A flaw was found in the implementation of the “fill buffer”, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.

References

bugzilla.redhat.com/show_bug.cgi?id=1646784

nvd.nist.gov/vuln/detail/CVE-2018-12130

www.cve.org/CVERecord?id=CVE-2018-12130

prion 1

debiancve 1

f5 1

osv 6

veracode 1

nessus 84

ubuntucve 1

cve 1

oraclelinux 12

suse 4

ibm 2

debian 3

ubuntu 5

centos 3

redhat 24

amazon 2

vmware 2

openvas 29

virtuozzo 1

threatpost 2

thn 1

myhack58 2

intel 1

fedora 3

paloalto 1

citrix 1

lenovo 2

mageia 1

cloudfoundry 1

hp 1

prion

Information disclosure

2019-05-30 16:29:00

debiancve

CVE-2018-12130

2019-05-30 16:29:00

K80159635 : Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130

2019-05-15 00:00:00

osv

CVE-2018-12130

2019-05-30 16:29:00

intel-microcode - security update

2019-06-20 00:00:00

linux - security update

2019-05-14 00:00:00

veracode

Information Diclosure

2019-05-16 03:42:19

nessus

F5 Networks BIG-IP : Microarchitectural Fill Buffer Data Sampling (MFBDS) (K80159635)

2023-11-03 00:00:00

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0023) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL)

2019-06-03 00:00:00

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4669)

2019-06-03 00:00:00

ubuntucve

CVE-2018-12130

2019-05-14 00:00:00

cve

CVE-2018-12130

2019-05-30 16:29:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-05-31 00:00:00

kernel security and bug fix update

2019-05-14 00:00:00

qemu-kvm security update

2019-05-15 00:00:00

suse

Security update for ucode-intel (important)

2019-05-28 00:00:00

Security update for ucode-intel (important)

2019-07-24 00:00:00

Security update for xen (important)

2019-05-16 00:00:00

ibm

Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 (known as MDS).

2021-09-22 23:05:38

Security Bulletin: IBM Netezza Firmware Diagnostics Support Tool is affected by the vulnerabilities known as Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities

2019-12-30 14:48:58

debian

[SECURITY] [DLA 1789-2] intel-microcode security update

2019-06-20 21:50:38

[SECURITY] [DSA 4444-1] linux security update

2019-05-14 21:17:39

[SECURITY] [DLA 1787-1] linux-4.9 security update

2019-05-15 21:20:09

ubuntu

libvirt update

2019-05-16 00:00:00

Intel Microcode update

2019-06-20 00:00:00

Linux kernel (Trusty HWE) vulnerabilities

2019-05-15 00:00:00

centos

kernel, perf, python security update

2019-05-15 15:42:15

libvirt security update

2019-05-15 15:41:00

qemu security update

2019-05-15 20:31:32

redhat

(RHSA-2019:1200) Important: qemu-kvm-rhev security update

2019-05-14 20:39:17

(RHSA-2019:1194) Important: libvirt security update

2019-05-14 20:17:03

(RHSA-2019:1189) Important: qemu-kvm security update

2019-05-14 20:13:31

amazon

Important: qemu-kvm

2019-08-07 23:12:00

Important: kernel

2019-05-07 22:54:00

vmware

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

2019-05-14 00:00:00

openvas

Debian: Security Advisory (DLA-1789-2)

2019-05-17 00:00:00

openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)

2019-05-17 00:00:00

openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1805-1)

2019-07-25 00:00:00

virtuozzo

Important kernel security update: New kernel 2.6.32-042stab138.1; Virtuozzo 6.0 Update 12 Hotfix 40 (6.0.12-3739)

2019-05-16 00:00:00

threatpost

Intel CPUs Impacted By New Class of Spectre-Like Attacks

2019-05-14 18:01:49

Intel ZombieLoad Side-Channel Attack: 10 Takeaways

2019-05-15 16:48:11

thn

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

2019-05-14 20:20:00

myhack58

Zombieload: Intel CPU exposure of a new side channel attack-exploit warning-the black bar safety net

2019-05-15 00:00:00

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis on-the vulnerability warning-the black bar safety net

2019-05-20 00:00:00

intel

Microarchitectural Data Sampling Advisory

2021-05-11 00:00:00

fedora

[SECURITY] Fedora 30 Update: qemu-3.1.0-8.fc30

2019-05-17 01:08:38

[SECURITY] Fedora 30 Update: xen-4.11.1-6.fc30

2019-07-01 01:09:24

[SECURITY] Fedora 30 Update: libvirt-5.1.0-5.fc30

2019-05-17 01:08:36

paloalto

Information about Recent Intel Side Channel Vulnerabilities

2019-05-29 00:00:00

citrix

Citrix Hypervisor Security Update

2019-05-14 04:00:00

lenovo

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - Lenovo Support US

2019-05-14 16:38:15

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US

2019-05-14 16:38:15

mageia

Updated kernel packages fix security vulnerability

2019-05-16 11:25:22

cloudfoundry

USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry

2019-05-20 00:00:00

HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates

2019-05-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for RH:CVE-2018-12130