Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20190712-01-MDS
HistoryJul 12, 2019 - 12:00 a.m.

Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities

2019-07-1200:00:00
Huawei Technologies
www.huawei.com
50

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

40.4%

JSON

Intel officially released a group of microarchitecture data sampling (MDS) vulnerabilities. An attacker with local access to a targeted system may exploit these vulnerabilities to obtain data on the targeted system, causing some information leakage. (Vulnerability ID: HWPSIRT-2019-05136, HWPSIRT-2019-05137, HWPSIRT-2019-05138 and HWPSIRT-2019-05139)

The four vulnerabilities have been assigned four Common Vulnerabilities and Exposures (CVE) IDs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en

Affected configurations

Vulners
Node
huawei1288h_v5Range<V100R005C00SPC124
OR
huawei2288h_v5Range<V100R005C00SPC124
OR
huawei2288_v5Range<V100R005C00SPC171
OR
huawei2288c_v5Range<1.0.0.SPC105
OR
huawei2298_v5Range<5.0.RC5
OR
huawei2488_v5Range<V100R005C00SPC512
OR
huawei2488h_v5Range<V100R005C00SPC213
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC709
OR
huawei5885h_v5Range<V100R005C00SPC113
OR
huaweibh620_v2_firmwareRange<V100R002C00SPC302
OR
huaweibh621_v2_firmwareRange<V100R002C00SPC301
OR
huaweibh622_v2_firmwareRange<V100R002C00SPC309
OR
huaweibh640_v2_firmwareRange<V100R002C00SPC307
OR
huaweifusionserver_ch121_v3Range<V100R001C00SPC286
OR
huaweich121l_v3_firmwareRange<V100R001C00SPC286
OR
huaweich140_v3_firmwareRange<V100R001C00SPC286
OR
huaweich140l_v3_firmwareRange<V100R001C00SPC286
OR
huaweifusionserver_ch220_v3Range<V100R001C00SPC286
OR
huaweifusionserver_ch222_v3Range<V100R001C00SPC286
OR
huaweich225_v5Range<V100R001C00SPC286
OR
huaweich226_v3_server_firmwareRange<V100R001C00SPC286
OR
huaweich121_v5_firmwareRange<V100R001C00SPC166
OR
huaweich242_v5Range<V100R001C00SPC166
OR
huaweioceanstor_5800_v3Range<V100R001C00SPC290
OR
huaweich221_v5Range<V100R001C00SPC176
OR
huaweich225_v5Range<V100R001C00SPC180
OR
huaweich242_v3_firmwareRange<V100R001C00SPC286
OR
huaweirh1288_v2_firmwareRange<V100R002C00SPC303
OR
huaweitecal_dh620_v2_firmwareRange<V100R001C00SPC202
OR
huaweitecal_dh621_v2_firmwareRange<V100R001C00SPC202
OR
huaweirh1288_v2_firmwareRange<V100R002C00SPC202
OR
huaweitecal_dh628_v2_firmwareRange<V100R001C00SPC201
OR
huaweifusionsphere_openstackMatchv100r006c00rc3b036
OR
huaweig5500_g560Range<1.0.2.SPC7
OR
huaweirh1288_v2_firmwareRange<V100R002C00SPC640
OR
huaweirh1288_v3_firmwareRange<V100R003C00SPC712
OR
huaweifusionserver_rh2288h_v3Range<V100R003C00SPC712
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC710
OR
huaweirh2285_v2_firmwareRange<V100R002C00SPC511
OR
huaweirh2285h_v2_firmwareRange<V100R002C00SPC511
OR
huaweirh2288_v2_firmwareRange<V100R002C00SPC610
OR
huaweifusionserver_rh2288_v3Range<V100R003C00SPC711
OR
huaweirh2288a_v2_firmwareRange<V100R002C00SPC710
OR
huaweirh2288h_v2_firmwareRange<V100R002C00SPC620
OR
huaweirh2485_v2_firmwareRange<V100R002C00SPC713
OR
huaweirh5885_v3_firmwareRange<V100R003C01SPC126
OR
huaweirh5885_v3_firmwareRange<V100R003C01SPC129
OR
huaweitecal_rh5885h_v3_firmwareRange<V100R003C00SPC219
OR
huaweitecal_rh5885h_v3_firmwareRange<V100R003C10SPC126
OR
huaweifusionserver_rh8100_v3Range<V100R003C00SPC233
OR
huaweismc2.0Matchv500r002c00
OR
huaweismc2.0Matchv600r006c00
OR
huaweismc2.0Matchv600r006c10
OR
huaweismc2.0Matchv600r019c00
OR
huaweismc2.0Matchv600r019c10
OR
huaweix6800_v5Range<V100R005C10SPC106
OR
huaweixh321_v5Range<V100R002C00SPC306
OR
huaweixh321_v3_firmwareRange<V100R003C00SPC710
OR
huaweixh620_v3_firmwareRange<V100R003C00SPC710
OR
huaweixh622_v3_server_firmwareRange<V100R003C00SPC710
OR
huaweixh628_v3_firmwareRange<V100R003C00SPC710
OR
huaweix6000Range<V100R003C00SPC710
OR
huaweixh321_v5Range<V100R005C00SPC504
OR
huaweixh321l_v5Range<V100R005C00SPC508
OR
huaweieapp610Matchv100r004c10
OR
huaweieapp610Matchv100r005c00
OR
huaweieapp610Matchv100r005c10
OR
huaweiecns280Matchv100r005c00
OR
huaweiecns280Matchv100r005c00spc002
OR
huaweiecns280Matchv100r005c00spc300
OR
huaweiecns280Matchv100r005c00spc306
OR
huaweiecns280Matchv100r005c00spc316
OR
huaweiecns280Matchv100r005c00spc326
OR
huaweiecns280Matchv100r005c10
OR
huaweiecns280Matchv100r005c10spc100
OR
huaweiemrs620Matchv100r005c00
OR
huaweiemrs620Matchv100r005c10
OR
huaweieomc910Matchv100r004c10
OR
huaweieomc910Matchv100r005c00
OR
huaweieomc910Matchv100r005c10
OR
huaweiessc690Matchv100r005c00
OR
huaweiessc690Matchv100r005c10
OR
huaweiespace_usm_firmwareMatchv300r001c00
OR
huaweiespace_usm_firmwareMatchv300r001c00spc100
OR
huaweiespace_usm_firmwareMatchv300r001c00spc200
OR
huaweiespace_usm_firmwareMatchv300r001c00spc300
OR
huaweiespace_usm_firmwareMatchv300r001c00spc302
OR
huaweiespace_usm_firmwareMatchv300r001c00spc500
OR
huaweiespace_usm_firmwareMatchv300r001c00spc600
OR
huaweiespace_usm_firmwareMatchv300r001c00spc700
OR
huaweiespace_usm_firmwareMatchv300r001c00spc701
OR
huaweiespace_usm_firmwareMatchv300r001c00spc703
OR
huaweiespace_usm_firmwareMatchv300r001c00spc800
OR
huaweiespace_usm_firmwareMatchv300r001c00spc900
OR
huaweiespace_usm_firmwareMatchv300r001c00spc901
OR
huaweiespace_usm_firmwareMatchv300r001c00spc902
OR
huaweiespace_usm_firmwareMatchv300r001c00sph201
OR
huaweiespace_usm_firmwareMatchv300r001c00sph202
OR
huaweiespace_usm_firmwareMatchv300r001c00sph301
OR
huaweiespace_usm_firmwareMatchv300r001c00sph702
OR
huaweieudc660Matchv100r004c10
OR
huaweieudc660Matchv100r005c00
OR
huaweieudc660Matchv100r005c10
OR
huaweiimanager_neteco_6000Matchv600r007c40
OR
huaweiimanager_neteco_6000Matchv600r007c60
OR
huaweiimanager_neteco_6000Matchv600r007c80
OR
huaweiimanager_neteco_6000Matchv600r007c90
OR
huaweiimanager_neteco_6000Matchv600r008c00
OR
huaweiimanager_neteco_6000Matchv600r008c10
OR
huaweiimanager_neteco_6000Matchv600r008c20

Related

openvas 40
nessus 77
redhat 23
oraclelinux 9
suse 5
osv 5
ubuntu 7
centos 5
vmware 1
debian 5
ibm 5
virtuozzo 2
amazon 2
fedora 2
intel 1
myhack58 2
threatpost 2
thn 1
lenovo 1
hp 1
mageia 1
cloudfoundry 2
paloalto 1
openvas
openvas
openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)
2019-05-17 00:00:00
openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1805-1)
2019-07-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:14133-1)
2021-06-09 00:00:00
nessus
nessus
Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)
2019-05-30 00:00:00
openSUSE Security Update : ucode-intel (openSUSE-2019-1402) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
2019-05-17 00:00:00
OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0018) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
2019-05-15 00:00:00
redhat
redhat
(RHSA-2019:1196) Important: kernel security update
2019-05-14 19:37:08
(RHSA-2019:1174) Important: kernel-rt security update
2019-05-14 17:22:02
(RHSA-2019:1178) Important: qemu-kvm security update
2019-05-14 17:23:31
oraclelinux
oraclelinux
qemu-kvm security update
2019-05-15 00:00:00
kernel security and bug fix update
2019-05-14 00:00:00
libvirt security update
2019-05-14 00:00:00
suse
suse
Security update for ucode-intel (important)
2019-05-28 00:00:00
Security update for ucode-intel (important)
2019-07-24 00:00:00
Security update for libvirt (important)
2019-06-03 00:00:00
osv
osv
intel-microcode - security update
2019-06-20 00:00:00
linux - security update
2019-05-14 00:00:00
intel-microcode - security update
2019-05-15 00:00:00
ubuntu
ubuntu
libvirt update
2019-05-16 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2019-05-15 00:00:00
Intel Microcode update
2019-06-20 00:00:00
centos
centos
kernel, perf, python security update
2019-05-15 15:42:15
qemu security update
2019-05-15 20:31:32
libvirt security update
2019-05-15 15:41:00
vmware
vmware
VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
2019-05-14 00:00:00
debian
debian
[SECURITY] [DLA 1789-2] intel-microcode security update
2019-06-20 21:50:38
[SECURITY] [DSA 4447-2] intel-microcode security update
2019-06-20 06:41:32
[SECURITY] [DSA 4444-1] linux security update
2019-05-14 21:17:39
ibm
ibm
Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 (known as MDS).
2021-09-22 23:05:38
Security Bulletin: IBM Netezza Firmware Diagnostics Support Tool is affected by the vulnerabilities known as Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities
2019-12-30 14:48:58
Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System
2019-10-18 04:00:14
virtuozzo
virtuozzo
Important kernel security update: New kernel 2.6.32-042stab138.1; Virtuozzo 6.0 Update 12 Hotfix 40 (6.0.12-3739)
2019-05-16 00:00:00
Important kernel security update: New kernel 2.6.32-042stab138.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2019-05-16 00:00:00
amazon
amazon
Important: qemu-kvm
2019-08-07 23:12:00
Important: kernel
2019-05-07 22:39:00
fedora
fedora
[SECURITY] Fedora 30 Update: qemu-3.1.0-8.fc30
2019-05-17 01:08:38
[SECURITY] Fedora 30 Update: libvirt-5.1.0-5.fc30
2019-05-17 01:08:36
intel
intel
Microarchitectural Data Sampling Advisory
2021-05-11 00:00:00
myhack58
myhack58
Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis on-the vulnerability warning-the black bar safety net
2019-05-20 00:00:00
Zombieload: Intel CPU exposure of a new side channel attack-exploit warning-the black bar safety net
2019-05-15 00:00:00
threatpost
threatpost
Intel CPUs Impacted By New Class of Spectre-Like Attacks
2019-05-14 18:01:49
Intel ZombieLoad Side-Channel Attack: 10 Takeaways
2019-05-15 16:48:11
thn
thn
New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
2019-05-14 20:20:00
lenovo
lenovo
Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US
2019-05-14 16:38:15
hp
hp
HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates
2019-05-14 00:00:00
mageia
mageia
Updated microcode packages fix security vulnerabilities
2019-05-16 11:25:22
cloudfoundry
cloudfoundry
USN-3977-2: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry
2019-05-29 00:00:00
USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry
2019-05-20 00:00:00
paloalto
paloalto
Information about Recent Intel Side Channel Vulnerabilities
2019-05-29 00:00:00

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

40.4%

JSON
Related for HUAWEI-SA-20190712-01-MDS
openvas40nessus77redhat23oraclelinux9suse5osv5ubuntu7centos5vmware1debian5ibm5virtuozzo2amazon2fedora2intel1myhack582threatpost2thn1lenovo1hp1mageia1cloudfoundry2paloalto1