2019.2 IPU – Intel® Processor Machine Check Error Advisory


### Summary: A potential security vulnerability in some Intel® Processors may allow denial of service.** **Intel has coordinated with OS and hypervisor vendors to provide updates which will mitigate this potential vulnerability.**** ### Vulnerability Details: CVEID:[ CVE-2018-12207](<https://vulners.com/cve/CVE-2018-12207>) Description: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVSS Base Score: 6.5 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) ### Affected Products: A list of impacted products can be found [here.](<https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model>) ### Recommendations: To mitigate this vulnerability, operating system and hypervisor vendors will be providing software updates. Please contact your operating system vendor for additional details. Additional Advisory Guidance on CVE-2018-12207 available [here](<https://software.intel.com/content/www/us/en/develop/topics/software-security-guidance.html>). ### Acknowledgements: The following issue was found internally by Intel. Intel would like to thank Deepak Gupta. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.