Red Hat's John Terrill informs Softpedia today that Red Hat is aware of the two hardware bugs (Meltdown and Spectre) affecting most modern microprocessors and they're working on security updates to mitigate them on their supported operating systems.
The Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) were publicly disclosed earlier today as critical hardware flaws affecting modern microprocessors made in the last two decades. These can be exploited by an unprivileged attacker to bypass hardware restrictions through three unique attack paths and gain read access to privileged memory.
Red Hat Product Security provided us with several resources to better understand the impact of these hardware bugs on any of their supported Linux-based operating systems from an open source technology perspective. They said that Intel, AMD, POWER 8, POWER 9, IBM System z, and ARM chips are affected by the newly discovered vulnerabilities.
"These vulnerabilities have a broad impact on the IT industry, affecting many modern microprocessors and enabling an attacker to bypass restrictions to gain read access to privileged memory which would otherwise be inaccessible through side-channels," said Denise Dumas, VP of Operating System Platform at Red Hat. "In short, these vulnerabilities could allow a malicious actor to steal sensitive information from almost any computer, mobile device, or cloud deployment."
According to Red Hat, the affected operating systems include Red Hat Enterprise Linux 7.x, 6.x, and 5.x series, Red Hat Enterprise Linux for Real Time, for SAP Applications, for SAP HANA, and for SAP Solutions, Red Hat Enterprise MRG 2, Red Hat OpenShift 3.x and 2.x series, Red Hat Virtualization (RHEV-H/RHV-H) 4.1 and 3.6, as well as Red Hat OpenStack Platform 12, 11, 10, 9, 8, 7, and 6.
"Red Hat rates the security impact of the vulnerabilities as important"
The company will soon release new versions of the kernel, kernel-rt, kernel-headers, dracut, libvirt, qemu-kvm-rhev, microcode_clt, and linux_firmware components for the supported operating systems mentioned above, and said that it also included the ability to enable them selectively to better understand the impact of each one of these security updates on sensitive workloads.
Red Hat has rated the security impact of these vulnerabilities as important, stating that "this flaw requires an attacker to have local access to the affected system." However, they urge users to update their systems immediately to the new kernel versions it will release shortly even if they don't think their current configuration poses a direct threat to attacks.