{"id": "RHSA-2019:1208", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2019:1208) Important: rhvm-appliance security update", "description": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2019-05-15T00:38:48", "modified": "2019-05-15T01:03:01", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "href": "https://access.redhat.com/errata/RHSA-2019:1208", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "lastseen": "2019-08-13T18:45:30", "viewCount": 46, "enchantments": {"dependencies": {"references": [{"type": "vmware", "idList": ["VMSA-2019-0008"]}, {"type": "f5", "idList": ["F5:K52370164", "F5:K97035296", "F5:K80159635", "F5:K34303485"]}, {"type": "cve", "idList": ["CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2018-12126"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2019-1183.NASL", "DEBIAN_DLA-1789.NASL", "REDHAT-RHSA-2019-1204.NASL", "REDHAT-RHSA-2019-1181.NASL", "ORACLELINUX_ELSA-2019-1177.NASL", "REDHAT-RHSA-2019-1208.NASL", "SL_20190514_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-1296-1.NASL", "UBUNTU_USN-3985-1.NASL", "XEN_SERVER_XSA-297.NASL"]}, {"type": "centos", "idList": ["CESA-2019:1180", "CESA-2019:1169"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1789-2:82C69", "DEBIAN:DSA-4447-1:76E6B", "DEBIAN:DSA-4444-1:2DFF1"]}, {"type": "redhat", "idList": ["RHSA-2019:1200", "RHSA-2019:1207", "RHSA-2019:1155", "RHSA-2019:1193", "RHSA-2019:1197", "RHSA-2019:1174", "RHSA-2019:1199"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1805-1", "OPENSUSE-SU-2019:1505-1", "OPENSUSE-SU-2019:1468-1", "OPENSUSE-SU-2019:1402-1"]}, {"type": "fedora", "idList": ["FEDORA:609B763560C6", "FEDORA:CFE4360D22F6"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1178", "ELSA-2019-4637", "ELSA-2019-4629"]}, {"type": "mskb", "idList": ["KB4499179", "KB4516058", "KB4516026", "KB4516066", "KB4499154", "KB4499158", "KB4516067", "KB4497936"]}, {"type": "ubuntu", "idList": ["USN-3984-1", "USN-3983-1", "USN-3977-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704444", "OPENVAS:1361412562310844011", "OPENVAS:1361412562310852508", "OPENVAS:1361412562310852504", "OPENVAS:1361412562310876383", "OPENVAS:1361412562310704447"]}, {"type": "hp", "idList": ["HP:C06330149"]}, {"type": "lenovo", "idList": ["LENOVO:PS500247-NOSID"]}, {"type": "thn", "idList": ["THN:ABCC9DD36D10CA51E767D6104EF69F5C"]}], "modified": "2019-08-13T18:45:30", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-08-13T18:45:30", "rev": 2}, "vulnersScore": 6.5}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "rhvm-appliance", "packageVersion": "4.3-20190506.0.el7", "packageFilename": "rhvm-appliance-4.3-20190506.0.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "rhvm-appliance", "packageVersion": "4.3-20190506.0.el7", "packageFilename": "rhvm-appliance-4.3-20190506.0.el7.x86_64.rpm", "operator": "lt"}]}

{"vmware": [{"lastseen": "2019-11-14T23:21:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**1\\. Impacted Products**\n\n * VMware vCenter Server (VC)\n * VMware vSphere ESXi (ESXi)\n * VMware Workstation Pro / Player (WS)\n * VMware Fusion Pro / Fusion (Fusion)\n * vCloud Usage Meter (UM)\n * Identity Manager (vIDM)\n * vCenter Server (vCSA)\n * vSphere Data Protection (VDP)\n * vSphere Integrated Containers (VIC)\n * vRealize Automation (vRA)\n\n**2\\. Introduction \n**\n\nIntel has disclosed details on speculative-execution vulnerabilities known collectively as \u201cMicroarchitectural Data Sampling (MDS)\" that can occur on Intel microarchitecture prior to 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake). These issues may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms. \n\n\nThere are four uniquely identifiable vulnerabilities associated with MDS: \n\n\n * CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) - CVSSv3 = 6.5\n * CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVSSv3 = 6.5\n * CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) - CVSSv3 = 6.5\n * CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVSSv3 = 3.8\n\nTo assist in understanding speculative-execution vulnerabilities, VMware previously defined the following mitigation categories:\n\n * _Hypervisor-Specific Mitigations_ prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.\n * _Hypervisor-Assisted Guest Mitigations _virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.\n * _Operating System-Specific Mitigations_ are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware Virtual Appliances, by VMware.\n * _Microcode Mitigations_ are applied to a system\u2019s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective. \n\n\nMDS vulnerabilities require _Hypervisor-Specific Mitigations_ (described in section 3a.) _Hypervisor-Assisted Guest Mitigations_ (described in section 3b.) and _Operating System-Specific Mitigations_ (described in section 3c.) \n\n\n**3a. _Hypervisor-Specific Mitigations_ for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 \n** \n\n\n**Description: \n**\n\nvCenter Server, ESXi, Workstation, and Fusion updates include _Hypervisor-Specific Mitigations_ for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the [Moderate severity range](<https://www.vmware.com/support/policies/security_response.html>) with a maximum CVSSv3 base score of 6.5. \n\n\n**Known Attack Vectors: \n**\n\nA malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. \n\n\nThere are two known attack vector variants for MDS at the Hypervisor level:\n\n * _Sequential-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.\n * _Concurrent-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.\n\n**Resolution:**\n\n * The _Sequential-context attack vector_ (Inter-VM): is mitigated by a Hypervisor update to the product versions listed in the table below. These mitigations are dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.\n * The _Concurrent-context attack vector_ (Inter-VM): is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default.\n\n**Workarounds:**\n\n * There are no known Hypervisor-Specific workarounds for the MDS class of vulnerabilities.\n\n**Additional Documentation:**\n\n * vSphere: [KB67577](<https://kb.vmware.com/kb/67577>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts\n * Workstation/Fusion: [KB68025](<https://kb.vmware.com/kb/68025>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts.\n\n**Notes: \n**\n\n * VMware Hypervisors running on 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities.\n\n**Acknowledgements:**\n\n * None.\n\n**Resolution Matrix: \n \n**\n\nProduct | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation \n---|---|---|---|---|---|---|---|--- \nvCenter Server1 | 6.7 | Any | N/A | N/A | N/A | [6.7 U2a](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.5 | Any | N/A | N/A | N/A | [6.5 U2g](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.0 | Any | N/A | N/A | N/A | [6.0 U3i](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi3 | 6.7 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi670-201911401-BG \nESXi670-201911402-BG2 \n](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.5 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi650-201905401-BG \nESXi650-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.0 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi600-201905401-BG \nESXi600-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nWorkstation3 | 15.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [15.5.1](<https://www.vmware.com/go/downloadworkstation>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \nFusion3 | 11.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [11.5.1](<https://www.vmware.com/go/downloadfusion>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \n \n1\\. vCenter updates are listed in the above table as a requirement for _Hypervisor-Specific Mitigations_ as these updates include enhanced EVC modes which support the new MD-CLEAR functionality included in ESXi microcode updates. \n2\\. These patches contain updated microcode. At the time of this publication Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi. \n3\\. A regression introduced in ESXi 6.7u2, Workstation 15.5.0, and Fusion 11.5.0 causes _Hypervisor-Specific Mitigations_ for L1TF (CVE-2018-3646) and MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be ineffective. This issue has been resolved in the patches reflected in the table above. This regression does not affect the ESXi 6.5 and 6.0 release lines, nor does it affect ESXi 6.7u2 if the _ESXi Side-Channel-Aware Scheduler Version 2_ is enabled.\n", "edition": 4, "modified": "2019-11-12T00:00:00", "published": "2019-05-14T00:00:00", "id": "VMSA-2019-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html", "title": "VMware product updates enable\u00a0Hypervisor-Specific Mitigations,\u00a0Hypervisor-Assisted Guest Mitigations, and\u00a0Operating System-Specific Mitigations\u00a0for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and\u00a0CVE-2019-11091)", "type": "vmware", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784685 (BIG-IP), ID 786089 (BIG-IQ), ID 787421 (F5 iWorkflow), ID 787397 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability and understanding of any potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-05-16T01:28:00", "id": "F5:K80159635", "href": "https://support.f5.com/csp/article/K80159635", "title": "Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784677 (BIG-IP), ID 785913 (BIG-IQ), ID 787429 (F5 iWorkflow), ID 787373 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploiting this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:33:00", "published": "2019-05-16T00:33:00", "id": "F5:K52370164", "href": "https://support.f5.com/csp/article/K52370164", "title": "Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784689 (BIG-IP), ID 786105 (BIG-IQ), ID 787417 (F5 iWorkflow), ID 787401 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:12:00", "published": "2019-05-16T01:42:00", "id": "F5:K34303485", "href": "https://support.f5.com/csp/article/K34303485", "title": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784681 (BIG-IP), ID 785937 (BIG-IQ), ID 787425 (F5 iWorkflow), ID 787377 (Enterprise Manager) and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance stability and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:48:00", "published": "2019-05-16T01:14:00", "id": "F5:K97035296", "href": "https://support.f5.com/csp/article/K97035296", "title": "Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12130", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12130"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12130", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12126", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_store_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12126", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12127", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12127"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_load_port_data_sampling_firmware:-"], "id": "CVE-2018-12127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12127", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_load_port_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:47", "description": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 22, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2019-11091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11091"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-", "cpe:/o:fedoraproject:fedora:29"], "id": "CVE-2019-11091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11091", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-06-01T20:44:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[3.10.0-957.12.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-957.12.2]\n- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}\n- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1168", "href": "http://linux.oracle.com/errata/ELSA-2019-1168.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.10.2-64.0.1]\n- Replace docs/et.png in tarball with blank image\n[0.10.2-64.el6_10.1]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1180", "href": "http://linux.oracle.com/errata/ELSA-2019-1180.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[1.5.3-160.el7_6.2]\n- kvm-target-i386-define-md-clear-bit-rhel.patch\n- Resolves: bz#1693216\n (qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1178", "href": "http://linux.oracle.com/errata/ELSA-2019-1178.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.12.1.2-2.506.el6_10.3]\n- kvm-target-i386-define-md-clear-bit.patch [bz#1698996]\n- Resolves: bz#1698996\n (CVE-2018-12130 qemu-kvm: hardware: MFBDS)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1181", "href": "http://linux.oracle.com/errata/ELSA-2019-1181.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.5.0-10.0.1]\n- bump the version\n[4.5.0-10.el7_6.9]\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-10.el7_6.8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1177", "href": "http://linux.oracle.com/errata/ELSA-2019-1177.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-22T17:06:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.18.0-80.1.2_0.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-80.1.2_0]\n- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\nfile (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n[4.18.0-80.1.1_0]\n- [zstream] switch to zstream (Frantisek Hrbata)", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1167", "href": "http://linux.oracle.com/errata/ELSA-2019-1167.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2021-03-01T02:33:36", "description": "Microarchitectural Data Sampling speculative side channel [XSA-297,\nCVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091]\nadditional patches so above applies cleanly work around grub2 issues\nin dom0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-31T00:00:00", "title": "Fedora 29 : xen (2019-1f5832fc0e) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2019-1F5832FC0E.NASL", "href": "https://www.tenable.com/plugins/nessus/125610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1f5832fc0e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125610);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"FEDORA\", value:\"2019-1f5832fc0e\");\n\n script_name(english:\"Fedora 29 : xen (2019-1f5832fc0e) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Microarchitectural Data Sampling speculative side channel [XSA-297,\nCVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091]\nadditional patches so above applies cleanly work around grub2 issues\nin dom0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1f5832fc0e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"xen-4.11.1-5.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:11", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-14T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:1155) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/125033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1155. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125033);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1155\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1155) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1155\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1155\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"kernel-abi-whitelists-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"kernel-doc-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"perf-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"python-perf-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-862.32.2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:17", "description": "An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Need to remove radix-tree symbols from the whitelist (BZ#1696222)\n\n* Installation of kernel-modules-extra rpm conflicts with kmod\nweak-modules (BZ#1703395)", "edition": 21, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-14T00:00:00", "title": "RHEL 8 : kernel (RHSA-2019:1167) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2019-1167.NASL", "href": "https://www.tenable.com/plugins/nessus/125036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1167. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125036);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2020/01/30\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1167\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2019:1167) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Need to remove radix-tree symbols from the whitelist (BZ#1696222)\n\n* Installation of kernel-modules-extra rpm conflicts with kmod\nweak-modules (BZ#1703395)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1167\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1167\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-abi-whitelists-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-cross-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-cross-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-common-aarch64-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-doc-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-libs-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-18T10:59:31", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Intel Microcode update (USN-3977-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3977-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125136", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3977-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125136);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"USN\", value:\"3977-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Intel Microcode update (USN-3977-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3977-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.18.10.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-14T06:18:09", "description": "This update for ucode-intel fixes the following issues :\n\nucode-intel was updated to official QSR 2019.1 microcode release\n(bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded Broadwell CPU ucode that was missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-22T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:1296-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-22T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo"], "id": "SUSE_SU-2019-1296-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1296-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125333);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:1296-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nucode-intel was updated to official QSR 2019.1 microcode release\n(bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded Broadwell CPU ucode that was missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191296-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8799a77e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1296=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1296=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1296=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1296=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1296=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1296=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1296=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T07:00:11", "description": "This update for ucode-intel fixes the following issues :\n\nThe Intel CPU Microcode was updated to the official QSR 2019.1\nMicrocode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130\nCVE-2018-12127 CVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-23T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1313-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:ucode-intel"], "id": "SUSE_SU-2019-1313-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1313-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125351);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1313-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nThe Intel CPU Microcode was updated to the official QSR 2019.1\nMicrocode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130\nCVE-2018-12127 CVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191313-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d310267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1313=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-3.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-14T06:19:00", "description": "This update for libvirt fixes the following issues :\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThese updates contain the libvirt adjustments, that pass through the\nnew 'md-clear' CPU flag (bsc#1135273).\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-06-19T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1547-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-06-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-libs", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-nss"], "id": "SUSE_SU-2019-1547-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126044", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1547-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126044);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1547-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvirt fixes the following issues :\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThese updates contain the libvirt adjustments, that pass through the\nnew 'md-clear' CPU flag (bsc#1135273).\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191547-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa0486ee\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-1547=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1547=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1547=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-admin-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-admin-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-client-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-client-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-config-network-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-config-nwfilter-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-interface-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-lxc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-network-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-network-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nodedev-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nwfilter-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-qemu-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-secret-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-core-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-disk-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-iscsi-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-logical-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-mpath-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-scsi-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-hooks-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-lxc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-qemu-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-debugsource-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-doc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-libs-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-libs-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-lock-sanlock-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-lock-sanlock-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-nss-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-nss-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-admin-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-admin-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-client-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-qemu-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-debugsource-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-doc-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-libs-3.3.0-5.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-libs-debuginfo-3.3.0-5.33.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:21", "description": "An update for qemu-kvm-rhev is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-14T00:00:00", "title": "RHEL 7 : Virtualization Manager (RHSA-2019:1179) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "id": "REDHAT-RHSA-2019-1179.NASL", "href": "https://www.tenable.com/plugins/nessus/125045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1179. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125045);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1179\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : Virtualization Manager (RHSA-2019:1179) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1179\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.12.0-18.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.12.0-18.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.12.0-18.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.12.0-18.el7_6.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T04:06:06", "description": "According to the remote Linux kernel, this system is vulnerable to\nthe following information disclosure vulnerabilities:\n\n - MSBDS leaks Store Buffer Entries which can be\n speculatively forwarded to a dependent load\n (store-to-load forwarding) as an optimization. The\n forward can also happen to a faulting or assisting load\n operation for a different memory address, which can\n cause an issue under certain conditions. Store buffers\n are partitioned between Hyper-Threads so cross thread\n forwarding is not possible. But if a thread enters or\n exits a sleep state the store buffer is repartitioned\n which can expose data from one thread to the other.\n (MSBDS/Fallout) (CVE-2018-12126)\n\n - MLDPS leaks Load Port Data. Load ports are used to\n perform load operations from memory or I/O. The received\n data is then forwarded to the register file or a\n subsequent operation. In some implementations the Load\n Port can contain stale data from a previous operation\n which can be forwarded to faulting or assisting loads\n under certain conditions, which again can cause an issue\n eventually. Load ports are shared between Hyper-Threads\n so cross thread leakage is possible. (MLPDS/RIDL)\n (CVE-2018-12127)\n\n MFBDS leaks Fill Buffer Entries. Fill buffers are used\n internally to manage L1 miss situations and to hold data\n which is returned or sent in response to a memory or I/O\n operation. Fill buffers can forward data to a load\n operation and also write data to the cache. When the\n fill buffer is deallocated it can retain the stale data\n of the preceding operations which can then be forwarded\n to a faulting or assisting load operation, which can\n cause an issue under certain conditions. Fill buffers\n are shared between Hyper-Threads so cross thread leakage\n is possible. (MFBDS/RIDL/ZombieLoad) (CVE-2018-12130)\n\n - MDSUM is a special case of MSBDS, MFBDS and MLPDS. An\n uncacheable load from memory that takes a fault or\n assist can leave data in a microarchitectural structure\n that may later be observed using one of the same methods\n used by MSBDS, MFBDS or MLPDS. (MDSUM/RIDL)\n (CVE-2019-11091)\n\nTo address these issues, update the kernel packages on your Linux\nsystem, disable Simultaneous Multi-Threading (SMT) or otherwise\nconfigure it to a non-vulnerable state, and apply microcode fixes to\nyour hardware. Consult your Linux distribution and processor hardware\nvendors for details and patches.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-06-25T00:00:00", "title": "Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:linux:linux_kernel"], "id": "MDS_KERNEL_REPORTING_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/126244", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126244);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/18 23:14:15\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n\n script_name(english:\"Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks for vulnerability indicators in /sys/devices/system/cpu/vulnerabilities/mds.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Linux kernel is affected by a series of information\ndisclosure vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the remote Linux kernel, this system is vulnerable to\nthe following information disclosure vulnerabilities:\n\n - MSBDS leaks Store Buffer Entries which can be\n speculatively forwarded to a dependent load\n (store-to-load forwarding) as an optimization. The\n forward can also happen to a faulting or assisting load\n operation for a different memory address, which can\n cause an issue under certain conditions. Store buffers\n are partitioned between Hyper-Threads so cross thread\n forwarding is not possible. But if a thread enters or\n exits a sleep state the store buffer is repartitioned\n which can expose data from one thread to the other.\n (MSBDS/Fallout) (CVE-2018-12126)\n\n - MLDPS leaks Load Port Data. Load ports are used to\n perform load operations from memory or I/O. The received\n data is then forwarded to the register file or a\n subsequent operation. In some implementations the Load\n Port can contain stale data from a previous operation\n which can be forwarded to faulting or assisting loads\n under certain conditions, which again can cause an issue\n eventually. Load ports are shared between Hyper-Threads\n so cross thread leakage is possible. (MLPDS/RIDL)\n (CVE-2018-12127)\n\n MFBDS leaks Fill Buffer Entries. Fill buffers are used\n internally to manage L1 miss situations and to hold data\n which is returned or sent in response to a memory or I/O\n operation. Fill buffers can forward data to a load\n operation and also write data to the cache. When the\n fill buffer is deallocated it can retain the stale data\n of the preceding operations which can then be forwarded\n to a faulting or assisting load operation, which can\n cause an issue under certain conditions. Fill buffers\n are shared between Hyper-Threads so cross thread leakage\n is possible. (MFBDS/RIDL/ZombieLoad) (CVE-2018-12130)\n\n - MDSUM is a special case of MSBDS, MFBDS and MLPDS. An\n uncacheable load from memory that takes a fault or\n assist can leave data in a microarchitectural structure\n that may later be observed using one of the same methods\n used by MSBDS, MFBDS or MLPDS. (MDSUM/RIDL)\n (CVE-2019-11091)\n\nTo address these issues, update the kernel packages on your Linux\nsystem, disable Simultaneous Multi-Threading (SMT) or otherwise\nconfigure it to a non-vulnerable state, and apply microcode fixes to\nyour hardware. Consult your Linux distribution and processor hardware\nvendors for details and patches.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mdsattacks.com/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"1. Ensure the latest kernel and package updates are applied to your\n linux packages for your OS distribution.\n2. Either disable SMT or configure it to a non-vulnerable state.\n Consult your processor manufacturer for details.\n3. Apply the appropriate microcode fix for your hardware. Consult\n your processor manufacturer for details.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:linux:linux_kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info2.nasl\");\n script_require_keys(\"Host/Linux\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nget_kb_item_or_exit(\"Host/Linux\");\nmds_results = get_one_kb_item(\"Host/cpu/vulnerabilities/mds\");\nif (empty_or_null(mds_results))\n{\n report =\n\"Either the Linux system is running a kernel that is outdated enough\nthat it does not record whether or not it is vulnerable to\nMicroarchitectural Data Sampling attacks, or a permissions issue was\nencountered when trying to access that data. A file containing those\ndetails should be found in /sys/devices/system/cpu/vulnerabilities/mds\nEnsure your scan has access to that file, and rerun the scan. It is\nextremely likely that the kernel is vulnerable if that mds file is not\npresent.\n\nCheck your scan account's permissions, and update your kernel packages\nto the latest versions available from your Linux distribution vendor\n(and reboot the system). If this scan continues to report that the\nfile is missing, you may need to contact your Linux distribution\nvendor to determine why the kernel is not reporting details of whether\nor not MDS attacks are mitigated or vulnerable on the system.\"; \n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : report\n );\n exit(0);\n}\nmatches = pregmatch(string:mds_results, pattern:\"^(Vulnerable|Not affected|Mitigation)(?:[:;] (.+))?$\");\nif(!empty_or_null(matches) && len(matches) >= 2)\n{\n result = matches[1];\n details = \"\";\n if (!empty_or_null(matches[2]))\n {\n details = matches[2];\n }\n if (result == \"Not affected\")\n {\n exit(0, \"The processor is not vulnerable to MDS attacks.\");\n }\n else if (result == \"Mitigation\")\n {\n report = 'The processor is vulnerable to MDS attacks, but the CPU buffer clearing\\nmitigation is enabled, so the vulnerability is mitigated.';\n if (!empty_or_null(details)) {\n report += \" Additional Details: \" + details;\n } \n exit(0, report);\n }\n else\n {\n report = mds_results + '\\n\\nThe processor is vulnerable to MDS attacks, and the CPU buffer clearing\\nmitigation has not been enabled.\\n\\n' +\n 'Consult your processor hardware and OS software vendors for patches and\\nmitigations to apply.';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : report\n );\n exit(0);\n }\n}\n\n# If this spot is reached then /sys/devices/system/cpu/vulnerabilities/mds contains something unusual.\nexit(0, \"The contents of /sys/devices/system/cpu/vulnerabilities/mds contain an unexpected result and the host's vulnerability to MDS attacks cannot be determined.\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-03-01T05:49:27", "description": "An update for rhvm-setup-plugins is now available for Red Hat\nVirtualization 4.3.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe rhvm-setup-plugins package adds functionality exclusive only to\nRed Hat Virtualization Manager, and is not available for the upstream\novirt-engine. It includes the configuration of the Red Hat Support\nplugin, copying downstream-only artifacts to the ISO domain, and links\nto the knowledgebase and other support material.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "RHEL 7 : Virtualization Manager (RHSA-2019:1205) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhvm-setup-plugins", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1205.NASL", "href": "https://www.tenable.com/plugins/nessus/125195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1205. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125195);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1205\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : Virtualization Manager (RHSA-2019:1205) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for rhvm-setup-plugins is now available for Red Hat\nVirtualization 4.3.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe rhvm-setup-plugins package adds functionality exclusive only to\nRed Hat Virtualization Manager, and is not available for the upstream\novirt-engine. It includes the configuration of the Red Hat Support\nplugin, copying downstream-only artifacts to the ISO domain, and links\nto the knowledgebase and other support material.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhvm-setup-plugins package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhvm-setup-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1205\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"rhvm-setup-plugins-4.3.1-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhvm-setup-plugins\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "mskb": [{"lastseen": "2021-01-01T22:41:05", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4503273, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span>Customers who have applied KB4489887 or later Monthly Rollup Packages </span></span><span>to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The \u201cbuild number\u201d component of the version string increases by 1, and the revision number decreases by approximately 4000 numbers. To find out more about this change please refer to the following <a data-content-id=\"4495374\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</span></span></span></p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4499184\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4499184</a> (released May 23, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" originalsrc=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" shash=\"cgZ6fxMrQXl5WDKOS9UeiMKo1aOk6N/CLx43s1XLy1TzMAWUeHnq1Kp14OPeyoPe8tRI/5Zhihlc3cV7XL/RZpnWOskkEJcBmZvtkjnvqvPYNC3uJiWgsi/SzHvsx6mI8RcVh69zn+MmkO9QFVvOdgVHRRg2gjP90PvPeesgDM8=\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Kernel, Internet Information Services, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log </strong>in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing this update on a WDS server.</td><td><p>This issue is resolved in <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4493730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493730</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503273\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/A/A/D/AADEFFA5-FD28-4AC4-93C6-3A28586CA88D/4503273.csv\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">file information for update 4503273</a>.\u00a0</p></div></body></html>", "edition": 15, "modified": "2019-08-19T19:05:56", "id": "KB4503273", "href": "https://support.microsoft.com/en-us/help/4503273/", "published": "2019-06-11T00:00:00", "title": "June 11, 2019\u2014KB4503273 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:52:16", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516044, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder:</span></strong><span> The additional servicing for Windows 10 Enterprise,\u00a0<span>Education, and\u00a0</span>IoT Enterprise editions ended\u00a0on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12 and April 9 were the last two Delta updates for Windows 10, version\u00a01607. For Long-Term Servicing Branch (LTSB) customers, security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em>Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. </em><em>To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></p><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>:\u00a0</span></span></span></strong><span><span>Windows 10 Enterprise and Windows 10 Education editions will receive\u00a0 additional servicing at no cost until April 9, 2019. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026\u00a0per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/lifecycle/search?alpha=Windows%2010\" managed-link=\"\" target=\"\">Lifecycle Policy page</a>. Windows 10 Anniversary Update (v. 1607) devices running the Intel \u201cClovertrail\u201d chipset will continue to receive updates until January 2023 per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://answers.microsoft.com/{lang-locale}/windows/forum/windows_10-windows_install/intel-clover-trail-processors-are-not-supported-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9?auth=1\" managed-link=\"\" target=\"_blank\">Microsoft Community blog</a>.</span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span>Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option </span></em><em><span><span>reached end of service on October 9, 2018</span></span></em><span><span>.<em> These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span><span><span>Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer,\u00a0networking technologies, and input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><ul><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Addresses an issue with applications and scripts that call the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" managed-link=\"\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider\" managed-link=\"\" target=\"_blank\">WinNT provider</a> equivalent. They may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages, you may receive the error, \u201c1359: an internal error occurred.\u201d\u00a0</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, and Windows Server .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't\u00a0apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4467684\" managed-link=\"\" target=\"_blank\">KB 4467684</a>, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.</td><td><p>Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.</p><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512574\" managed-link=\"\" target=\"_blank\">KB 4512574</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516044\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/9/7/6974cce9-7fa1-4e4e-8fb6-39f746b85bd0/4516044.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516044</a>.</p></body></html>", "edition": 21, "modified": "2019-10-15T16:51:10", "id": "KB4516044", "href": "https://support.microsoft.com/en-us/help/4516044/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516044 (OS Build 14393.3204)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:36:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499171, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4493462\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493462 </a>(released April 25, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved <a data-content-id=\"4503285\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503285</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</td><td><p>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</p><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul></td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4505050\" data-content-type=\"article\" href=\"https://support.microsoft.com/en/help/4505050\" managed-link=\"\" tabindex=\"0\">KB4505050</a>.</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503295\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503295</a>.</p><span><span></span></span></td></tr></tbody></table><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499171\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/6/6/D/66D0ACA8-8A3A-4CF7-8B6C-46596D8DF860/4499171.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499171</a>.\u00a0</p></div></body></html>", "edition": 16, "modified": "2019-06-20T21:32:27", "id": "KB4499171", "href": "https://support.microsoft.com/en-us/help/4499171/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499171 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:39:50", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516068, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>: </span></span></span></strong><span><span><span>Windows 10 Enterprise and Windows 10 Education editions will reach end of service on October 8, 2019.\u00a0<span><span><span><span> To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10</span></span></span><em><span><span><span>.</span></span></span></em></span></span></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12\u00a0and April 9 were the last two Delta updates for Windows 10, version\u00a01703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em><span><span><span><span>Windows 10, version 1703, reached end of service on October 8, 2018</span></span></span></span></em><em><span><span><span>. Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em>Windows 10 Mobile, version 1703, reached end of service on June 11, 2019. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4511839\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4511839</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516068\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/b/f/f/bff283ad-19ce-49df-b8c4-601faea35667/4516068.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516068</a>.</p></body></html>", "edition": 18, "modified": "2019-09-10T18:19:32", "id": "KB4516068", "href": "https://support.microsoft.com/en-us/help/4516068/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516068 (OS Build 15063.2045)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:49:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516051, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is not currently aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4517134\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4517134</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516051\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows Server 2008 Service Pack 2</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/4/2/c4270f98-886c-4526-94a6-f536579567be/4516051.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4516051</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 3, "modified": "2019-09-10T20:27:08", "id": "KB4516051", "href": "https://support.microsoft.com/en-us/help/4516051/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516051 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:35", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516055, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4512512\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512512</a> (released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512939\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512939</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516055\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows Server 2012, Windows Embedded 8 Standard</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/7/d/67dcdbbd-9bb7-4037-9458-3197fcf7b3d5/4516055.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4516055</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 17, "modified": "2019-09-10T20:10:41", "id": "KB4516055", "href": "https://support.microsoft.com/en-us/help/4516055/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516055 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:47:38", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516065, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT </strong>Verify that<strong> </strong>you have installed the recommended updates listed in the <strong>How to get this update</strong> section <u>before</u> installing this update. For all\u00a0updates starting with August 13, 2019, we strongly recommend that you install these updates to prevent any issues.</p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512514\" managed-link=\"\" target=\"_blank\">KB4512514</a> (released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Kernel, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Server, and the Microsoft Scripting Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>VBScript in Internet Explorer 11 should be disabled by default after installing <a data-content-id=\"4507437\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4507437</a> (Preview of Monthly Rollup) or <a data-content-id=\"4511872\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4511872</a> (Internet Explorer Cumulative Update) and later. However, in some circumstances, VBScript may not be disabled as intended.</td><td><p>This issue is resolved in <a data-content-id=\"4519976\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4519976</a>.</p></td></tr><tr><td>After installing this update, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in the Event Log related to <strong>cryptnet.dll</strong>.</td><td>This issue is resolved in <a data-content-id=\"4516048\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4516048</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p><span><span>You must install the updates</span></span><span> listed below and <strong>restart your device</strong> before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup.</span></p><ol><li>The\u00a0March 12, 2019 servicing stack update (SSU) (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4490628\" managed-link=\"\" target=\"_blank\">KB4490628</a>).\u00a0To get the standalone package for this SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</li><li>The latest SHA-2 update (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4474419\" managed-link=\"\" target=\"_blank\">KB4474419</a>) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4472027\" managed-link=\"\" target=\"_blank\">2019 SHA-2 Code Signing Support requirement for Windows and WSUS</a>.</li></ol><p>After installing the updates above, Microsoft strongly recommends that you install the <u>latest</u>\u00a0SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4516655\" managed-link=\"\" target=\"_blank\">KB4516655</a>).\u00a0If you are using Windows Update, the latest SSU\u00a0will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516065\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/6/0/1603b576-6404-453a-905c-83d5eee371d6/4516065.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4516065</a>.\u00a0</p></body></html>", "edition": 23, "modified": "2019-11-05T20:16:43", "id": "KB4516065", "href": "https://support.microsoft.com/en-us/help/4516065/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516065 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4512578, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (<strong>Settings </strong>&gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong>). If you would like to get an available update right away, select <strong>Download and install now</strong>. To find out more about this feature, please go to this <a href=\"https://blogs.windows.com/windowsexperience/?p=172316\" managed-link=\"\" target=\"_blank\">blog</a>.\u00a0</p><p><em><span>When Windows 10 devices are at, or within several months of reaching, end of service, Windows Update will begin to automatically initiate a feature update. This keeps those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 17763.737) released September 10, 2019.\u00a0</span>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on. please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer, Microsoft Edge,\u00a0and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><h2>Improvements and fixes</h2><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Fundamentals, Windows Authentication, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4493509\" managed-link=\"\" target=\"_blank\">KB 4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</td><td><ol><li>Uninstall and reinstall any recently added language packs. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4496404\" managed-link=\"\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>.</li><li>Select\u00a0<strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4027667\" managed-link=\"\" target=\"_blank\">Update Windows 10</a>.</li></ol><p><strong>Note</strong> If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</p><ol><li>Go to the <strong>Settings </strong>app &gt; <strong>Recovery</strong>.</li><li>Select <strong>Get Started</strong> under the <strong>Reset this PC</strong> recovery option.</li><li>Select <strong>Keep my Files</strong>.</li></ol><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Applications and scripts that call the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" managed-link=\"\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider\" managed-link=\"\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, \u201c1359: an internal error occurred.\u201d\u00a0This issue occurs in this update and in all the updates before June 18, 2019.</td><td>This issue is resolved in <a data-content-id=\"4516077\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4516077</a>.</td></tr><tr><td>After installing this update, Windows Mixed Reality Portal users may intermittently receive a \u201c15-5\u201d error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing \u201cWake up\u201d may appear to produce no action.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</p><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</td><td><p>This issue is resolved in <a data-content-id=\"4534321\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4534321</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512577\" managed-link=\"\" target=\"_blank\">KB 4512577</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4512578\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/1/0/1104925f-ef7b-4bfc-af92-9a6cf04b1798/4512578.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4512578</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 27, "modified": "2020-01-23T23:33:27", "id": "KB4512578", "href": "https://support.microsoft.com/en-us/help/4512578/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4512578 (OS Build 17763.737)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:49:06", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499179 including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12^th and April 9^th will be the last two Delta updates for Windows 10, version\u00a01709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder:</span></strong><span> Windows 10, version 1709, will reach end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span><span>IMPORTANT: </span></span></strong><span><span>Windows 10 Enterprise, Education, </span></span><span>and IoT Enterprise</span><span><span> editions will </span></span><span>continue to <span>receive </span>servicing for 12 months<span> at no cost</span></span>\u00a0per the\u00a0lifecycle announcement on October 2018.</p></div></div></div></div><p>\u00a0</p><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Virtualization, Windows Kernel, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, please refer to the </span></span></span></span><span><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</span></span></span></p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505062</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4500641\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4500641</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499179\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/F/E/D/FEDF7B17-D66D-4589-BA05-1716346F51A3/4499179.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499179</a>.\u00a0</p></div></body></html>", "edition": 17, "modified": "2019-05-19T21:13:34", "id": "KB4499179", "href": "https://support.microsoft.com/en-us/help/4499179/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499179 (OS Build 16299.1146)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:35:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499154, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Improves performance related to case-insensitive string comparison functions such as <strong>_stricmp()</strong> in the Universal C Runtime.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li><span><span><span><span>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the </span></span></span></span><strong><span><span><span>MS UI Gothic </span></span></span></strong><span><span><span><span>or </span></span></span></span><strong><span><span><span>MS PGothic </span></span></span></strong><span><span><span><span>fonts. </span></span></span></span></li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, please refer to the </span></span></span></span><span><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</span></span></span></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505051\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505051</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4498353\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4498353</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499154 \" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/F/A/F/FAFA1F21-89BB-48BF-AE67-AA7AEB30BB69/4499154.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499154</a>.</p></div></body></html>", "edition": 16, "modified": "2019-05-21T23:50:47", "id": "KB4499154", "href": "https://support.microsoft.com/en-us/help/4499154/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499154 (OS Build 10240.18215)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-14T08:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-08-14T11:34:37", "published": "2019-05-15T00:13:31", "id": "RHSA-2019:1189", "href": "https://access.redhat.com/errata/RHSA-2019:1189", "type": "redhat", "title": "(RHSA-2019:1189) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-14T08:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-08-14T11:34:34", "published": "2019-05-15T00:13:19", "id": "RHSA-2019:1187", "href": "https://access.redhat.com/errata/RHSA-2019:1187", "type": "redhat", "title": "(RHSA-2019:1187) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:09", "published": "2019-05-14T21:23:31", "id": "RHSA-2019:1178", "href": "https://access.redhat.com/errata/RHSA-2019:1178", "type": "redhat", "title": "(RHSA-2019:1178) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:49:10", "published": "2019-05-14T22:09:20", "id": "RHSA-2019:1184", "href": "https://access.redhat.com/errata/RHSA-2019:1184", "type": "redhat", "title": "(RHSA-2019:1184) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:20:48", "published": "2019-05-15T00:17:03", "id": "RHSA-2019:1194", "href": "https://access.redhat.com/errata/RHSA-2019:1194", "type": "redhat", "title": "(RHSA-2019:1194) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:32:15", "published": "2019-05-15T00:13:13", "id": "RHSA-2019:1197", "href": "https://access.redhat.com/errata/RHSA-2019:1197", "type": "redhat", "title": "(RHSA-2019:1197) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)", "modified": "2019-05-15T00:42:24", "published": "2019-05-15T00:39:21", "id": "RHSA-2019:1199", "href": "https://access.redhat.com/errata/RHSA-2019:1199", "type": "redhat", "title": "(RHSA-2019:1199) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:50:05", "published": "2019-05-14T22:08:42", "id": "RHSA-2019:1183", "href": "https://access.redhat.com/errata/RHSA-2019:1183", "type": "redhat", "title": "(RHSA-2019:1183) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:59", "published": "2019-05-15T00:38:15", "id": "RHSA-2019:1206", "href": "https://access.redhat.com/errata/RHSA-2019:1206", "type": "redhat", "title": "(RHSA-2019:1206) Important: rhvm-setup-plugins security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:02:20", "published": "2019-05-14T21:22:02", "id": "RHSA-2019:1174", "href": "https://access.redhat.com/errata/RHSA-2019:1174", "type": "redhat", "title": "(RHSA-2019:1174) Important: kernel-rt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "threatpost": [{"lastseen": "2020-04-11T11:47:19", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system\u2019s CPU.\n\nIntel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems.\n\n\u201cFirst identified by Intel\u2019s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques,\u201d Intel said in an advisory [released Tuesday](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). \u201cUnder certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nIntel said it is not aware of any reported real-world exploits of these security issues.\n\nThese vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091) derive from a process called speculative execution in processors. It\u2019s is used in microprocessors so that memory can read before the addresses of all prior memory writes are known; an attacker with local user access can use a side-channel analysis to gain unauthorized disclosure of information.[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14135233/intel.png>)\n\nHowever, while speculative execution side channel previous attacks \u2013 like Meltdown \u2013 targeted data stored in the CPU\u2019s memory that relies on this process; MDS looks to a different component in the chip using speculative execution. Those components are buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers), or Store Buffers (temporary buffers to hold store addresses and data).\n\n\u201cThese structures are much smaller than the [level 1 data cache], and therefore hold less data and are overwritten more frequently,\u201d Intel said in an [analysis of the flaws](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling>). \u201cIt is also more difficult to use MDS methods to infer data that is associated with a specific memory address, which may require the malicious actor to collect significant amounts of data and analyze it to locate any protected data.\u201d\n\n## Attack Vectors\n\nThe [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding, and have been detailed and publicly disclosed on Tuesday by an array of security researchers.\n\nThe ZombieLoad attack \u201cresurrects your private browsing-history and other sensitive data. It allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments,\u201d according to a [page breaking down](<https://cpu.fail/>) the MDS attack vectors.\n\nWith RIDL (Rogue In-Flight Data Load) attackers can exploit MDS flaws to leak sensitive data: \u201cBy analyzing the impact on the CPU pipeline, we developed a variety of practical exploits leaking in-flight data from different internal CPU buffers (such as Line-Fill Buffers and Load Ports), used by the CPU while loading or storing data from memory,\u201d [researchers](<https://mdsattacks.com/files/ridl.pdf>) with VUSec and CISPA said.\n\nMeanwhile, the [Fallout attack](<https://mdsattacks.com/files/fallout.pdf>) allows bad actors to leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data, several independent researchers (a full list of who discovered the Fallout attack can be found [here](<https://mdsattacks.com/>)) said.\n\nFinally, the Store-To-Leak Forwarding attack \u201cexploits CPU optimizations introduced by the store buffer to break address randomization, monitor the operating system or to leak data when combined with Spectre gadgets,\u201d according to [researchers](<https://cpu.fail/store_to_leak_forwarding.pdf>) with the Graz University of Technology.\n\n## Mitigations\n\nIntel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d\n\nHowever, researchers who discovered the flaws were more concerned about their impact: \u201cThe implications are worrisome,\u201d researchers who discovered RDIL [said](<https://mdsattacks.com/files/ridl.pdf>). \u201cContrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software.\u201d\n\nIntel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes.\n\nIn addition to hardware fixes, Intel is releasing processor microcode updates as part of its regularly-scheduled update process with OEMs to address the issue in products where MDS is not addressed in hardware.\n\nAn array of vendors have released separate security advisories in response to MDS, including [Red Hat](<https://access.redhat.com/security/vulnerabilities/mds>), [Oracle](<https://blogs.oracle.com/security/intelmds>) and Microsoft.\n\n\u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a [Microsoft advisory released Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013>). \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d\n\n## Side Channel Attacks\n\nSide channel speculative execution attacks continue to plague Intel chips \u2013 in August, three new speculative execution design flaws in Intel CPUs [were disclosed](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>), impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\nOther Spectre-class flaws have been discovered over the past half year since Spectre and the related Meltdown vulnerability [were found](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>), including side-channel variants 1, 2, 3, 3a, and 4.\n\nRaoul Strackx, post-doctoral researcher at KU Leuven, who discovered the [Foreshadow](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>) side-channel attack, [recently told Threatpost](<https://threatpost.com/foreshadow-attack/142299/>) that \u201cbasically it comes down to the fact that these processes are simply becoming way too complex.\u201d\n\n\u201cI would say that\u2019s the main problem, but if you disable speculative execution, then the performance impact is going to be huge, and so no one would be willing to do this. So there needs to be more academic research there,\u201d he said.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-14T18:01:49", "published": "2019-05-14T18:01:49", "id": "THREATPOST:6D16350D7053F9F2166165E3E33239B9", "href": "https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/", "type": "threatpost", "title": "Intel CPUs Impacted By New Class of Spectre-Like Attacks", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2019-06-05T01:41:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310844013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844013", "type": "openvas", "title": "Ubuntu Update for libvirt USN-3985-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844013\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:19 +0000 (Thu, 16 May 2019)\");\n script_name(\"Ubuntu Update for libvirt USN-3985-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3985-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3985-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the USN-3985-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"4.6.0-2ubuntu3.5\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"4.6.0-2ubuntu3.5\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"4.6.0-2ubuntu3.5\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"5.0.0-1ubuntu2.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"5.0.0-1ubuntu2.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"5.0.0-1ubuntu2.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"4.0.0-1ubuntu8.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"4.0.0-1ubuntu8.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"4.0.0-1ubuntu8.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"1.3.1-1ubuntu10.26\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"1.3.1-1ubuntu10.26\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-30T16:55:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-26T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192289", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2289)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2289\");\n script_version(\"2020-03-26T11:51:34+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 11:51:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2289)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2289\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2289\");\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libvirt' package(s) announced via the EulerOS-SA-2019-2289 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12126)\n\nMicroarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12127)\n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12130)\n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-bash-completion\", rpm:\"libvirt-bash-completion~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon\", rpm:\"libvirt-daemon~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-network\", rpm:\"libvirt-daemon-config-network~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-nwfilter\", rpm:\"libvirt-daemon-config-nwfilter~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-interface\", rpm:\"libvirt-daemon-driver-interface~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-network\", rpm:\"libvirt-daemon-driver-network~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nodedev\", rpm:\"libvirt-daemon-driver-nodedev~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nwfilter\", rpm:\"libvirt-daemon-driver-nwfilter~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-qemu\", rpm:\"libvirt-daemon-driver-qemu~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-secret\", rpm:\"libvirt-daemon-driver-secret~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage\", rpm:\"libvirt-daemon-driver-storage~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-core\", rpm:\"libvirt-daemon-driver-storage-core~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-disk\", rpm:\"libvirt-daemon-driver-storage-disk~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-iscsi\", rpm:\"libvirt-daemon-driver-storage-iscsi~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-iscsi-direct\", rpm:\"libvirt-daemon-driver-storage-iscsi-direct~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-logical\", rpm:\"libvirt-daemon-driver-storage-logical~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-mpath\", rpm:\"libvirt-daemon-driver-storage-mpath~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-scsi\", rpm:\"libvirt-daemon-driver-storage-scsi~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-kvm\", rpm:\"libvirt-daemon-kvm~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-libs\", rpm:\"libvirt-libs~4.7.0~5.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883054", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1169 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883054\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:00 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1169 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1169\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023309.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1169 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result\nin the overlapped portion of the page containing zeros (BZ#1686170)\n\n * Tolerate new s390x crypto hardware for migration (BZ#1695496)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-14T17:06:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310852508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852508", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1420-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852508\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-21 02:01:13 +0000 (Tue, 21 May 2019)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1420-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1420-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2019:1420-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86\n cpu feature 'md-clear' (bsc#1111331)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1420=1\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:53:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-29T00:00:00", "id": "OPENVAS:1361412562310852523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852523", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852523\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-29 02:00:49 +0000 (Wed, 29 May 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1468-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00066.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1468-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode\n release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\n CVE-2019-11091)\n\n - --- new platforms ---------------------------------------- VLV\n C0 6-37-8/02 00000838 Atom Z series VLV C0\n 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV\n D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n 6-4c-3/01 00000368 Atom X series CHV D0\n 6-4c-4/01 00000411 Atom X series\n\n read missing in last update:\n\n BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4, Core\n i7-69xx/68xx\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1468=1\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190514~lp150.2.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883053", "type": "openvas", "title": "CentOS Update for libvirt CESA-2019:1180 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883053\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:00:57 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for libvirt CESA-2019:1180 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1180\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023308.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the CESA-2019:1180 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-lock-sanlock\", rpm:\"libvirt-lock-sanlock~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-09-05T14:52:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883055", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1168 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883055\");\n script_version(\"2019-09-05T05:22:48+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 05:22:48 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:04 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1168 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1168\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023314.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1168 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an\nunprivileged attacker could use this flaw to read private data resident\nwithin the CPU's processor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876368", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-f910d35647", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876368\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:12:12 +0000 (Fri, 17 May 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-f910d35647\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f910d35647\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA5T2KLIYRYX4XMARLFBPB45B2INDALL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-f910d35647 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~5.1.0~5.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-30T16:54:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-26T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192210", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2210)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2210\");\n script_version(\"2020-03-26T11:51:34+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 11:51:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:39:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2210)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2210\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2210\");\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libvirt' package(s) announced via the EulerOS-SA-2019-2210 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12126)\n\nMicroarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12127)\n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2018-12130)\n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: [link moved to references](CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon\", rpm:\"libvirt-daemon~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-network\", rpm:\"libvirt-daemon-config-network~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-nwfilter\", rpm:\"libvirt-daemon-config-nwfilter~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-interface\", rpm:\"libvirt-daemon-driver-interface~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-lxc\", rpm:\"libvirt-daemon-driver-lxc~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-network\", rpm:\"libvirt-daemon-driver-network~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nodedev\", rpm:\"libvirt-daemon-driver-nodedev~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nwfilter\", rpm:\"libvirt-daemon-driver-nwfilter~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-qemu\", rpm:\"libvirt-daemon-driver-qemu~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-secret\", rpm:\"libvirt-daemon-driver-secret~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage\", rpm:\"libvirt-daemon-driver-storage~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-core\", rpm:\"libvirt-daemon-driver-storage-core~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-disk\", rpm:\"libvirt-daemon-driver-storage-disk~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-gluster\", rpm:\"libvirt-daemon-driver-storage-gluster~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-iscsi\", rpm:\"libvirt-daemon-driver-storage-iscsi~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-logical\", rpm:\"libvirt-daemon-driver-storage-logical~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-mpath\", rpm:\"libvirt-daemon-driver-storage-mpath~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-rbd\", rpm:\"libvirt-daemon-driver-storage-rbd~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-scsi\", rpm:\"libvirt-daemon-driver-storage-scsi~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-kvm\", rpm:\"libvirt-daemon-kvm~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-libs\", rpm:\"libvirt-libs~3.9.0~14.7.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883051", "type": "openvas", "title": "CentOS Update for qemu-img CESA-2019:1178 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883051\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:00:51 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for qemu-img CESA-2019:1178 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1178\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023312.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-img'\n package(s) announced via the CESA-2019:1178 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'qemu-img' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~160.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~160.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~160.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~160.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3983-2", "href": "https://ubuntu.com/security/notices/USN-3983-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:44:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 4, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3985-1", "href": "https://ubuntu.com/security/notices/USN-3985-1", "title": "libvirt update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-06-01T18:56:15", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n# Description\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.118\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.26\n * 250.x versions prior to 250.48\n * 170.x versions prior to 170.69\n * 97.x versions prior to 97.96\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.118\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.26\n * Upgrade 250.x versions to 250.48\n * Upgrade 170.x versions to 170.69\n * Upgrade 97.x versions to 97.96\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-1](<https://usn.ubuntu.com/3977-1>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 3, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "CFOUNDRY:E69484607521DCF7CA9844727923D7C3", "href": "https://www.cloudfoundry.org/blog/usn-3977-1/", "title": "USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T18:56:09", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families.\n\nOriginal advisory details:\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.125\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.34\n * 250.x versions prior to 250.56\n * 170.x versions prior to 170.76\n * 97.x versions prior to 97.106\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.125\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.34\n * Upgrade 250.x versions to 250.56\n * Upgrade 170.x versions to 170.76\n * Upgrade 97.x versions to 97.106\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-2](<https://usn.ubuntu.com/3977-2>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 2, "modified": "2019-05-29T00:00:00", "published": "2019-05-29T00:00:00", "id": "CFOUNDRY:B35B43834E131FD9F0A2BB00D581980F", "href": "https://www.cloudfoundry.org/blog/usn-3977-2/", "title": "USN-3977-2: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Issue Overview:**\n\n\\- Microarchitectural Store Buffer Data Sampling (MSBDS) ([CVE-2018-12126 __](<https://access.redhat.com/security/cve/CVE-2018-12126>)) \n\\- Microarchitectural Fill Buffer Data Sampling (MFBDS) ([CVE-2018-12130 __](<https://access.redhat.com/security/cve/CVE-2018-12130>)) \n\\- Microarchitectural Load Port Data Sampling (MLPDS) ([CVE-2018-12127 __](<https://access.redhat.com/security/cve/CVE-2018-12127>)) \n\\- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) ([CVE-2019-11091 __](<https://access.redhat.com/security/cve/CVE-2019-11091>)) \n \nMSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load (store-to-load forwarding) as an optimization. The forward can also happen to a faulting or assisting load operation for a different memory address, which can cause an issue under certain conditions. Store buffers are partitioned between Hyper-Threads so cross thread forwarding is not possible. But if a thread enters or exits a sleep state the store buffer is repartitioned which can expose data from one thread to the other.\n\nMFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage L1 miss situations and to hold data which is returned or sent in response to a memory or I/O operation. Fill buffers can forward data to a load operation and also write data to the cache. When the fill buffer is deallocated it can retain the stale data of the preceding operations which can then be forwarded to a faulting or assisting load operation, which can be cause an issue under certain conditions. Fill buffers are shared between Hyper-Threads so cross thread leakage is possible.\n\nMLDPS leaks Load Port Data. Load ports are used to perform load operations from memory or I/O. The received data is then forwarded to the register file or a subsequent operation. In some implementations the Load Port can contain stale data from a previous operation which can be forwarded to faulting or assisting loads under certain conditions, which again can be cause an issue eventually. Load ports are shared between Hyper-Threads so cross thread leakage is possible.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot your instance to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.114-105.126.amzn2.aarch64 \n kernel-headers-4.14.114-105.126.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.114-105.126.amzn2.aarch64 \n perf-4.14.114-105.126.amzn2.aarch64 \n perf-debuginfo-4.14.114-105.126.amzn2.aarch64 \n python-perf-4.14.114-105.126.amzn2.aarch64 \n python-perf-debuginfo-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-devel-4.14.114-105.126.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.114-105.126.amzn2.aarch64 \n kernel-devel-4.14.114-105.126.amzn2.aarch64 \n kernel-debuginfo-4.14.114-105.126.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.114-105.126.amzn2.i686 \n \n src: \n kernel-4.14.114-105.126.amzn2.src \n \n x86_64: \n kernel-4.14.114-105.126.amzn2.x86_64 \n kernel-headers-4.14.114-105.126.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.114-105.126.amzn2.x86_64 \n perf-4.14.114-105.126.amzn2.x86_64 \n perf-debuginfo-4.14.114-105.126.amzn2.x86_64 \n python-perf-4.14.114-105.126.amzn2.x86_64 \n python-perf-debuginfo-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-devel-4.14.114-105.126.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.114-105.126.amzn2.x86_64 \n kernel-devel-4.14.114-105.126.amzn2.x86_64 \n kernel-debuginfo-4.14.114-105.126.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-07T22:39:00", "published": "2019-05-07T22:39:00", "id": "ALAS2-2019-1205", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1205.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "hp": [{"lastseen": "2020-12-24T13:22:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "## Potential Security Impact\nInformation Disclosure\n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported By**: Intel \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout. See table below for further details.\n\nVulnerability\n\n| \n\nDescription\n\n| \n\nCVE \n \n---|---|--- \n \nFallout, RIDL\n\n| \n\nMicroarchitectural Store Buffer Data Sampling (MSBDS) \n\n| \n\nCVE-2018-12126 \n \nRIDL\n\n| \n\nMicroarchitectural Load Port Data Sampling (MLPDS)\n\n| \n\nCVE-2018-12127 \n \nZombieLoad, RIDL\n\n| \n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS)\n\n| \n\nCVE-2018-12130 \n \nRIDL\n\n| \n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n| \n\nCVE-2019-11091\n\n## RESOLUTION\nBoth software updates and firmware updates are required. See the links below for more information regarding software updates.\n\nHypervisors could also be affected. Check with your hypervisor vendor for potential software patches.\n\nHP has identified the affected platforms and target dates for Softpaqs for firmware updates. See the affected platforms listed below. \n", "edition": 6, "modified": "2020-09-10T00:00:00", "published": "2019-05-14T00:00:00", "id": "HP:C06330149", "href": "https://support.hp.com/us-en/document/c06330149", "title": "HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates", "type": "hp", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "debian": [{"lastseen": "2019-06-20T14:22:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4447-2 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJun 20, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : intel-microcode\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130\n CVE-2019-11091\n\nDSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as\nmitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.20190618.1~deb9u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2019-06-20T06:41:49", "published": "2019-06-20T06:41:49", "id": "DEBIAN:DSA-4447-2:8C972", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00114.html", "title": "[SECURITY] [DSA 4447-2] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-02T02:20:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4447-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 15, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : intel-microcode\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130\n CVE-2019-11091\n\nThis update ships updated CPU microcode for most types of Intel CPUs. It\nprovides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware\nvulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages as released in DSA 4444.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.20190514.1~deb9u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2019-05-15T09:23:30", "published": "2019-05-15T09:23:30", "id": "DEBIAN:DSA-4447-1:76E6B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00092.html", "title": "[SECURITY] [DSA 4447-1] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-21T02:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Package : intel-microcode\nVersion : 3.20190618~deb8u1\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 929073\n\nDLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as\nmitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n3.20190618.1~deb8u1 of the intel-microcode package.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be found\nat: https://wiki.debian.org/LTS\n\nFor the detailed security status of intel-microcode please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\n-- \n Henrique Holschuh\n", "edition": 1, "modified": "2019-06-20T21:50:55", "published": "2019-06-20T21:50:55", "id": "DEBIAN:DLA-1789-2:82C69", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00018.html", "title": "[SECURITY] [DLA 1789-2] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2019-07-24T19:42:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Release notes:\n\n ---- updated platforms ------------------------------------ SNB-E/EN/EP\n C1/M0 6-2d-6/6d 0000061d-&gt;0000061f Xeon E3/E5, Core X SNB-E/EN/EP\n C2/M1 6-2d-7/6d 00000714-&gt;00000718 Xeon E3/E5, Core X\n\n ---- new platforms ---------------------------------------- VLV\n C0 6-37-8/02 00000838 Atom Z series VLV C0\n 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV\n D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n 6-4c-3/01 00000368 Atom X series CHV D0\n 6-4c-4/01 00000411 Atom X series Readded what missing in last\n update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e-&gt;00000036 Xeon E5/E7 v4;\n Core i7-69xx/68xx\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-07-24T18:16:18", "published": "2019-07-24T18:16:18", "id": "OPENSUSE-SU-2019:1806-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-16T18:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionaly\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the &quot;mds&quot; commandline option, see the\n documentation.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Other fixes:\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n - Fixes in Live migrating PV domUs\n\n An earlier change broke live migration of PV domUs without a device\n model. The migration would stall for 10 seconds while the domU was paused,\n which caused network connections to drop. Fix this by tracking the need\n for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)\n\n - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-16T15:36:02", "published": "2019-05-16T15:36:02", "id": "OPENSUSE-SU-2019:1403-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00038.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-06-03T16:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for libvirt fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the libvirt adjustments, that pass through the new\n 'md-clear' CPU flag (bsc#1135273).\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-06-03T15:18:12", "published": "2019-06-03T15:18:12", "id": "OPENSUSE-SU-2019:1505-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html", "title": "Security update for libvirt (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-07-24T19:42:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Release notes:\n\n ---- updated platforms ------------------------------------ SNB-E/EN/EP\n C1/M0 6-2d-6/6d 0000061d-&gt;0000061f Xeon E3/E5, Core X SNB-E/EN/EP\n C2/M1 6-2d-7/6d 00000714-&gt;00000718 Xeon E3/E5, Core X\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-07-24T18:16:52", "published": "2019-07-24T18:16:52", "id": "OPENSUSE-SU-2019:1805-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-05-17T01:08:38", "published": "2019-05-17T01:08:38", "id": "FEDORA:CFE4360D22F6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: qemu-3.1.0-8.fc30", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "centos": [{"lastseen": "2020-12-08T03:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1180\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035346.html\n\n**Affected packages:**\nlibvirt\nlibvirt-client\nlibvirt-devel\nlibvirt-lock-sanlock\nlibvirt-python\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:41:00", "published": "2019-05-15T15:41:00", "id": "CESA-2019:1180", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035346.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-08T03:39:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1178\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035350.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T20:31:32", "published": "2019-05-15T20:31:32", "id": "CESA-2019:1178", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035350.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "myhack58": [{"lastseen": "2019-05-20T05:22:37", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Background understanding\n\n5 March 15, the media exposed, security researchers at a month before the Intel chip found in the one called\u201cZombieLoad\u201dthe new vulnerability, this vulnerability may allow an attacker to obtain the current processor is processing the sensitive data.\n\nAn attacker can exploit this vulnerability to initiate the Intel chip's side-channel attack, which is following the earlier Meltdown, the Spectre and Foreshadow after the most serious security vulnerabilities, researchers at a month previous to the Intel report these vulnerabilities.\n\n\u201cZombieLoad\u201ddirect understanding is the\u201czombie load\u201d, i.e. the processor can't understand or properly handle the large amounts of data, forcing the processor to the processor of the microcode request help to prevent a crash. The application usually can only see their own data, but this vulnerability could allow data flow through these boundary walls. The researchers said that ZombieLoad the leakage of the processor cores that are currently loaded all the data. This means that hackers make use of is actually a design flaw, rather than the injection of malicious code.\n\nAttack\n\nWith three previous side-channel attack Meltdown, the Spectre and Foreshadow\uff09in a similar way, the new attack is the use of the processor's speculative execution in the process of vulnerability.\n\nThis vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling\uff08MDS\uff09attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing.\n\nIntel said ZombieLoad includes 4 exploits. Respectively, is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of and privacy of data.\n\nThe scope of the impact\n\nSince 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. At the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large.\n\nBug fixes\n\nCurrently Intel has released a microcode update, and the new processor will not be affected. This includes the Intel Xeon, the Broadwell And Sandy Bridge, And Skylake and Haswell chips and models. Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake, and all of the atom and the Knights of the processor are also affected.\n\nCurrently, Apple, Microsoft and Google have already released patches.\n\nIntel on the micro-structure of the data sampling analysis\n\nThe micro-architecture of the data sampling\uff08MDS\uff09work principle\n\nMDS allows can be executed locally on the system the code of the malicious user inferred by the schema mechanism to protect the data, although the use of loopholes\u201cZombieLoad\u201don the system to locate specific data may be very difficult, but the malicious attacker can collect and analyze large amounts of data to find the protected data. Specific process, please see the deep dive in the MDS table: CPUID enumeration and architecture of the MSR action, through this way to obtain may be affected by MDS the impact of the processor list. MDS only relates to the primary data cache(L1D)outside of the micro system structure the structure of The Associated method, and therefore does not include the exception data cache load(RDCL)or L1 Terminal failure(L1TF)\u3002\n\nMDS speculative execution side-channel method can be used to leak following micro-architectural structures in the data:\n\n1. Storage buffer: used to save the storage address and the data of the temporary buffers;\n\n2. Fill the buffer: CPU cache between the temporary buffer;\n\n3. Loading port: will be loaded into the data register when using the temporary buffer;\n\nOf these structure than the L1D is much smaller, and therefore can save less data, and more are frequently covered. The use of MDS methods to infer with a particular memory address associated with the data is also more difficult, which may require a malicious attacker to gather a lot of data and analyzed to find any protected data.\n\nThe new micro-code update(MCUs)is being planned to be released to help the program mitigate these vulnerabilities. Intel recommends that in switching to the previous program untrusted program to update the micro code and remove the micro-architecture of the buffer area. These mitigation measures will be required for the[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>), the Virtual Machine Management Program and the Intel \u00aeprogram Protection Extensions the Intel \u00aeSGX for changes and updates.\n\nIn this document the micro-architecture details only apply to the MDS technical effect of the processor, and not all Intel processors a General purpose processor. For the affected processor list, please refer to the CPUID enumeration and architecture of the MSR.\n\nThe micro-architecture of the storage buffer data sampling\uff08MSBDS\uff09CVE-2018-12126\n\nPerform the storage operation, the processor writes data is called a storage buffer of a temporary micro-architecture. This makes the processor capable of writing data into the cache or main memory before continuing execution of the storage operation after the instruction. In addition, the I / O write, for example, the OUT is also stored in the storage buffer.\n\nWhen the load operation from the earlier Store operation to the same memory address when data is read, the processor can directly from the memory buffer forwards the data to the load operation instead of the wait from memory or cache to load data, this optimization process is referred to as a repository to load forwarding store-to-load forwarding it.\n\nUnder certain conditions, from the storage operation of the data from the Store Buffer is speculatively forwarded to a different memory address of the fault or auxiliary load operation. Since the memory size is less than the stored buffer width, or not to perform storage of the data portion, therefore storage may not cover the memory buffer within the entire data field. These situations may cause forwarding of data from previously stored data. Since the loading operation will lead to a fault/assist1 and its results will be discarded, and therefore the forwarding of data does not lead to the vulnerability of the program execution or the architectural state change. However, a malicious attacker may be able to be such only for speculative data forwarded to an open-source gadget framework disclosure gadget, to allow them to infer this value.\n\nMSBDS the cross-thread implications\n\nFor the MSBDS effects processors, physical cores on the stored data buffer in the kernel on the active thread on the static partition. This means that having two active threads of the kernel will have half the storage buffer entry is used only for Thread 1, the half only for another thread. When the thread enters the sleep state, its store buffer entry may be other active threads to use. This will cause previously used to enter the sleep state of the thread, and may contain expired data of the storage buffer entry by the other active thread reuse. When a thread from a sleep state is Wake-up time, the storage buffer will be re-partition. This will cause the memory buffer Store Buffer entry from the already active thread of the transmission to just Wake up the thread.\n\nThe micro-architecture of the fill of the buffer data sampling\uff08MFBDS\uff09CVE-2018-12130\n\nFill the buffer is an internal structure, for collecting a first level data cache lost data. When the memory request missing the L1 data cache, the processor will allocate a fill buffer to manage the data of the cache line Request. In addition, the fill buffer is also temporary management response to the memory or by the I / O operation returns, or to send the data. Fill the buffer data can be forwarded to the load operation, you can also write data to the data cache. Once the fill buffer data is written to the cache, the processor will release the fill buffer, thereby allowing in the future the memory operation in the reuse of the entry.\n", "edition": 1, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "MYHACK58:62201994183", "href": "http://www.myhack58.com/Article/html/3/62/2019/94183.htm", "title": "Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities\u201cZombieLoad\u201ddetailed technical analysis on-the vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2019-05-14T20:36:04", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "[](<https://1.bp.blogspot.com/-znUidkkAPSY/XNsdfIR3FZI/AAAAAAAAz_k/3Tf6a5Rz7VsAkj511NSFP3z7_ot_MLXeQCLcBGAs/s728-e100/intel-processor-vulnerability.jpg>)\n\nAcademic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. \n \nAfter the discovery of [Spectre and Meltdown](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) processor vulnerabilities earlier last year that put practically every computer in the world at risk, different [classes of Spectre](<https://thehackernews.com/2018/11/meltdown-spectre-vulnerabilities.html>) and [Meltdown variations](<https://thehackernews.com/2018/08/foreshadow-intel-processor-vulnerability.html>) surfaced again and again. \n \nNow, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. \n \nThe newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. \n \n[Speculative execution](<https://thehackernews.com/2018/01/intel-amt-vulnerability.html>) is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. \n\n\n \nDubbed Microarchitectural Data Sampling ([MDS attacks](<https://mdsattacks.com/>)), the newest class of vulnerabilities consist of four different flaws, which, unlike existing attacks that leak data stored in CPU caches, can leak arbitrary in-flight data from CPU-internal buffers, such as Line Fill Buffers, Load Ports, or Store Buffers. \n \n\n\n> \"The new vulnerabilities can be used by motivated hackers to leak privileged information data from an area of the memory that hardware safeguards deem off-limits. It can be weaponized in highly targeted attacks that would normally require system-wide privileges or deep subversion of the operating system,\" BitDefender told The Hacker New.\n\n \nHere's the list of vulnerabilities derive from the newest [MDS speculative execution](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling#MDS-buffer-overwrite>) in Intel processors: \n \n\n\n 1. **CVE-2018-12126**\u2014Microarchitectural Store Buffer Data Sampling (MSBDS), also known as [Fallout attack](<https://mdsattacks.com/files/fallout.pdf>).\n 2. **CVE-2018-12130**\u2014Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as [Zombieload](<https://zombieloadattack.com/>), or** RIDL** (Rogue In-Flight Data Load).\n 3. **CVE-2018-12127**\u2014Microarchitectural Load Port Data Sampling (MLPDS), also part of [RIDL class of attacks](<https://mdsattacks.com/files/ridl.pdf>).\n 4. **CVE-2019-11091**\u2014Microarchitectural Data Sampling Uncacheable Memory (MDSUM), also part of RIDL class of attacks.\n \nThe Fallout attack is a new transient execution attack that could allow unprivileged user processes to steal information from a previously unexplored microarchitectural component called Store Buffers. \n \nThe attack can be used to read data that the operating system recently wrote and also helps to figure out the memory position of the operating system that could be exploited with other attacks. \n\n\n \nIn their proof-of-concept attack, researchers showed how Fallout could be used to break Kernel Address Space Layout Randomization (KASLR), and leak sensitive data written to memory by the operating system kernel. \n \nZombieLoad attack affects a wide range of desktops, laptops, and cloud computers with Intel processor generations released from 2011 onwards. It can be used to read data that is recently accessed or accessed in parallel on the same processor core. \n\n\nThe ZombieLoad attack does not only work on personal computers to leak information from other applications and the operating system but can also be exploited on virtual machines running in the cloud with common hardware. \n \n\n\n> \"ZombieLoad is furthermore not limited to native code execution, but also works across virtualization boundaries. Hence, virtual machines can attack not only the hypervisor but also different virtual machines running on a sibling logical core,\" researchers explain.\n\n \n\n\n> \"We conclude that disabling hyperthreading, in addition to flushing several microarchitectural states during context switches, is the only possible workaround to prevent this extremely powerful attack.\"\n\n \nResearchers even made available a [tool for Windows](<https://mdsattacks.com/files/mdstool-win.zip>) and [Linux users](<https://mdsattacks.com/files/mdstool-linux.zip>) to test their systems against RIDL and Fallout attacks as well as other speculative execution flaws. \n \nResearchers tested their proof-of-concept exploits against Intel Ivy Bridge, Haswell, Skylake and Kaby Lake microarchitectures as shown in the video demonstrations. \n\n\n \nAcademics have discovered the MDS vulnerabilities from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. \n \nMultiple researchers independently reported Intel of the MSD vulnerabilities starting June 2018, but the Chip giant had asked all the researchers to keep their findings secret, some for more than a year, until the company could come out with fixes for the vulnerabilities. \n\n\nIntel has now released Microcode Updates (MCU) updates to fix the MDS vulnerabilities in both hardware and software by clearing all data from buffers whenever the CPU crosses a security boundary so that the data can't be leaked or stolen. \n \nEvery operating system, virtualization vendor, and other software makers are highly recommended to implement the patch as soon as possible. \n \nAMD and ARM chips are not vulnerable to the MDS attacks, and Intel says that some models of its chip already include hardware mitigations against this flaw. \n \n[Apple](<https://support.apple.com/en-us/HT210107>) says it released a fix to address the vulnerability in the macOS Mojave 10.14.5 and Safari updates that were released yesterday. \n \n[Microsoft](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013>) has also released software updates to help mitigate the MDS vulnerabilities. In some cases, the company says installing the updates will have a performance impact. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "modified": "2019-05-14T20:20:06", "published": "2019-05-14T20:20:00", "id": "THN:ABCC9DD36D10CA51E767D6104EF69F5C", "href": "https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html", "type": "thn", "title": "New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011", "cvss": {"score": 0.0, "vector": "NONE"}}], "citrix": [{"lastseen": "2020-12-24T11:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security issues have been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.</p>\n<p>These issues have the following identifiers:</p>\n<p>\u2022 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling</p>\n<p>\u2022 CVE-2018-12127: Microarchitectural Load Port Data Sampling</p>\n<p>\u2022 CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling</p>\n<p>\u2022 CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory</p>\n<p>Although these are not vulnerabilities in the Citrix Hypervisor (formerly Citrix XenServer) product, this bulletin and associated hotfixes provides assistance in mitigating these CPU issues.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with AMD CPUs are believed to be unaffected by these issues.</p>\n<p>Some Intel CPUs are believed to be unaffected by these issues. A list of affected Intel CPUs is expected to be made available at <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a></p>\n<p>Identification of the specific CPU(s) present on a Citrix Hypervisor machine may be obtained by typing the command</p>\n<p> <i>grep \u201cmodel name\u201d /proc/cpuinfo</i></p>\n<p>in the Dom0 console.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Full mitigation of these issues for systems with vulnerable CPUs requires all of:</p>\n<ol>\n<li>Updates to Citrix Hypervisor</li>\n<li>Updates to the CPU microcode</li>\n<li>Disabling CPU hyper-threading (also known as simultaneous multi-threading)</li>\n</ol>\n<p> </p>\n<p>In addition, updates to guest operating systems may be required to protect guest VMs from code running within that same VM. Guest VMs will need to be stopped and started (rather than rebooted) to fully mitigate these issues within the guest VM. Customers are advised to follow their operating system provider\u2019s recommendations. Likewise, updates to the host system firmware (\u201cBIOS updates\u201d) may be required and Citrix recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p> <u>Updates to Citrix Hypervisor</u></p>\n<p>Citrix has released hotfixes that contain mitigations for these CPU issues. These hotfixes can be found on the Citrix website at the following locations:</p>\n<p>Citrix Hypervisor 8.0: CTX250041 \u2013 <a href=\"https://support.citrix.com/article/CTX250041\">https://support.citrix.com/article/CTX250041</a></p>\n<p>Citrix XenServer 7.6: CTX250040 \u2013 <a href=\"https://support.citrix.com/article/CTX250040\">https://support.citrix.com/article/CTX250040</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX250039 \u2013 <a href=\"https://support.citrix.com/article/CTX250039\">https://support.citrix.com/article/CTX250039</a></p>\n<p>Citrix XenServer 7.0: CTX250038 \u2013 <a href=\"https://support.citrix.com/article/CTX250038\">https://support.citrix.com/article/CTX250038</a></p>\n<p> <u>Updates to the CPU microcode</u></p>\n<p>The hotfixes released with this bulletin contain microcode for all supported CPU models for which Intel has presently made updates available. This microcode will be automatically applied each time the system boots. Any further microcode updates may be installed by means of system firmware updates (\u201cBIOS updates\u201d) and Citrix strongly recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p>CPUs that are vulnerable to these issues, and for which the CPU manufacturer has not provided microcode updates, will not have full mitigation of these issues.</p>\n<p>Once the hotfix has been applied, customers with vulnerable CPUs can determine if the microcode required to mitigate these issues has been loaded into the CPU by typing the command</p>\n<p> <i>xl dmesg | grep \u201cHardware features:\u201d</i></p>\n<p>in the Dom0 console shortly after the host has rebooted to apply the hotfix. If the output includes the text MD_CLEAR, updated microcode is present.</p>\n<p> <u>Disabling CPU hyper-threading</u></p>\n<p>Mitigation of these issues requires disabling hyper-threading on vulnerable CPUs. Customers should evaluate their workload and determine if the mitigation of disabling hyper-threading is required in their environment, and to understand the performance impact of this mitigation. Citrix recommends disabling hyper-threading in deployments with untrusted workloads. The following document provides the steps to disable hyper-threading via the Xen command line: <a href=\"https://support.citrix.com/article/CTX237190\">https://support.citrix.com/article/CTX237190</a></p>\n<p>Note that disabling hyper-threading will result in the number of available pCPUs being reduced and is likely to adversely impact performance. The following document covers additional issues that may be encountered in environments where customers have over-provisioned or pinned pCPUs (for example when hyper-threads are disabled): <a href=\"https://support.citrix.com/article/CTX236977\">https://support.citrix.com/article/CTX236977</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>14th May 2019</td>\n<td>Initial publication</td>\n</tr>\n<tr>\n<td>16th May 2019</td>\n<td>Added additional hotfixes and included guidance on restarting guest VMs</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-05-16T04:00:00", "published": "2019-05-14T04:00:00", "id": "CTX251995", "href": "https://support.citrix.com/article/CTX251995", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}]}