Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. * QEMU: cirrus: OOB access when updating VGA display * QEMU: vga: OOB read access during display update * Qemu: Out-of-bounds read in vga_draw_text routine For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Ken Johnson and Jann Horn for reporting CVE-2018-3639; Ross Lagerwall for reporting CVE-2018-7858; David Buchanan for reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683.