RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability

On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat’s products and its derivatives, such as CentOS Linux. Though its implementation is complex, Spectre Variant 4 could let an unprivileged attacker to read privileged memory and expose sensitive information by carrying targeted cache side-channel attacks. Red Hat released today a kernel update for Red Hat Enterprise Linux 7 systems on the x86_64 (64-bit) hardware architecture to mitigate the issue, but noted the fact that it cannot be fully patched through software updates.