diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 20:36:01 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 20:36:01 +0100 |
commit | 507fd36689b5200e5d01ff5e1cda5f038ece3531 (patch) | |
tree | 90d0b4e53165978e3bcffafaffeb4b5f9a4b27bf /dsa-texts/4.19.118-2+deb10u1 | |
parent | 260da640e862361cc6c78d244ca1676c2ffc5138 (diff) |
dsa-texts: Fill in more issue descriptions
Diffstat (limited to 'dsa-texts/4.19.118-2+deb10u1')
-rw-r--r-- | dsa-texts/4.19.118-2+deb10u1 | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/dsa-texts/4.19.118-2+deb10u1 b/dsa-texts/4.19.118-2+deb10u1 index 50514e0b..cd5590ef 100644 --- a/dsa-texts/4.19.118-2+deb10u1 +++ b/dsa-texts/4.19.118-2+deb10u1 @@ -29,7 +29,19 @@ CVE-2019-19462 CVE-2020-0543 - Description + Researchers at VU Amsterdam discovered that on some Intel x86 + systems supporting the RDRAND and RDSEED instructions, speculative + execution may use part of a random value that was previously + generated for use on another core. Depending on how these + instructions are used by applications, a local user or VM guest + could use this to obtain sensitive information including + cryptographic keys from other users or VMs. + + This vulnerability can be mitigated by a microcode update, either + as part of system firmware (BIOS) or through the intel-microcode + package in Debian's non-free archive section. This kernel update + only provides reporting of the vulnerability and the option to + disable the mitigation if it is not needed. CVE-2020-10711 |