Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against “Foreshadow” Attacks

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs. In addition to the L1 Terminal Fault flaw, the new kernel updates also patch a security vulnerability (CVE-2018-5391) discovered by Juha-Matti Tilli in Linux kernel’s IP implementation, which performed algorithmically expensive operations in various situations during handling of incoming packet fragments, thus allowing remote attackers to cause a denial of service.