Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
Follow Us on Social
A new CPU vulnerability known as SRBDS/CrossTalk was discovered in June 2020. The team at KernelCare is currently creating a patch to close it down. Let’s examine this new vulnerability, and explore what we’re doing to eliminate it.
Similar to an MDS vulnerability, CrossTalk enables malicious code executed on one CPU core to leak data from software executed on a different core. It compromises the CPU’s random number generator so that the shared buffer can be overwritten before it’s reused.
CrossTalk was discovered by VUSec, the Systems and Network Security Group at Vrije Universiteit Amsterdam. It affects Intel processors that employ the RDRAND and/or RDSEED random number generators, and its CVE designation is CVE-2020-0543.
Intel refers to the vulnerability as SRBDS, short for “Special Register Buffer Data Sampling,” but in technology circles it’s become popularly known as CrossTalk.
To mitigate this vulnerability, take 2 steps that require no reboot if you follow the instructions below:
Microcode is the code that runs inside the CPU itself and is handled by Intel. The procedure is usually done on reboot: you get the new kernel, it will have new microcode and when the kernel boots it will install new microcode into CPU.
Update microcode without reboot using our instructions here or watch the video tutorial:
Now you must still update the Linux Kernel to ensure that the local user can not read the data you are running on the CPU. With KernelCare you can do that without rebooting. Sign up for the free 30-day trial.
You only need to patch the Linux Kernel inside the VM. Make sure that your host node is updated as well which is typically done by your service provider.
If you are using your KernelCare – your patches will be delivered automatically by KernelCare and you don’t need to do anything extra. If not – this is the right time to sign up for the free 30-day trial.
More patches will be added later this week. To find out right away when the patch is available, you can monitor this blog or our Twitter and Facebook channels.
Continue reading: New CVE Found by Virtuozzo Live-patched by KernelCare
TALK TO A CYBERSECURITY EXPERT
Stay updated with the latest news and announcements from TuxCare.com
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...
In a symphony orchestra, instruments harmonize to create one pleasing...
We are pleased to announce that a new updated ePortal version...
We are pleased to announce that a new updated KernelCare agent...