logo
DATABASE RESOURCES PRICING ABOUT US

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US

Description

**Lenovo Security Advisory:** LEN-26696 **Potential Impact**: Information disclosure **Severity:** Medium **Scope of Impact:** Industry-wide **CVE Identifier:** CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) **Summary Description: ** Intel has notified Lenovo of a new sub-class of speculative execution side channel vulnerabilities called Microarchitectural Data Sampling (MDS). These vulnerabilities are referred to by the researchers as ZombieLoad, RIDL, and Fallout. Intel provides technical details of MDS on [Intel’s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). **Mitigation Strategy for Customers (what you should do to protect yourself): ** Intel states select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family are _not vulnerable_ to MDS. A full list of these processors can be found [here](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). If you are using one of these processors, no further action is necessary. For other Intel processors, Intel recommends the following mitigation steps: * Update to the version of BIOS (or later) described for your system in the Product Impact section below. * Update Operating System (OS). See the Reference section of [Intel’s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details. * Update Virtual Machine Managers (VMMs). See the Reference section of [Intel’s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details. Once these updates are applied, Intel recommends it may be appropriate for some customers to consider additional actions. * If running untrusted workloads, and using Simultaneous Multi-Threading (SMT). Refer to [Intel’s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance. * If running application software allowing third parties to run arbitrary JavaScript, Java, or ActiveX code. Refer to [Intel’s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance. **** **Product Impact:**


Related