The Debian Project released today a new Linux kernel security update for Debian GNU/Linux 9 “Stretch” users to address the recently disclosed L1 Terminal Fault vulnerabilities.
According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests.
“Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged proc… (read more)