RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability

On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat’s products and its derivatives, such as CentOS Linux. Though its implementation is complex, Spectre Variant 4 could let an unprivileged attacker to read privileged memory and expose sensitive information by carrying targeted cache side-channel attacks. Red Hat released today a kernel update for Red Hat Enterprise Linux 7 systems on the x86_64 (64-bit) hardware architecture to mitigate the issue, but noted the fact that it cannot be fully patched through software updates.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis