Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe