Search...

Ubuntu Update for intel-microcode USN-3977-3

2019-06-21T00:00:00

ID OPENVAS:1361412562310844061
Type openvas
Reporter Copyright (C) 2019 Greenbone Networks GmbH
Modified 2019-06-27T00:00:00

Description

The remote host is missing an update for the

                                        
                                            # Copyright (C) 2019 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.844061");
  script_version("2019-06-27T06:30:18+0000");
  script_cve_id("CVE-2018-12130", "CVE-2018-12127", "CVE-2018-12126", "CVE-2019-11091");
  script_tag(name:"cvss_base", value:"4.7");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_tag(name:"last_modification", value:"2019-06-27 06:30:18 +0000 (Thu, 27 Jun 2019)");
  script_tag(name:"creation_date", value:"2019-06-21 02:00:50 +0000 (Fri, 21 Jun 2019)");
  script_name("Ubuntu Update for intel-microcode USN-3977-3");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=(UBUNTU18\.10|UBUNTU19\.04|UBUNTU18\.04 LTS|UBUNTU16\.04 LTS)");

  script_xref(name:"USN", value:"3977-3");
  script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3977-3/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'intel-microcode'
  package(s) announced via the USN-3977-3 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural
Data Sampling (MDS) vulnerabilities in Intel Microcode for a
large number of Intel processor families. This update provides the
corresponding updated microcode mitigations for the Intel Sandy Bridge
processor family

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss
discovered that memory previously stored in microarchitectural fill buffers
of an Intel CPU core may be exposed to a malicious process that is
executing on the same CPU core. A local attacker could use this to expose
sensitive information. (CVE-2018-12130)

Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan
van Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh
Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory
previously stored in microarchitectural load ports of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information.
(CVE-2018-12127)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core
may be exposed to a malicious process that is executing on the same CPU
core. A local attacker could use this to expose sensitive information.
(CVE-2018-12126)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,
Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa
Milburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and
Cristiano Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11091)");

  script_tag(name:"affected", value:"'intel-microcode' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU18.10") {

  if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20190618.0ubuntu0.18.10.1", rls:"UBUNTU18.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU19.04") {

  if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20190618.0ubuntu0.19.04.1", rls:"UBUNTU19.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU18.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20190618.0ubuntu0.18.04.1", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU16.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20190618.0ubuntu0.16.04.1", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310844061", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for intel-microcode USN-3977-3", "description": "The remote host is missing an update for the ", "published": "2019-06-21T00:00:00", "modified": "2019-06-27T00:00:00", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844061", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["3977-3", "http://www.ubuntu.com/usn/usn-3977-3/"], "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "lastseen": "2019-06-27T14:43:33", "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "vmware", "idList": ["VMSA-2019-0008"]}, {"type": "f5", "idList": ["F5:K34303485", "F5:K97035296", "F5:K80159635", "F5:K52370164"]}, {"type": "cve", "idList": ["CVE-2019-11091", "CVE-2018-12130", "CVE-2018-12126", "CVE-2018-12127"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852504", "OPENVAS:1361412562311220192210", "OPENVAS:1361412562310876550", "OPENVAS:1361412562310883051", "OPENVAS:1361412562310852508", "OPENVAS:1361412562310844011", "OPENVAS:1361412562311220192300", "OPENVAS:1361412562310852502", "OPENVAS:1361412562310876375", "OPENVAS:1361412562310852535"]}, {"type": "centos", "idList": ["CESA-2019:1168"]}, {"type": "mskb", "idList": ["KB4503287", "KB4499171", "KB4499181", "KB4499167", "KB4516067", "KB4499165", "KB4516064", "KB4516051"]}, {"type": "ubuntu", "idList": ["USN-3977-3", "USN-3983-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4636", "ELSA-2019-1167", "ELSA-2019-4629", "ELSA-2019-1178", "ELSA-2019-1177", "ELSA-2019-1168"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-1806.NASL", "ORACLELINUX_ELSA-2019-1169.NASL", "OPENSUSE-2019-1408.NASL", "NEWSTART_CGSL_NS-SA-2019-0089_LIBVIRT.NASL", "REDHAT-RHSA-2019-1193.NASL", "OPENSUSE-2019-1402.NASL", "UBUNTU_USN-3977-1.NASL", "CENTOS_RHSA-2019-1168.NASL", "FEDORA_2019-6458474BF2.NASL", "SUSE_SU-2019-1547-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:E197860874D7"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1789-2:82C69", "DEBIAN:DLA-1787-1:EA5F1", "DEBIAN:DSA-4447-1:76E6B", "DEBIAN:DSA-4444-1:2DFF1"]}, {"type": "redhat", "idList": ["RHSA-2019:1171", "RHSA-2019:1201", "RHSA-2019:1203", "RHSA-2019:1197", "RHSA-2019:1202", "RHSA-2019:1193", "RHSA-2019:1207", "RHSA-2019:1206", "RHSA-2019:1176", "RHSA-2019:1198"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1806-1", "OPENSUSE-SU-2019:1408-1", "OPENSUSE-SU-2019:1805-1"]}, {"type": "xen", "idList": ["XSA-297"]}, {"type": "lenovo", "idList": ["LENOVO:PS500247-NOSID"]}, {"type": "citrix", "idList": ["CTX251995"]}, {"type": "threatpost", "idList": ["THREATPOST:B43D65BEF15E504CF4DFB8EB516972D7"]}, {"type": "hp", "idList": ["HP:C06330149"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:B2E69F41B4038981C401E61FA93A1C88"]}], "modified": "2019-06-27T14:43:33", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2019-06-27T14:43:33", "rev": 2}, "vulnersScore": 7.3}, "pluginID": "1361412562310844061", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844061\");\n script_version(\"2019-06-27T06:30:18+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-27 06:30:18 +0000 (Thu, 27 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-21 02:00:50 +0000 (Fri, 21 Jun 2019)\");\n script_name(\"Ubuntu Update for intel-microcode USN-3977-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3977-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3977-3/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the USN-3977-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural\nData Sampling (MDS) vulnerabilities in Intel Microcode for a\nlarge number of Intel processor families. This update provides the\ncorresponding updated microcode mitigations for the Intel Sandy Bridge\nprocessor family\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190618.0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190618.0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190618.0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190618.0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Ubuntu Local Security Checks"}

{"vmware": [{"lastseen": "2019-11-14T23:21:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**1\\. Impacted Products**\n\n * VMware vCenter Server (VC)\n * VMware vSphere ESXi (ESXi)\n * VMware Workstation Pro / Player (WS)\n * VMware Fusion Pro / Fusion (Fusion)\n * vCloud Usage Meter (UM)\n * Identity Manager (vIDM)\n * vCenter Server (vCSA)\n * vSphere Data Protection (VDP)\n * vSphere Integrated Containers (VIC)\n * vRealize Automation (vRA)\n\n**2\\. Introduction \n**\n\nIntel has disclosed details on speculative-execution vulnerabilities known collectively as \u201cMicroarchitectural Data Sampling (MDS)\" that can occur on Intel microarchitecture prior to 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake). These issues may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms. \n\n\nThere are four uniquely identifiable vulnerabilities associated with MDS: \n\n\n * CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) - CVSSv3 = 6.5\n * CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVSSv3 = 6.5\n * CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) - CVSSv3 = 6.5\n * CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVSSv3 = 3.8\n\nTo assist in understanding speculative-execution vulnerabilities, VMware previously defined the following mitigation categories:\n\n * _Hypervisor-Specific Mitigations_ prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.\n * _Hypervisor-Assisted Guest Mitigations _virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.\n * _Operating System-Specific Mitigations_ are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware Virtual Appliances, by VMware.\n * _Microcode Mitigations_ are applied to a system\u2019s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective. \n\n\nMDS vulnerabilities require _Hypervisor-Specific Mitigations_ (described in section 3a.) _Hypervisor-Assisted Guest Mitigations_ (described in section 3b.) and _Operating System-Specific Mitigations_ (described in section 3c.) \n\n\n**3a. _Hypervisor-Specific Mitigations_ for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 \n** \n\n\n**Description: \n**\n\nvCenter Server, ESXi, Workstation, and Fusion updates include _Hypervisor-Specific Mitigations_ for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the [Moderate severity range](<https://www.vmware.com/support/policies/security_response.html>) with a maximum CVSSv3 base score of 6.5. \n\n\n**Known Attack Vectors: \n**\n\nA malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. \n\n\nThere are two known attack vector variants for MDS at the Hypervisor level:\n\n * _Sequential-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.\n * _Concurrent-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.\n\n**Resolution:**\n\n * The _Sequential-context attack vector_ (Inter-VM): is mitigated by a Hypervisor update to the product versions listed in the table below. These mitigations are dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.\n * The _Concurrent-context attack vector_ (Inter-VM): is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default.\n\n**Workarounds:**\n\n * There are no known Hypervisor-Specific workarounds for the MDS class of vulnerabilities.\n\n**Additional Documentation:**\n\n * vSphere: [KB67577](<https://kb.vmware.com/kb/67577>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts\n * Workstation/Fusion: [KB68025](<https://kb.vmware.com/kb/68025>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts.\n\n**Notes: \n**\n\n * VMware Hypervisors running on 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities.\n\n**Acknowledgements:**\n\n * None.\n\n**Resolution Matrix: \n \n**\n\nProduct | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation \n---|---|---|---|---|---|---|---|--- \nvCenter Server1 | 6.7 | Any | N/A | N/A | N/A | [6.7 U2a](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.5 | Any | N/A | N/A | N/A | [6.5 U2g](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.0 | Any | N/A | N/A | N/A | [6.0 U3i](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi3 | 6.7 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi670-201911401-BG \nESXi670-201911402-BG2 \n](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.5 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi650-201905401-BG \nESXi650-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.0 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi600-201905401-BG \nESXi600-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nWorkstation3 | 15.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [15.5.1](<https://www.vmware.com/go/downloadworkstation>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \nFusion3 | 11.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [11.5.1](<https://www.vmware.com/go/downloadfusion>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \n \n1\\. vCenter updates are listed in the above table as a requirement for _Hypervisor-Specific Mitigations_ as these updates include enhanced EVC modes which support the new MD-CLEAR functionality included in ESXi microcode updates. \n2\\. These patches contain updated microcode. At the time of this publication Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi. \n3\\. A regression introduced in ESXi 6.7u2, Workstation 15.5.0, and Fusion 11.5.0 causes _Hypervisor-Specific Mitigations_ for L1TF (CVE-2018-3646) and MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be ineffective. This issue has been resolved in the patches reflected in the table above. This regression does not affect the ESXi 6.5 and 6.0 release lines, nor does it affect ESXi 6.7u2 if the _ESXi Side-Channel-Aware Scheduler Version 2_ is enabled.\n", "edition": 4, "modified": "2019-11-12T00:00:00", "published": "2019-05-14T00:00:00", "id": "VMSA-2019-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html", "title": "VMware product updates enable\u00a0Hypervisor-Specific Mitigations,\u00a0Hypervisor-Assisted Guest Mitigations, and\u00a0Operating System-Specific Mitigations\u00a0for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and\u00a0CVE-2019-11091)", "type": "vmware", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784685 (BIG-IP), ID 786089 (BIG-IQ), ID 787421 (F5 iWorkflow), ID 787397 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability and understanding of any potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-05-16T01:28:00", "id": "F5:K80159635", "href": "https://support.f5.com/csp/article/K80159635", "title": "Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784677 (BIG-IP), ID 785913 (BIG-IQ), ID 787429 (F5 iWorkflow), ID 787373 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploiting this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:33:00", "published": "2019-05-16T00:33:00", "id": "F5:K52370164", "href": "https://support.f5.com/csp/article/K52370164", "title": "Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784689 (BIG-IP), ID 786105 (BIG-IQ), ID 787417 (F5 iWorkflow), ID 787401 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:12:00", "published": "2019-05-16T01:42:00", "id": "F5:K34303485", "href": "https://support.f5.com/csp/article/K34303485", "title": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784681 (BIG-IP), ID 785937 (BIG-IQ), ID 787425 (F5 iWorkflow), ID 787377 (Enterprise Manager) and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance stability and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:48:00", "published": "2019-05-16T01:14:00", "id": "F5:K97035296", "href": "https://support.f5.com/csp/article/K97035296", "title": "Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12130", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12130"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12130", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12126", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_store_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12126", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12127", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12127"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_load_port_data_sampling_firmware:-"], "id": "CVE-2018-12127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12127", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_load_port_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:47", "description": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 22, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2019-11091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11091"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-", "cpe:/o:fedoraproject:fedora:29"], "id": "CVE-2019-11091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11091", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-12-08T03:35:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1169\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros (BZ#1686170)\n\n* Tolerate new s390x crypto hardware for migration (BZ#1695496)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035347.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:42:15", "published": "2019-05-15T15:42:15", "id": "CESA-2019:1169", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035347.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-08T03:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1180\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035346.html\n\n**Affected packages:**\nlibvirt\nlibvirt-client\nlibvirt-devel\nlibvirt-lock-sanlock\nlibvirt-python\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:41:00", "published": "2019-05-15T15:41:00", "id": "CESA-2019:1180", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035346.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T09:40:43", "description": "DLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs\nas mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware\nvulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.20190618.1~deb8u1 of the intel-microcode package.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "Debian DLA-1789-2 : intel-microcode security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:intel-microcode"], "id": "DEBIAN_DLA-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/125175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1789-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125175);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"Debian DLA-1789-2 : intel-microcode security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"DLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs\nas mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware\nvulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate\n-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.20190618.1~deb8u1 of the intel-microcode package.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/intel-microcode\"\n );\n # https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?100fa039\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"intel-microcode\", reference:\"3.20190618~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-07T08:58:17", "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the\n processor to hand-off address generation logic into\n these sub-operations for optimized writes. Both of\n these sub-operations write to a shared distributed\n processor structure called the 'processor store\n buffer'. As a result, an unprivileged attacker could\n use this flaw to read private data resident within the\n CPU's processor store buffer.(CVE-2018-12126)\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time\n can be measured to infer data in the fill\n buffer.i1/4^CVE-2018-12130i1/4%0\n\n - Microprocessors use a aEUR~load portaEURtm subcomponent to\n perform load operations from memory or IO. During a\n load operation, the load port receives data from the\n memory or IO subsystem and then provides the data to\n the CPU registers and operations in the CPUaEURtms\n pipelines. Stale load operations results are stored in\n the 'load port' table until overwritten by newer\n operations. Certain load-port operations triggered by\n an attacker can be used to reveal data about previous\n stale requests leaking data back to the attacker via a\n timing side-channel.(CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access.(CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-30T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1611)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-30T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "id": "EULEROS_SA-2019-1611.NASL", "href": "https://www.tenable.com/plugins/nessus/125563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125563);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1611)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the\n processor to hand-off address generation logic into\n these sub-operations for optimized writes. Both of\n these sub-operations write to a shared distributed\n processor structure called the 'processor store\n buffer'. As a result, an unprivileged attacker could\n use this flaw to read private data resident within the\n CPU's processor store buffer.(CVE-2018-12126)\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time\n can be measured to infer data in the fill\n buffer.i1/4^CVE-2018-12130i1/4%0\n\n - Microprocessors use a aEUR~load portaEURtm subcomponent to\n perform load operations from memory or IO. During a\n load operation, the load port receives data from the\n memory or IO subsystem and then provides the data to\n the CPU registers and operations in the CPUaEURtms\n pipelines. Stale load operations results are stored in\n the 'load port' table until overwritten by newer\n operations. Certain load-port operations triggered by\n an attacker can be used to reveal data about previous\n stale requests leaking data back to the attacker via a\n timing side-channel.(CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access.(CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1611\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80f311bb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.014\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-08-19T20:37:57", "description": "The remote host is running a version of RancherOS prior to v1.5.2, hences is\nexposed to an Information Disclosure Vulnerability. \n\nMicroarchitectural Data Sampling (MDS) is a family of side channel attacks on\ninternal buffers in Intel CPUs.\n(CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)", "edition": 12, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-12-19T00:00:00", "title": "RancherOS < 1.5.2 Intel Microarchitectural Data Sampling Local Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-12-19T00:00:00", "cpe": ["cpe:/o:rancher:rancheros"], "id": "RANCHEROS_1_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/132256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132256);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/19\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n script_bugtraq_id(108330);\n\n script_name(english:\"RancherOS < 1.5.2 Intel Microarchitectural Data Sampling Local Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of RancherOS prior to v1.5.2, hences is\nexposed to an Information Disclosure Vulnerability. \n\nMicroarchitectural Data Sampling (MDS) is a family of side channel attacks on\ninternal buffers in Intel CPUs.\n(CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rancher.com/docs/os/v1.x/en/about/security/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/rancher/os/releases/tag/v1.5.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.kernel.org/doc/html/latest/x86/mds.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RancherOS v1.5.2 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12127\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rancher:rancheros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint_linux_distro.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RancherOS/version\", \"Host/RancherOS\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Fix version is v1.5.2\nfix_version = '1.5.2';\nos = get_kb_item('Host/RancherOS');\n\nif (!os) audit(AUDIT_OS_NOT, 'RancherOS');\n\nos_ver = get_kb_item('Host/RancherOS/version');\nif (!os_ver)\n{\n exit(1, 'Could not determine the RancherOS version');\n}\n\nmatch = pregmatch(pattern:\"v([0-9\\.]+)\", string:os_ver);\n\nif (!isnull(match))\n{ \n version = match[1]; \n if (ver_compare(ver:version, fix:fix_version, strict:TRUE) == -1)\n {\n security_report_v4(\n port:0,\n severity:SECURITY_WARNING,\n extra:\n '\\n Installed version : ' + os_ver +\n '\\n Fixed version : v' + fix_version +\n '\\n'\n );\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'RancherOS', os_ver);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:19", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-14T00:00:00", "title": "RHEL 8 : kernel-rt (RHSA-2019:1174) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules"], "id": "REDHAT-RHSA-2019-1174.NASL", "href": "https://www.tenable.com/plugins/nessus/125040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1174. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125040);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1174\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2019:1174) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1174\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1174\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-core-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-core-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-extra-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-extra-4.18.0-80.1.2.rt9.145.el8_0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:25", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.6\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "RHEL 6 : kernel (RHSA-2019:1193) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/125123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125123);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1193\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:1193) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.6\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1193\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-abi-whitelists-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-doc-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-firmware-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-504.78.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-504.78.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-20T12:41:47", "description": "This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(bsc#1111331)\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data\n Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data\n Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data\n Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling\n Uncacheable Memory (MDSUM)\n\nThese updates contain the CPU Microcode adjustments for the software\nmitigations.\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nRelease notes :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms\n ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3\n X Series; Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 \n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6;\n Xeon E3 v5\n\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-17T00:00:00", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-1402) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ucode-intel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1402.NASL", "href": "https://www.tenable.com/plugins/nessus/125241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1402.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125241);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-1402) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Check for the openSUSE-2019-1402 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(bsc#1111331)\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data\n Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data\n Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data\n Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling\n Uncacheable Memory (MDSUM)\n\nThese updates contain the CPU Microcode adjustments for the software\nmitigations.\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nRelease notes :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms\n ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3\n X Series; Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 \n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6;\n Xeon E3 v5\n\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ucode-intel-20190507-lp150.2.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-11T05:19:29", "description": "According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by microarchitectural data\nsampling speculative side-channel vulnerabilities. These\nvulnerabilities may allow a local attacker on a guest machine to sample\nthe contents of memory reads and writes. Only a subset of Intel x86\nprocessors are affected.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.", "edition": 12, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-24T00:00:00", "title": "Xen Project Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (XSA-297)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-24T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-297.NASL", "href": "https://www.tenable.com/plugins/nessus/125389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125389);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_xref(name:\"IAVA\", value:\"2019-A-0168-S\");\n\n script_name(english:\"Xen Project Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (XSA-297)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n script_bugtraq_id(108330);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by microarchitectural data\nsampling speculative side-channel vulnerabilities. These\nvulnerabilities may allow a local attacker on a guest machine to sample\nthe contents of memory reads and writes. Only a subset of Intel x86\nprocessors are affected.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/xsa/advisory-297.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.10']['fixed_ver'] = '4.10.4';\nfixes['4.10']['fixed_ver_display'] = '4.10.4-pre (changeset ab261f5)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"71f4a76\", \"b32dde3\",\n \"0771bb6\", \"4852a15\", \"0fe82c1\", \"8f0b53c\", \"aa6978c\", \"923d4e8\",\n \"7ddfc2a\", \"f725721\", \"7dfea78\", \"f0c5805\", \"3f5490d\", \"d06f561\",\n \"92fc0b6\", \"b8071f3\", \"5200791\", \"3b0eebb\", \"5a81de4\", \"b2bbd34\",\n \"7842419\", \"9f663d2\", \"d176cd6\", \"a595111\", \"aae0d18\", \"631b902\",\n \"f6f1e94\", \"b450b20\", \"dfc7e3c\", \"382e4a6\", \"edbc9b0\", \"edb80d2\");\n\nfixes['4.11']['fixed_ver'] = '4.11.2';\nfixes['4.11']['fixed_ver_display'] = '4.11.2-pre (changeset a6e0749)';\nfixes['4.11']['affected_ver_regex'] = '^4\\\\.11\\\\.';\nfixes['4.11']['affected_changesets'] = make_list(\"bd03b27\", \"b09886e\",\n \"bac4405\", \"0d8e6f7\", \"9be6613\", \"f5cc6e1\", \"3b062f5\", \"0825fbd\",\n \"bdb0630\", \"eb8acba\", \"0ebfc81\", \"e983e8a\", \"348922b\", \"718a8d2\",\n \"fc46e15\", \"4db8fdd\", \"c74683a\", \"793d669\", \"1b0e77d\", \"dd32dab\",\n \"03afae6\", \"aea41c3\", \"935a4ad\", \"833788f\", \"b77bf91\", \"cf99010\",\n \"0c0f0ab\", \"e984846\", \"4f9ab5f\", \"c567b05\", \"6c197f9\", \"7bbd3a5\",\n \"92227e2\", \"4835974\", \"be58f86\", \"4298abd\", \"4f785ea\", \"1028304\",\n \"87f51bf\", \"dd492b8\", \"e2e3a1d\", \"850ca94\", \"514dccd\", \"e202feb\",\n \"1986728\", \"2cd833d\", \"de09411\", \"dd914e4\", \"63d7113\", \"af25f52\",\n \"91f2ad7\", \"0b2be0b\", \"7d1bd98\", \"d8b2418\", \"bf608fd\");\n\nfixes['4.12']['fixed_ver'] = '4.12.1';\nfixes['4.12']['fixed_ver_display'] = '4.12.1-pre (changeset 714207b)';\nfixes['4.12']['affected_ver_regex'] = '^4\\\\.12\\\\.';\nfixes['4.12']['affected_changesets'] = make_list(\"45d570e\", \"0a317c5\",\n \"fe1ba9d\", \"6d8f5e3\", \"944b400\", \"143712d\", \"fd2a34c\", \"e25d133\",\n \"7cf6fbc\", \"7f53be2\", \"eb90521\", \"c75d5fe\", \"e3a1ebe\", \"70d613d\",\n \"8593e79\", \"a6c708d\", \"36f0463\", \"c4b1a75\", \"18f6fb9\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-14T18:27:13", "description": "Security Fix(es) :\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level\n micro- optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the processor\n to hand-off address generation logic into these\n sub-operations for optimized writes. Both of these\n sub-operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to perform\n load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing\n side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)", "edition": 8, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20190514) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-16T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo"], "id": "SL_20190514_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125206);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20190514) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level\n micro- optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the processor\n to hand-off address generation logic into these\n sub-operations for optimized writes. Both of these\n sub-operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to perform\n load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing\n side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=4483\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b2a45c5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"qemu-guest-agent-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.506.el6_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:27", "description": "An update for redhat-release-virtualization-host and\nredhat-virtualization-host is now available for Red Hat Virtualization\n4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat\nVirtualization Host. These packages include\nredhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special\nbuild of Red Hat Enterprise Linux with only the packages required to\nhost virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "RHEL 7 : Virtualization Manager (RHSA-2019:1207) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder"], "id": "REDHAT-RHSA-2019-1207.NASL", "href": "https://www.tenable.com/plugins/nessus/125197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1207. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125197);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1207\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : Virtualization Manager (RHSA-2019:1207) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for redhat-release-virtualization-host and\nredhat-virtualization-host is now available for Red Hat Virtualization\n4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat\nVirtualization Host. These packages include\nredhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special\nbuild of Red Hat Enterprise Linux with only the packages required to\nhost virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected redhat-release-virtualization-host,\nredhat-virtualization-host-image-update and / or\nredhat-virtualization-host-image-update-placeholder packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1207\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"redhat-release-virtualization-host-4.3-0.7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-4.3-20190512.0.el7_6\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-placeholder-4.3-0.7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"redhat-release-virtualization-host / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:12:00", "description": "From Red Hat Security Advisory 2019:1169 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* aio O_DIRECT writes to non-page-aligned file locations on ext4 can\nresult in the overlapped portion of the page containing zeros\n(BZ#1686170)\n\n* Tolerate new s390x crypto hardware for migration (BZ#1695496)", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2019-1169) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-1169.NASL", "href": "https://www.tenable.com/plugins/nessus/125110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1169 and \n# Oracle Linux Security Advisory ELSA-2019-1169 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125110);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1169\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2019-1169) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1169 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* aio O_DIRECT writes to non-page-aligned file locations on ext4 can\nresult in the overlapped portion of the page containing zeros\n(BZ#1686170)\n\n* Tolerate new s390x crypto hardware for migration (BZ#1695496)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008729.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-1169\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-754.14.2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-754.14.2.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2020-01-31T16:53:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310852502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852502", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2019:1403-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852502\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:46 +0000 (Fri, 17 May 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2019:1403-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1403-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00038.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2019:1403-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionally\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the 'mds' commandline option, see the\n documentation.\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n - Fixes in Live migrating PV domUs\n\n An earlier change broke live migration of PV domUs without a device\n model. The migration would stall for 10 seconds while the domU was paused,\n which caused network connections to drop. Fix this by tracking the need\n for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)\n\n - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1403=1\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-29T19:29:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310891789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891789", "type": "openvas", "title": "Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891789\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:09 +0000 (Fri, 17 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1789-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/929007\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the DLA-1789-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update ships updated CPU microcode for most types of Intel CPUs. It\nprovides microcode support to implement mitigations for the MSBDS,\nMFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages. Please refer to DLA-1787-1 for the Linux\nkernel updates required to mitigate these hardware vulnerabilities on\nIntel processors.\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.20190514.1~deb8u1 of the intel-microcode package, and also by the\nLinux kernel package updates described in DLA-1787-1.\n\nWe recommend that you upgrade your intel-microcode packages, and Linux\nkernel packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-30T16:57:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-26T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192300", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-2300)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2300\");\n script_version(\"2020-03-26T11:51:34+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 11:51:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:50 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-2300)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2300\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2300\");\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu' package(s) announced via the EulerOS-SA-2019-2300 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12126)\n\nMicroarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12127)\n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12130)\n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-alsa\", rpm:\"qemu-audio-alsa~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-oss\", rpm:\"qemu-audio-oss~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-pa\", rpm:\"qemu-audio-pa~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-sdl\", rpm:\"qemu-audio-sdl~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster\", rpm:\"qemu-block-gluster~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-nfs\", rpm:\"qemu-block-nfs~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-common\", rpm:\"qemu-common~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-system-aarch64\", rpm:\"qemu-system-aarch64~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-system-aarch64-core\", rpm:\"qemu-system-aarch64-core~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-curses\", rpm:\"qemu-ui-curses~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-gtk\", rpm:\"qemu-ui-gtk~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-sdl\", rpm:\"qemu-ui-sdl~3.0.1~3.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876375", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2019-f910d35647", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876375\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:12:27 +0000 (Fri, 17 May 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-f910d35647\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f910d35647\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y5FN3EW4TD5ZVVHRJTLXZKQIV75IVGZ5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the FEDORA-2019-f910d35647 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor emulator which achieves a good\nemulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.1.0~8.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310852504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852504", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852504\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:58 +0000 (Fri, 17 May 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1402-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00039.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1402-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n\n Release notes:\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series,\n Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series,\n Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6\n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 0000 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190507~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-14T17:06:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310852508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852508", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1420-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852508\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-21 02:01:13 +0000 (Tue, 21 May 2019)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1420-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1420-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2019:1420-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86\n cpu feature 'md-clear' (bsc#1111331)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1420=1\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883054", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1169 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883054\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:00 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1169 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1169\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023309.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1169 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result\nin the overlapped portion of the page containing zeros (BZ#1686170)\n\n * Tolerate new s390x crypto hardware for migration (BZ#1695496)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:53:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-29T00:00:00", "id": "OPENVAS:1361412562310852523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852523", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852523\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-29 02:00:49 +0000 (Wed, 29 May 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1468-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00066.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1468-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode\n release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\n CVE-2019-11091)\n\n - --- new platforms ---------------------------------------- VLV\n C0 6-37-8/02 00000838 Atom Z series VLV C0\n 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV\n D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n 6-4c-3/01 00000368 Atom X series CHV D0\n 6-4c-4/01 00000411 Atom X series\n\n read missing in last update:\n\n BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4, Core\n i7-69xx/68xx\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1468=1\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190514~lp150.2.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310704444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704444", "type": "openvas", "title": "Debian Security Advisory DSA 4444-1 (linux - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704444\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:00:12 +0000 (Thu, 16 May 2019)\");\n script_name(\"Debian Security Advisory DSA 4444-1 (linux - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4444.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4444-1\");\n script_xref(name:\"URL\", value:\"https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the DSA-4444-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of data\nfilled into temporary microarchitectural structures (buffers). This\nflaw could allow an attacker controlling an unprivileged process to\nread sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee the references for more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DSA. The\nupdated CPU microcode may also be available as part of a system firmware\n('BIOS') update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the update\nto 4.9.168 in the last Stretch point release.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.168-1+deb9u2.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-armel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-armhf\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-i386\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mips\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mips64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mipsel\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-ppc64el\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-common\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-common-rt\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-4kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-5kc-malta\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-arm64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-arm64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-lpae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-loongson-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-loongson-3-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-marvell\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-marvell-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-octeon\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-octeon-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-powerpc64le\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-686-pae\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-amd64\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-s390x\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-s390x-dbg\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-5\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-6\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-7\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-8\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-9\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.168-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876368", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-f910d35647", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876368\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:12:12 +0000 (Fri, 17 May 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-f910d35647\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f910d35647\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA5T2KLIYRYX4XMARLFBPB45B2INDALL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-f910d35647 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~5.1.0~5.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-06-01T20:44:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.5.0-10.0.1]\n- bump the version\n[4.5.0-10.el7_6.9]\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-10.el7_6.8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1177", "href": "http://linux.oracle.com/errata/ELSA-2019-1177.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[3.10.0-957.12.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-957.12.2]\n- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1168", "href": "http://linux.oracle.com/errata/ELSA-2019-1168.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[1.5.3-160.el7_6.2]\n- kvm-target-i386-define-md-clear-bit-rhel.patch\n- Resolves: bz#1693216\n (qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1178", "href": "http://linux.oracle.com/errata/ELSA-2019-1178.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural \nData Sampling (MDS) vulnerabilities in Intel Microcode for a \nlarge number of Intel processor families. This update provides the \ncorresponding updated microcode mitigations for the Intel Sandy Bridge \nprocessor family\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 2, "modified": "2019-06-20T00:00:00", "published": "2019-06-20T00:00:00", "id": "USN-3977-3", "href": "https://ubuntu.com/security/notices/USN-3977-3", "title": "Intel Microcode update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3977-1", "href": "https://ubuntu.com/security/notices/USN-3977-1", "title": "Intel Microcode update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:40:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3983-1", "href": "https://ubuntu.com/security/notices/USN-3983-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "USN-3985-2", "href": "https://ubuntu.com/security/notices/USN-3985-2", "title": "libvirt update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3983-2", "href": "https://ubuntu.com/security/notices/USN-3983-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "mskb": [{"lastseen": "2021-01-01T22:41:43", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499181, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12<sup>th</sup> and April 9<sup>th</sup> will be the last two Delta updates for Windows 10, version\u00a01703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em><span><span><span><span>Windows 10, version 1703, reached end of service on October 8, 2018</span></span></span></span></em><em><span><span><span>. Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></span></p><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>: </span></span></span></strong><span><span><span>Windows 10 Enterprise and Windows 10 Education editions will receive one year of additional servicing at no cost.</span></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Note</p><div class=\"row\"><div class=\"col-xs-24\"><p><span>This release also contains updates for Windows 10 Mobile (OS Build 15063.1805) released May 14, 2019.</span></p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Virtualization, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505055\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505055</a>.</td></tr><tr><td><p>After installing this update and restarting, some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\".</p></td><td><p>This issue is resolved in <a data-content-id=\"4507450\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4507450</a>.</p></td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4500640\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4500640)</a> will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499181\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/3/8/2/382F6D37-AF04-4B5F-8CAE-7AF6E260FD02/4499181.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499181</a>.\u00a0</p></div></body></html>", "edition": 17, "modified": "2019-07-09T17:39:02", "id": "KB4499181", "href": "https://support.microsoft.com/en-us/help/4499181/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499181 (OS Build 15063.1805)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:35:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499154, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Improves performance related to case-insensitive string comparison functions such as <strong>_stricmp()</strong> in the Universal C Runtime.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li><span><span><span><span>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the </span></span></span></span><strong><span><span><span>MS UI Gothic </span></span></span></strong><span><span><span><span>or </span></span></span></span><strong><span><span><span>MS PGothic </span></span></span></strong><span><span><span><span>fonts. </span></span></span></span></li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, please refer to the </span></span></span></span><span><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</span></span></span></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505051\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505051</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4498353\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4498353</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499154 \" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/F/A/F/FAFA1F21-89BB-48BF-AE67-AA7AEB30BB69/4499154.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499154</a>.</p></div></body></html>", "edition": 16, "modified": "2019-05-21T23:50:47", "id": "KB4499154", "href": "https://support.microsoft.com/en-us/help/4499154/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499154 (OS Build 10240.18215)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4512578, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (<strong>Settings </strong>> <strong>Update & Security</strong> > <strong>Windows Update</strong>). If you would like to get an available update right away, select <strong>Download and install now</strong>. To find out more about this feature, please go to this <a href=\"https://blogs.windows.com/windowsexperience/?p=172316\" managed-link=\"\" target=\"_blank\">blog</a>.\u00a0</p><p><em><span>When Windows 10 devices are at, or within several months of reaching, end of service, Windows Update will begin to automatically initiate a feature update. This keeps those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 17763.737) released September 10, 2019.\u00a0</span>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on. please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer, Microsoft Edge,\u00a0and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><h2>Improvements and fixes</h2><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Fundamentals, Windows Authentication, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4493509\" managed-link=\"\" target=\"_blank\">KB 4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</td><td><ol><li>Uninstall and reinstall any recently added language packs. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4496404\" managed-link=\"\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>.</li><li>Select\u00a0<strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4027667\" managed-link=\"\" target=\"_blank\">Update Windows 10</a>.</li></ol><p><strong>Note</strong> If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</p><ol><li>Go to the <strong>Settings </strong>app > <strong>Recovery</strong>.</li><li>Select <strong>Get Started</strong> under the <strong>Reset this PC</strong> recovery option.</li><li>Select <strong>Keep my Files</strong>.</li></ol><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Applications and scripts that call the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" managed-link=\"\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider\" managed-link=\"\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, \u201c1359: an internal error occurred.\u201d\u00a0This issue occurs in this update and in all the updates before June 18, 2019.</td><td>This issue is resolved in <a data-content-id=\"4516077\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4516077</a>.</td></tr><tr><td>After installing this update, Windows Mixed Reality Portal users may intermittently receive a \u201c15-5\u201d error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing \u201cWake up\u201d may appear to produce no action.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</p><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</td><td><p>This issue is resolved in <a data-content-id=\"4534321\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4534321</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512577\" managed-link=\"\" target=\"_blank\">KB 4512577</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4512578\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/1/0/1104925f-ef7b-4bfc-af92-9a6cf04b1798/4512578.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4512578</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 27, "modified": "2020-01-23T23:33:27", "id": "KB4512578", "href": "https://support.microsoft.com/en-us/help/4512578/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4512578 (OS Build 17763.737)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:36:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499171, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4493462\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493462 </a>(released April 25, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved <a data-content-id=\"4503285\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503285</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</td><td><p>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> > <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</p><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul></td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4505050\" data-content-type=\"article\" href=\"https://support.microsoft.com/en/help/4505050\" managed-link=\"\" tabindex=\"0\">KB4505050</a>.</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503295\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503295</a>.</p><span><span></span></span></td></tr></tbody></table><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499171\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/6/6/D/66D0ACA8-8A3A-4CF7-8B6C-46596D8DF860/4499171.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499171</a>.\u00a0</p></div></body></html>", "edition": 16, "modified": "2019-06-20T21:32:27", "id": "KB4499171", "href": "https://support.microsoft.com/en-us/help/4499171/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499171 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516064, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a href=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td width=\"312\"><p><strong>Symptom</strong></p></td><td width=\"312\"><p><strong>Workaround</strong></p></td></tr><tr><td width=\"312\">Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td width=\"312\"><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512938\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512938</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516064\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 8.1, Windows Server 2012 R2</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/6/c/16c2d04c-1ba6-4c8c-9a0b-95099a33a5db/4516064.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516064</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 4, "modified": "2019-09-21T00:29:38", "id": "KB4516064", "href": "https://support.microsoft.com/en-us/help/4516064/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516064 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:35:42", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499158, including improvements and fixes, any known issues, and how to get the update.only update)</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved <a data-content-id=\"4503263\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503263</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p>This update is now available for installation through WSUS. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499158\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/5/9/9/59925E85-4767-40F2-81E8-D0F2641091AA/4499158.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499158</a>.\u00a0</p></div></body></html>", "edition": 2, "modified": "2019-06-11T18:04:48", "id": "KB4499158", "href": "https://support.microsoft.com/en-us/help/4499158/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499158 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:49:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516026, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499 </a>(released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is not currently aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4517134\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4517134</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516026\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows Server 2008 Service Pack 2</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/2/f/1/2f1cc47c-8ab0-4af3-b77f-f67be122b683/4516026.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516026</a>.</p><p>\u00a0</p><p>\u00a0</p></body></html>", "edition": 17, "modified": "2019-10-01T19:26:49", "id": "KB4516026", "href": "https://support.microsoft.com/en-us/help/4516026/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516026 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:46:07", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516066, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12 and April 9\u00a0were the last two Delta updates for Windows 10, version\u00a01709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder:</span></strong><span> Windows 10, version 1709, reached end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span><span>IMPORTANT: </span></span></strong><span><span>Windows 10 Enterprise, Education, </span></span><span>and IoT Enterprise</span><span><span> editions will </span></span><span>continue to <span>receive </span>servicing for 12 months<span> at no cost</span></span>\u00a0per the\u00a0lifecycle announcement on October 2018.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer,\u00a0networking technologies, and input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><ul><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span><span><span><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></span></span></span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p><span>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</span></p><strong><span><span><span>Note</span></span></span></strong><span><span><span> This issue does not affect using a Microsoft Account during OOBE.</span></span></span></td><td><p>This issue is resolved in <a data-content-id=\"4534318\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4534318</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4512575\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512575</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516066\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/8/9/c/89c71e5e-c30e-4b69-a6cd-39c91a1c3062/4516066.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516066</a>.\u00a0</p></body></html>", "edition": 22, "modified": "2020-01-23T22:16:02", "id": "KB4516066", "href": "https://support.microsoft.com/en-us/help/4516066/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516066 (OS Build 16299.1387)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:52:16", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516044, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder:</span></strong><span> The additional servicing for Windows 10 Enterprise,\u00a0<span>Education, and\u00a0</span>IoT Enterprise editions ended\u00a0on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12 and April 9 were the last two Delta updates for Windows 10, version\u00a01607. For Long-Term Servicing Branch (LTSB) customers, security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em>Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. </em><em>To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></p><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>:\u00a0</span></span></span></strong><span><span>Windows 10 Enterprise and Windows 10 Education editions will receive\u00a0 additional servicing at no cost until April 9, 2019. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026\u00a0per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/lifecycle/search?alpha=Windows%2010\" managed-link=\"\" target=\"\">Lifecycle Policy page</a>. Windows 10 Anniversary Update (v. 1607) devices running the Intel \u201cClovertrail\u201d chipset will continue to receive updates until January 2023 per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://answers.microsoft.com/{lang-locale}/windows/forum/windows_10-windows_install/intel-clover-trail-processors-are-not-supported-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9?auth=1\" managed-link=\"\" target=\"_blank\">Microsoft Community blog</a>.</span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span>Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option </span></em><em><span><span>reached end of service on October 9, 2018</span></span></em><span><span>.<em> These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span><span><span>Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer,\u00a0networking technologies, and input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><ul><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Addresses an issue with applications and scripts that call the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" managed-link=\"\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider\" managed-link=\"\" target=\"_blank\">WinNT provider</a> equivalent. They may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages, you may receive the error, \u201c1359: an internal error occurred.\u201d\u00a0</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, and Windows Server .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't\u00a0apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4467684\" managed-link=\"\" target=\"_blank\">KB 4467684</a>, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.</td><td><p>Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.</p><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512574\" managed-link=\"\" target=\"_blank\">KB 4512574</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516044\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/9/7/6974cce9-7fa1-4e4e-8fb6-39f746b85bd0/4516044.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516044</a>.</p></body></html>", "edition": 21, "modified": "2019-10-15T16:51:10", "id": "KB4516044", "href": "https://support.microsoft.com/en-us/help/4516044/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516044 (OS Build 14393.3204)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:35", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516055, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4512512\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512512</a> (released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512939\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512939</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516055\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows Server 2012, Windows Embedded 8 Standard</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/7/d/67dcdbbd-9bb7-4037-9458-3197fcf7b3d5/4516055.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4516055</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 17, "modified": "2019-09-10T20:10:41", "id": "KB4516055", "href": "https://support.microsoft.com/en-us/help/4516055/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516055 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "lenovo": [{"lastseen": "2020-07-15T07:26:14", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Lenovo Security Advisory:** LEN-26696\n\n**Potential Impact**: Information disclosure\n\n**Severity:** Medium\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:**\n\nCVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) \nCVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) \nCVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) \nCVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n**Summary Description: **\n\nIntel has notified Lenovo of a new sub-class of speculative execution side channel vulnerabilities called Microarchitectural Data Sampling (MDS). These vulnerabilities are referred to by the researchers as ZombieLoad, RIDL, and Fallout. Intel provides technical details of MDS on [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>).\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel states select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family are _not vulnerable_ to MDS. A full list of these processors can be found [here](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). If you are using one of these processors, no further action is necessary.\n\nFor other Intel processors, Intel recommends the following mitigation steps:\n\n * Update to the version of BIOS (or later) described for your system in the Product Impact section below.\n * Update Operating System (OS). See the Reference section of [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details.\n * Update Virtual Machine Managers (VMMs). See the Reference section of [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details.\n\nOnce these updates are applied, Intel recommends it may be appropriate for some customers to consider additional actions.\n\n * If running untrusted workloads, and using Simultaneous Multi-Threading (SMT). Refer to [Intel\u2019s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance.\n * If running application software allowing third parties to run arbitrary JavaScript, Java, or ActiveX code. Refer to [Intel\u2019s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance.\n\n****\n\n**Product Impact:**\n", "edition": 180, "modified": "2020-03-26T12:47:16", "published": "2019-05-14T16:38:15", "id": "LENOVO:PS500247-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len-26696/", "title": "Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US", "type": "lenovo", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "xen": [{"lastseen": "2019-05-14T21:19:00", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "#### ISSUE DESCRIPTION\nMicroarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of:\n * CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling * CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling * CVE-2018-12130 - MFBDS - Microarchitectural Fill Buffer Data Sampling * CVE-2019-11091 - MDSUM - Microarchitectural Data Sampling Uncacheable Memory\nThese issues pertain to the Load Ports, Store Buffers and Fill Buffers in the pipeline. The Load Ports are used to service all memory reads. The Store Buffers service all in-flight speculative writes (including IO Port writes), while the Fill Buffers service all memory writes which are post-retirement, and no longer speculative.\nUnder certain circumstances, a later load which takes a fault or assist (an internal condition to processor e.g. setting a pagetable Access or Dirty bit) may be forwarded stale data from these buffers during speculative execution, which may then be leaked via a sidechannel.\nMDSUM (Uncacheable Memory) is a special case of the other three. Previously, the use of uncacheable memory was believed to be safe against speculative sidechannels.\nFor more details, see: <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a>\n#### IMPACT\nAn attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes.\nThis can include data from:\n * A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attacker's execution.\nVulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads.\nAn attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nOnly x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\nOnly Intel based processors are potentially affected. Processors from other manufacturers (eg, AMD) are not believed to be vulnerable.\nPlease consult the Intel Security Advisory for details on the affected processors, and which are getting microcode updates.\n", "edition": 1, "modified": "2019-05-14T15:51:00", "published": "2019-05-14T15:51:00", "id": "XSA-297", "href": "http://xenbits.xen.org/xsa/advisory-297.html", "title": "Microarchitectural Data Sampling speculative side channel", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:59", "published": "2019-05-15T00:38:15", "id": "RHSA-2019:1206", "href": "https://access.redhat.com/errata/RHSA-2019:1206", "type": "redhat", "title": "(RHSA-2019:1206) Important: rhvm-setup-plugins security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:03:00", "published": "2019-05-15T00:38:29", "id": "RHSA-2019:1207", "href": "https://access.redhat.com/errata/RHSA-2019:1207", "type": "redhat", "title": "(RHSA-2019:1207) Important: redhat-virtualization-host security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)", "modified": "2019-05-15T00:42:23", "published": "2019-05-15T00:39:17", "id": "RHSA-2019:1200", "href": "https://access.redhat.com/errata/RHSA-2019:1200", "type": "redhat", "title": "(RHSA-2019:1200) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:08:12", "published": "2019-05-14T21:24:34", "id": "RHSA-2019:1181", "href": "https://access.redhat.com/errata/RHSA-2019:1181", "type": "redhat", "title": "(RHSA-2019:1181) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:58", "published": "2019-05-15T00:38:09", "id": "RHSA-2019:1205", "href": "https://access.redhat.com/errata/RHSA-2019:1205", "type": "redhat", "title": "(RHSA-2019:1205) Important: rhvm-setup-plugins security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:09", "published": "2019-05-14T21:23:31", "id": "RHSA-2019:1178", "href": "https://access.redhat.com/errata/RHSA-2019:1178", "type": "redhat", "title": "(RHSA-2019:1178) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T23:44:59", "published": "2019-05-14T23:37:20", "id": "RHSA-2019:1198", "href": "https://access.redhat.com/errata/RHSA-2019:1198", "type": "redhat", "title": "(RHSA-2019:1198) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)", "modified": "2019-05-15T00:42:24", "published": "2019-05-15T00:39:25", "id": "RHSA-2019:1201", "href": "https://access.redhat.com/errata/RHSA-2019:1201", "type": "redhat", "title": "(RHSA-2019:1201) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:50:09", "published": "2019-05-14T22:08:40", "id": "RHSA-2019:1155", "href": "https://access.redhat.com/errata/RHSA-2019:1155", "type": "redhat", "title": "(RHSA-2019:1155) Important: kernel security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:32:19", "published": "2019-05-15T00:13:36", "id": "RHSA-2019:1188", "href": "https://access.redhat.com/errata/RHSA-2019:1188", "type": "redhat", "title": "(RHSA-2019:1188) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "debian": [{"lastseen": "2019-06-21T02:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Package : intel-microcode\nVersion : 3.20190618~deb8u1\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 929073\n\nDLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as\nmitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.20190618.1~deb8u1 of the intel-microcode package.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be found\nat: https://wiki.debian.org/LTS\n\nFor the detailed security status of intel-microcode please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\n-- \n Henrique Holschuh\n", "edition": 1, "modified": "2019-06-20T21:50:55", "published": "2019-06-20T21:50:55", "id": "DEBIAN:DLA-1789-2:82C69", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00018.html", "title": "[SECURITY] [DLA 1789-2] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-02T02:21:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Package : intel-microcode\nVersion : 3.20190514.1~deb8u1\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 929007\n\nThis update ships updated CPU microcode for most types of Intel CPUs. It\nprovides microcode support to implement mitigations for the MSBDS,\nMFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages. Please refer to DLA-1787-1 for the Linux\nkernel updates required to mitigate these hardware vulnerabilities on\nIntel processors.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.20190514.1~deb8u1 of the intel-microcode package, and also by the\nLinux kernel package updates described in DLA-1787-1.\n\nWe recommend that you upgrade your intel-microcode packages, and Linux\nkernel packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be found\nat: https://wiki.debian.org/LTS\n\nFor the detailed security status of intel-microcode please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\n-- \n Henrique Holschuh\n", "edition": 2, "modified": "2019-05-16T03:05:58", "published": "2019-05-16T03:05:58", "id": "DEBIAN:DLA-1789-1:B54BD", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00018.html", "title": "[SECURITY] [DLA 1789-1] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Issue Overview:**\n\nModern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.([CVE-2018-12126 __](<https://access.redhat.com/security/cve/CVE-2018-12126>))\n\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.([CVE-2019-11091 __](<https://access.redhat.com/security/cve/CVE-2019-11091>))\n\nMicroprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.([CVE-2018-12127 __](<https://access.redhat.com/security/cve/CVE-2018-12127>))\n\nA flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.([CVE-2018-12130 __](<https://access.redhat.com/security/cve/CVE-2018-12130>))\n\n \n**Affected Packages:** \n\n\nqemu-kvm\n\n \n**Issue Correction:** \nRun _yum update qemu-kvm_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n qemu-kvm-1.5.3-156.16.amzn1.src \n \n x86_64: \n qemu-kvm-1.5.3-156.16.amzn1.x86_64 \n qemu-img-1.5.3-156.16.amzn1.x86_64 \n qemu-kvm-debuginfo-1.5.3-156.16.amzn1.x86_64 \n qemu-kvm-common-1.5.3-156.16.amzn1.x86_64 \n qemu-kvm-tools-1.5.3-156.16.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-08-07T23:12:00", "published": "2019-08-07T23:12:00", "id": "ALAS-2019-1260", "href": "https://alas.aws.amazon.com/ALAS-2019-1260.html", "title": "Important: qemu-kvm", "type": "amazon", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-11-10T12:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Issue Overview:**\n\n\\- Microarchitectural Store Buffer Data Sampling (MSBDS) ([CVE-2018-12126 __](<https://access.redhat.com/security/cve/CVE-2018-12126>)) \n\\- Microarchitectural Fill Buffer Data Sampling (MFBDS) ([CVE-2018-12130 __](<https://access.redhat.com/security/cve/CVE-2018-12130>)) \n\\- Microarchitectural Load Port Data Sampling (MLPDS) ([CVE-2018-12127 __](<https://access.redhat.com/security/cve/CVE-2018-12127>)) \n\\- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) ([CVE-2019-11091 __](<https://access.redhat.com/security/cve/CVE-2019-11091>)) \n \nMSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load (store-to-load forwarding) as an optimization. The forward can also happen to a faulting or assisting load operation for a different memory address, which can cause an issue under certain conditions. Store buffers are partitioned between Hyper-Threads so cross thread forwarding is not possible. But if a thread enters or exits a sleep state the store buffer is repartitioned which can expose data from one thread to the other.\n\nMFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage L1 miss situations and to hold data which is returned or sent in response to a memory or I/O operation. Fill buffers can forward data to a load operation and also write data to the cache. When the fill buffer is deallocated it can retain the stale data of the preceding operations which can then be forwarded to a faulting or assisting load operation, which can be cause an issue under certain conditions. Fill buffers are shared between Hyper-Threads so cross thread leakage is possible.\n\nMLDPS leaks Load Port Data. Load ports are used to perform load operations from memory or I/O. The received data is then forwarded to the register file or a subsequent operation. In some implementations the Load Port can contain stale data from a previous operation which can be forwarded to faulting or assisting loads under certain conditions, which again can be cause an issue eventually. Load ports are shared between Hyper-Threads so cross thread leakage is possible.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot your instance to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.114-105.126.amzn2.aarch64 \n kernel-headers-4.14.114-105.126.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.114-105.126.amzn2.aarch64 \n perf-4.14.114-105.126.amzn2.aarch64 \n perf-debuginfo-4.14.114-105.126.amzn2.aarch64 \n python-perf-4.14.114-105.126.amzn2.aarch64 \n python-perf-debuginfo-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-devel-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.114-105.126.amzn2.aarch64 \n kernel-devel-4.14.114-105.126.amzn2.aarch64 \n kernel-debuginfo-4.14.114-105.126.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.114-105.126.amzn2.i686 \n \n src: \n kernel-4.14.114-105.126.amzn2.src \n \n x86_64: \n kernel-4.14.114-105.126.amzn2.x86_64 \n kernel-headers-4.14.114-105.126.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.114-105.126.amzn2.x86_64 \n perf-4.14.114-105.126.amzn2.x86_64 \n perf-debuginfo-4.14.114-105.126.amzn2.x86_64 \n python-perf-4.14.114-105.126.amzn2.x86_64 \n python-perf-debuginfo-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-devel-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.114-105.126.amzn2.x86_64 \n kernel-devel-4.14.114-105.126.amzn2.x86_64 \n kernel-debuginfo-4.14.114-105.126.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-07T22:39:00", "published": "2019-05-07T22:39:00", "id": "ALAS2-2019-1205", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1205.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2019-05-16T18:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionaly\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the "mds" commandline option, see the\n documentation.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Other fixes:\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n - Fixes in Live migrating PV domUs\n\n An earlier change broke live migration of PV domUs without a device\n model. The migration would stall for 10 seconds while the domU was paused,\n which caused network connections to drop. Fix this by tracking the need\n for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)\n\n - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-16T15:36:02", "published": "2019-05-16T15:36:02", "id": "OPENSUSE-SU-2019:1403-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00038.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-20T16:30:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (boo#1111331\n CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091)\n\n Release notes:\n\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n - ---- updated platforms ------------------------------------\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series;\n Xeon E5 v2\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series;\n Xeon E5 v3\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop,\n Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\n It also contains the update to 20190312 release (boo#1129231):\n\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile\n - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile\n - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop\n - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile\n - ---- updated platforms ------------------------------------\n - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series;\n Xeon E5 v3\n - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3\n - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable\n - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx\n - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40\n - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon\n D-1557/59/67/71/77/81/87\n - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon\n D-1513N/23/33/43/53\n - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx\n - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile\n - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop,\n Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8\n\n And it also contains the update to 20180807a, no change except licensing.\n (boo#1104479).\n\n", "edition": 1, "modified": "2019-05-20T15:09:51", "published": "2019-05-20T15:09:51", "id": "OPENSUSE-SU-2019:1408-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00042.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-16T18:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n\n Release notes:\n\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n - ---- updated platforms ------------------------------------\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series;\n Xeon E5 v2\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series;\n Xeon E5 v3\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop,\n Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-16T15:39:54", "published": "2019-05-16T15:39:54", "id": "OPENSUSE-SU-2019:1402-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00039.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-20T22:30:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for qemu fixes the following issues:\n\n - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86\n cpu feature "md-clear" (bsc#1111331)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-05-20T21:11:04", "published": "2019-05-20T21:11:04", "id": "OPENSUSE-SU-2019:1420-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00044.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2020-04-11T11:47:16", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Intel on Tuesday revealed a new class of [speculative execution vulnerabilities](<https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/>), dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.\n\nThe flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems \u2013 and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.\n\n\u201cAs a result of the flaw in the architecture of these processors, an attacker who can execute malicious code locally on an affected system can compromise the confidentiality of data previously handled on the same thread or compromise the confidentiality of data from other hyperthreads on the same processor as the thread where the malicious code executes,\u201d Eric Maurice, director of security for Oracle, [recently wrote in an advisory](<https://blogs.oracle.com/security/intelmds>).\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nHere are 10 top takeaways from this latest speculative execution side channel attack impacting Intel chips.\n\n## MDS Different Than Meltdown and Spectre\n\nThe flaws derive from a process called speculative execution in processors. This process \u2013thrown into the spotlight after the 2018 Spectre and Meltdown flaws came to light \u2013 is used in microprocessors so that memory can read before the addresses of all prior memory writes are known.\n\nHowever, while speculative execution side channel attacks \u2013 like Spectre and Meltdown \u2013 targeted data stored in the CPU\u2019s memory; MDS instead refers to issues related to microarchitectural structures of the Intel processors other than the level 1 data cache (where memory is stored). Those issues exists in components called buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers) or Store Buffers (temporary buffers to hold store addresses and data).\n\n## Intel Seeking to Downplay Impact\n\nThere are four vulnerabilities in total tied to MDS. Those are CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. Intel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d\n\nIndeed, CVE-2019-11091 has the lowest severity, with a CVSS score of 3.8, and exists in the microarchitectural data sampling structure for uncacheable memory in CPUs. CVE-2018-12126 (which exists in the Store Buffer), CVE-2018-12127 (which exists in the Load Port) and CVE-2018-12130 (existing in the Fill Buffer) meanwhile have a CVSS score or 6.5, or medium severity.\n\n## Different Attacks Exist to Exploit Flaws\n\nMeanwhile, an array of independent researchers from VUSec, CISPA, Graz University of Technology, and more have developed attacks for these vulnerabilities. Those proof-of-concept attacks were also disclosed Tuesday in coordination with Intel, after mitigations were developed.\n\nThose [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. While these attacks are all based on speculative execution targeting the buffer component of CPUs, they all work in different ways, exploit different flaws and result in different impacts.\n\nFor instance, while ZombieLoad allows attackers to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments; the Fallout attack allows to read data that the operating system recently wrote and to figure out the memory position of the operating system strengthening other attack, and RIDL attack allows to leak information across various security domains\n\n## ZombieLoad: The Hard-Hitting Attack\n\nThe most severe of these attacks is dubbed ZombieLoad, which attacks CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That\u2019s because this attack leaks the most data \u2013 attackers are able to siphon data from system applications, operating system and virtual machines. According to a [research paper](<https://zombieloadattack.com/zombieload.pdf>) released on Tuesday, researchers said that disabling hyperthreading is the \u201conly possible workaround to mitigate ZombieLoad on current processors.\u201d\n\n\u201cWith ZombieLoad, we showed a novel Meltdown-type attack targeting the processor\u2019s fill-buffer logic. ZombieLoad enables an attacker to leak recently loaded values used by the current or sibling logical CPU,\u201d researchers said.\n\nZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including [Meltdown](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>)) as well as researchers from KU Leuven, Cyberus Technology and the Worcester Polytechnic Institute.\n\n## Only Intel is Impacted (That We Know)\n\nIt appears at this time that Intel is the only manufacturer whose chips are impacted. AMD and ARM have both made public statements that the attacks and vulnerabilities related to MDS do not affect their chips.\n\nIn a statement, [AMD said](<https://www.amd.com/en/corporate/product-security>): \u201cAt AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to \u2018Fallout\u2019 or \u2018RIDL\u2019 because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.\u201d\n\n## Future Chips Won\u2019t Be Vulnerable\n\nAccording to Intel\u2019s [microcode update guidance](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>), most Intel Core and Xeon chips dating back to 2011 are theoretically vulnerable to MDS-related flaws.\n\nHowever, Intel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes, Intel said.\n\n## Flood of Vendors Security Advisories\n\nWhile Intel has provided CPU microcode updates, and recommendations for mitigation strategies for operating system (and hypervisor) software, the company recommends users install the software updates provided by your operating system and/or hypervisor vendor. An array of vendors have released separate security advisories in response to MDS, including [Red Hat](<https://access.redhat.com/security/vulnerabilities/mds>), [Oracle](<https://blogs.oracle.com/security/intelmds>), [Apple](<https://threatpost.com/apple-patches-intel-side-channel-ios-macos/144743/>), [Google ](<https://support.google.com/faqs/answer/9330250>)and [Microsoft](<https://threatpost.com/microsoft-patches-zero-day/144742/>).\n\n\u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a [Microsoft advisory released Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013>). \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d\n\nTo completely address these issues, Intel said that there are additional [opt-in mitigations](<https://support.apple.com/kb/HT210107>) to disable hyper threading and enable microcode-based mitigations for all processes by default.\n\n## Performance Hits From Fixes Ignite Concerns\n\nNews that Intel\u2019s fix for ZombieLoad will slow CPU performance has ignited concerns that people will be dissuaded to update their machines. It was a similar case when Spectre and Meltdown fixes were first introduced in 2018.\n\n[![intel performance hits flaw](https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/15114317/mds-server-hton-16x9-300x169.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/15114317/mds-server-hton-16x9.png>)\n\nFor instance, in a security release Apple said that [in tests](<https://support.apple.com/en-us/HT210108>) it found \u201cas much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks\u201d depending on the system.\n\nIntel for its part has a much smaller performance hit estimate: Foe example, in a Core i9 9900K with Hyper-Threading disabled, the company said that the hit could be as little as 9 percent on select data center workloads post-mitigation, for instance.\n\n## How can People Know if Their Systems are Impacted?\n\nResearchers said that it is \u201cvery likely\u201d that Intel chip users\u2019 systems are impacted by the MDS vulnerabilities and subsequent attacks.\n\n\u201cOur attacks affect all modern Intel CPUs in servers, desktops and laptops,\u201d said Fallout researchers [in a post](<https://mdsattacks.com>). \u201cThis includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.\u201d\n\nResearchers also made a tool, [available here](<https://mdsattacks.com>), to discover whether their systems are impacted.\n\n## Side Channel Attacks Continue\n\nThe incident shows that side channel speculative execution attacks continue to plague Intel chips since the Spectre and the related Meltdown vulnerability [were disclosed](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>) in 2018. For instance, in May 2018, in May, a [new vulnerability was found called Variant 4](<https://threatpost.com/intels-virtual-fences-spectre-fix-wont-protect-against-variant-4/132246/>), disclosed by Google Project Zero and Microsoft\u2019s Security Response Center; researchers said it potentially enables attackers to read privileged data across trust boundaries.\n\nMeanwhile, a new Spectre-class exploit, [dubbed SpectreRSB](<https://threatpost.com/new-spectre-level-flaw-targets-return-stack-buffer/134299/>), was detailed by researchers from the University of California at Riverside in a [research paper](<https://arxiv.org/pdf/1807.07940.pdf>) in July; while in August, three new speculative execution design flaws in Intel CPUs [were disclosed](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>), impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-15T16:48:11", "published": "2019-05-15T16:48:11", "id": "THREATPOST:B43D65BEF15E504CF4DFB8EB516972D7", "href": "https://threatpost.com/intel-zombieload-side-channel-attack-10-takeaways/144771/", "type": "threatpost", "title": "Intel ZombieLoad Side-Channel Attack: 10 Takeaways", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "thn": [{"lastseen": "2019-05-14T20:36:04", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "[![intel processor vulnerability](https://1.bp.blogspot.com/-znUidkkAPSY/XNsdfIR3FZI/AAAAAAAAz_k/3Tf6a5Rz7VsAkj511NSFP3z7_ot_MLXeQCLcBGAs/s728-e100/intel-processor-vulnerability.jpg)](<https://1.bp.blogspot.com/-znUidkkAPSY/XNsdfIR3FZI/AAAAAAAAz_k/3Tf6a5Rz7VsAkj511NSFP3z7_ot_MLXeQCLcBGAs/s728-e100/intel-processor-vulnerability.jpg>)\n\nAcademic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. \n \nAfter the discovery of [Spectre and Meltdown](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) processor vulnerabilities earlier last year that put practically every computer in the world at risk, different [classes of Spectre](<https://thehackernews.com/2018/11/meltdown-spectre-vulnerabilities.html>) and [Meltdown variations](<https://thehackernews.com/2018/08/foreshadow-intel-processor-vulnerability.html>) surfaced again and again. \n \nNow, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. \n \nThe newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. \n \n[Speculative execution](<https://thehackernews.com/2018/01/intel-amt-vulnerability.html>) is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. \n\n\n \nDubbed Microarchitectural Data Sampling ([MDS attacks](<https://mdsattacks.com/>)), the newest class of vulnerabilities consist of four different flaws, which, unlike existing attacks that leak data stored in CPU caches, can leak arbitrary in-flight data from CPU-internal buffers, such as Line Fill Buffers, Load Ports, or Store Buffers. \n \n\n\n> \"The new vulnerabilities can be used by motivated hackers to leak privileged information data from an area of the memory that hardware safeguards deem off-limits. It can be weaponized in highly targeted attacks that would normally require system-wide privileges or deep subversion of the operating system,\" BitDefender told The Hacker New.\n\n \nHere's the list of vulnerabilities derive from the newest [MDS speculative execution](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling#MDS-buffer-overwrite>) in Intel processors: \n \n\n\n 1. **CVE-2018-12126**\u2014Microarchitectural Store Buffer Data Sampling (MSBDS), also known as [Fallout attack](<https://mdsattacks.com/files/fallout.pdf>).\n 2. **CVE-2018-12130**\u2014Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as [Zombieload](<https://zombieloadattack.com/>), or** RIDL** (Rogue In-Flight Data Load).\n 3. **CVE-2018-12127**\u2014Microarchitectural Load Port Data Sampling (MLPDS), also part of [RIDL class of attacks](<https://mdsattacks.com/files/ridl.pdf>).\n 4. **CVE-2019-11091**\u2014Microarchitectural Data Sampling Uncacheable Memory (MDSUM), also part of RIDL class of attacks.\n \nThe Fallout attack is a new transient execution attack that could allow unprivileged user processes to steal information from a previously unexplored microarchitectural component called Store Buffers. \n \nThe attack can be used to read data that the operating system recently wrote and also helps to figure out the memory position of the operating system that could be exploited with other attacks. \n\n\n \nIn their proof-of-concept attack, researchers showed how Fallout could be used to break Kernel Address Space Layout Randomization (KASLR), and leak sensitive data written to memory by the operating system kernel. \n \nZombieLoad attack affects a wide range of desktops, laptops, and cloud computers with Intel processor generations released from 2011 onwards. It can be used to read data that is recently accessed or accessed in parallel on the same processor core. \n\n\nThe ZombieLoad attack does not only work on personal computers to leak information from other applications and the operating system but can also be exploited on virtual machines running in the cloud with common hardware. \n \n\n\n> \"ZombieLoad is furthermore not limited to native code execution, but also works across virtualization boundaries. Hence, virtual machines can attack not only the hypervisor but also different virtual machines running on a sibling logical core,\" researchers explain.\n\n \n\n\n> \"We conclude that disabling hyperthreading, in addition to flushing several microarchitectural states during context switches, is the only possible workaround to prevent this extremely powerful attack.\"\n\n \nResearchers even made available a [tool for Windows](<https://mdsattacks.com/files/mdstool-win.zip>) and [Linux users](<https://mdsattacks.com/files/mdstool-linux.zip>) to test their systems against RIDL and Fallout attacks as well as other speculative execution flaws. \n \nResearchers tested their proof-of-concept exploits against Intel Ivy Bridge, Haswell, Skylake and Kaby Lake microarchitectures as shown in the video demonstrations. \n\n\n \nAcademics have discovered the MDS vulnerabilities from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. \n \nMultiple researchers independently reported Intel of the MSD vulnerabilities starting June 2018, but the Chip giant had asked all the researchers to keep their findings secret, some for more than a year, until the company could come out with fixes for the vulnerabilities. \n\n\nIntel has now released Microcode Updates (MCU) updates to fix the MDS vulnerabilities in both hardware and software by clearing all data from buffers whenever the CPU crosses a security boundary so that the data can't be leaked or stolen. \n \nEvery operating system, virtualization vendor, and other software makers are highly recommended to implement the patch as soon as possible. \n \nAMD and ARM chips are not vulnerable to the MDS attacks, and Intel says that some models of its chip already include hardware mitigations against this flaw. \n \n[Apple](<https://support.apple.com/en-us/HT210107>) says it released a fix to address the vulnerability in the macOS Mojave 10.14.5 and Safari updates that were released yesterday. \n \n[Microsoft](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013>) has also released software updates to help mitigate the MDS vulnerabilities. In some cases, the company says installing the updates will have a performance impact. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "modified": "2019-05-14T20:20:06", "published": "2019-05-14T20:20:00", "id": "THN:ABCC9DD36D10CA51E767D6104EF69F5C", "href": "https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html", "type": "thn", "title": "New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011", "cvss": {"score": 0.0, "vector": "NONE"}}], "cloudfoundry": [{"lastseen": "2019-06-01T18:56:15", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n# Description\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.118\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.26\n * 250.x versions prior to 250.48\n * 170.x versions prior to 170.69\n * 97.x versions prior to 97.96\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.118\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.26\n * Upgrade 250.x versions to 250.48\n * Upgrade 170.x versions to 170.69\n * Upgrade 97.x versions to 97.96\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-1](<https://usn.ubuntu.com/3977-1>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 3, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "CFOUNDRY:E69484607521DCF7CA9844727923D7C3", "href": "https://www.cloudfoundry.org/blog/usn-3977-1/", "title": "USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T18:56:09", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families.\n\nOriginal advisory details:\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.125\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.34\n * 250.x versions prior to 250.56\n * 170.x versions prior to 170.76\n * 97.x versions prior to 97.106\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.125\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.34\n * Upgrade 250.x versions to 250.56\n * Upgrade 170.x versions to 170.76\n * Upgrade 97.x versions to 97.106\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-2](<https://usn.ubuntu.com/3977-2>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 2, "modified": "2019-05-29T00:00:00", "published": "2019-05-29T00:00:00", "id": "CFOUNDRY:B35B43834E131FD9F0A2BB00D581980F", "href": "https://www.cloudfoundry.org/blog/usn-3977-2/", "title": "USN-3977-2: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "myhack58": [{"lastseen": "2019-05-20T05:22:37", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Background understanding\n\n5 March 15, the media exposed, security researchers at a month before the Intel chip found in the one called\u201cZombieLoad\u201dthe new vulnerability, this vulnerability may allow an attacker to obtain the current processor is processing the sensitive data.\n\nAn attacker can exploit this vulnerability to initiate the Intel chip's side-channel attack, which is following the earlier Meltdown, the Spectre and Foreshadow after the most serious security vulnerabilities, researchers at a month previous to the Intel report these vulnerabilities.\n\n\u201cZombieLoad\u201ddirect understanding is the\u201czombie load\u201d, i.e. the processor can't understand or properly handle the large amounts of data, forcing the processor to the processor of the microcode request help to prevent a crash. The application usually can only see their own data, but this vulnerability could allow data flow through these boundary walls. The researchers said that ZombieLoad the leakage of the processor cores that are currently loaded all the data. This means that hackers make use of is actually a design flaw, rather than the injection of malicious code.\n\nAttack\n\nWith three previous side-channel attack Meltdown, the Spectre and Foreshadow\uff09in a similar way, the new attack is the use of the processor's speculative execution in the process of vulnerability.\n\nThis vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling\uff08MDS\uff09attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing.\n\nIntel said ZombieLoad includes 4 exploits. Respectively, is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of and privacy of data.\n\nThe scope of the impact\n\nSince 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. At the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large.\n\nBug fixes\n\nCurrently Intel has released a microcode update, and the new processor will not be affected. This includes the Intel Xeon, the Broadwell And Sandy Bridge, And Skylake and Haswell chips and models. Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake, and all of the atom and the Knights of the processor are also affected.\n\nCurrently, Apple, Microsoft and Google have already released patches.\n\nIntel on the micro-structure of the data sampling analysis\n\nThe micro-architecture of the data sampling\uff08MDS\uff09work principle\n\nMDS allows can be executed locally on the system the code of the malicious user inferred by the schema mechanism to protect the data, although the use of loopholes\u201cZombieLoad\u201don the system to locate specific data may be very difficult, but the malicious attacker can collect and analyze large amounts of data to find the protected data. Specific process, please see the deep dive in the MDS table: CPUID enumeration and architecture of the MSR action, through this way to obtain may be affected by MDS the impact of the processor list. MDS only relates to the primary data cache(L1D)outside of the micro system structure the structure of The Associated method, and therefore does not include the exception data cache load(RDCL)or L1 Terminal failure(L1TF)\u3002\n\nMDS speculative execution side-channel method can be used to leak following micro-architectural structures in the data:\n\n1. Storage buffer: used to save the storage address and the data of the temporary buffers;\n\n2. Fill the buffer: CPU cache between the temporary buffer;\n\n3. Loading port: will be loaded into the data register when using the temporary buffer;\n\nOf these structure than the L1D is much smaller, and therefore can save less data, and more are frequently covered. The use of MDS methods to infer with a particular memory address associated with the data is also more difficult, which may require a malicious attacker to gather a lot of data and analyzed to find any protected data.\n\nThe new micro-code update(MCUs)is being planned to be released to help the program mitigate these vulnerabilities. Intel recommends that in switching to the previous program untrusted program to update the micro code and remove the micro-architecture of the buffer area. These mitigation measures will be required for the[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>), the Virtual Machine Management Program and the Intel \u00aeprogram Protection Extensions the Intel \u00aeSGX for changes and updates.\n\nIn this document the micro-architecture details only apply to the MDS technical effect of the processor, and not all Intel processors a General purpose processor. For the affected processor list, please refer to the CPUID enumeration and architecture of the MSR.\n\nThe micro-architecture of the storage buffer data sampling\uff08MSBDS\uff09CVE-2018-12126\n\nPerform the storage operation, the processor writes data is called a storage buffer of a temporary micro-architecture. This makes the processor capable of writing data into the cache or main memory before continuing execution of the storage operation after the instruction. In addition, the I / O write, for example, the OUT is also stored in the storage buffer.\n\nWhen the load operation from the earlier Store operation to the same memory address when data is read, the processor can directly from the memory buffer forwards the data to the load operation instead of the wait from memory or cache to load data, this optimization process is referred to as a repository to load forwarding store-to-load forwarding it.\n\nUnder certain conditions, from the storage operation of the data from the Store Buffer is speculatively forwarded to a different memory address of the fault or auxiliary load operation. Since the memory size is less than the stored buffer width, or not to perform storage of the data portion, therefore storage may not cover the memory buffer within the entire data field. These situations may cause forwarding of data from previously stored data. Since the loading operation will lead to a fault/assist1 and its results will be discarded, and therefore the forwarding of data does not lead to the vulnerability of the program execution or the architectural state change. However, a malicious attacker may be able to be such only for speculative data forwarded to an open-source gadget framework disclosure gadget, to allow them to infer this value.\n\nMSBDS the cross-thread implications\n\nFor the MSBDS effects processors, physical cores on the stored data buffer in the kernel on the active thread on the static partition. This means that having two active threads of the kernel will have half the storage buffer entry is used only for Thread 1, the half only for another thread. When the thread enters the sleep state, its store buffer entry may be other active threads to use. This will cause previously used to enter the sleep state of the thread, and may contain expired data of the storage buffer entry by the other active thread reuse. When a thread from a sleep state is Wake-up time, the storage buffer will be re-partition. This will cause the memory buffer Store Buffer entry from the already active thread of the transmission to just Wake up the thread.\n\nThe micro-architecture of the fill of the buffer data sampling\uff08MFBDS\uff09CVE-2018-12130\n\nFill the buffer is an internal structure, for collecting a first level data cache lost data. When the memory request missing the L1 data cache, the processor will allocate a fill buffer to manage the data of the cache line Request. In addition, the fill buffer is also temporary management response to the memory or by the I / O operation returns, or to send the data. Fill the buffer data can be forwarded to the load operation, you can also write data to the data cache. Once the fill buffer data is written to the cache, the processor will release the fill buffer, thereby allowing in the future the memory operation in the reuse of the entry.\n", "edition": 1, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "MYHACK58:62201994183", "href": "http://www.myhack58.com/Article/html/3/62/2019/94183.htm", "title": "Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities\u201cZombieLoad\u201ddetailed technical analysis on-the vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-15T15:20:57", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "! [](/Article/UploadPic/2019-5/2019515185455532. png) \n\nSecurity personnel recently discovered for Intel processor of the new side channel attack, which is also following the earlier Meltdown, the Spectre and Foreshadow after a fairly serious security problems. This vulnerability may allow an attacker to obtain the current processor is processing the data. \n\nFor the speculative execution of the new attack mode \nWith three previous side-channel attacks in a similar way, the new attack is the use of the processor's speculative execution problems in the process. \nThis vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling\uff08MDS\uff09attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing. \nCurrently such\uff08MDS\uff09attack has four kinds, respectively is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of data. \n\nThe scope of the impact \nRecently published research papers mentioned, since 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. There are already part of the security personnel posted some demo videos, here you can watch\uff081\u30012\u30013\uff09\u3002 The demo showed Zombieload attack can achieve a breakthrough between applications of the privacy protection function to obtain sensitive information. \n\nBug fixes \nCurrently Intel has released a microcode update, and the new processor will not be affected. Expect Microsoft, Apple and Linux each release will also soon launch a system update to mitigate this vulnerability. \nAt the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large. \nThe current security personnel have been Zombieload establish a website and publish the research papers, bug fixes navigation and other content, the user can timely update: https://zombieloadattack.com/ the. \n\n", "edition": 1, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "MYHACK58:62201994150", "href": "http://www.myhack58.com/Article/html/3/62/2019/94150.htm", "title": "Zombieload: Intel CPU exposure of a new side channel attack-exploit warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update provides a new kernel 2.6.32-042stab138.1 for Virtuozzo 6.0 based on the RHEL 6.10 kernel 2.6.32-754.14.2.el6. The new kernel inherits security fixes for the Microarchitectural Store Buffer Data (MDS) vulnerability from the RHEL kernel.\n**Vulnerability id:** CVE-2018-12130\nA flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n\n**Vulnerability id:** CVE-2018-12126\nModern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.\n\n**Vulnerability id:** CVE-2018-12127\nMicroprocessors use a 'load port' subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU's pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.\n\n**Vulnerability id:** CVE-2019-11091\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.\n\n", "edition": 1, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "VZA-2019-037", "href": "https://help.virtuozzo.com/s/article/VZA-2019-037", "title": "Important kernel security update: New kernel 2.6.32-042stab138.1; Virtuozzo 6.0 Update 12 Hotfix 40 (6.0.12-3739)", "type": "virtuozzo", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}]}