NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an...

EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2019-2289)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an...

EulerOS 2.0 SP8 : qemu (EulerOS-SA-2019-2300)

According to the versions of the qemu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an...

SUSE-SU-2019:2949-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Excepti...

Debian DSA-4564-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. - CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables EPT, a guest VM may manipulate the...

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

Zombieload is back. This time a new variant v2 of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants RIDL and Fallout. Initially...

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

Zombieload is back. This time a new variant v2 of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants RIDL and Fallout. Initially...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

TSX Asynchronous Abort speculative side channel

ISSUE DESCRIPTION This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous...

October 8, 2019—KB4520011 (OS Build 10240.18368)

October 8, 2019—KB4520011 OS Build 10240.18368 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer and Microsoft Edge...

September 10, 2019—KB4516065 (Monthly Rollup)

September 10, 2019—KB4516065 Monthly Rollup IMPORTANT Verify that you have installed the recommended updates listed in the How to get this update section before installing this update. For all updates starting with August 13, 2019, we strongly recommend that you install these updates to prevent a...

September 10, 2019—KB4516033 (Security-only update)

September 10, 2019—KB4516033 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. Improvements and fixes This security update includes quality improvements. Key changes include: Provides...

EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-2210)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an...

Security Bulletin: IBM QRadar SIEM is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Summary IBM QRadar SIEM is vulnerable to Intel Microarchitectural Data Sampling MDS Vulnerabilites Vulnerability Details CVEID: CVE-2019-11091 DESCRIPTION: Microarchitectural Data Sampling Uncacheable Memory MDSUM: Uncacheable memory on some microprocessors utilizing speculative execution may all...

SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling MSBDS: Stored buffers on some microprocessors utilizing speculative...

September 10, 2019—KB4516051 (Security-only update)

September 10, 2019—KB4516051 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

September 10, 2019—KB4516026 (Monthly Rollup)

September 10, 2019—KB4516026 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4512499released August 17, 2019 and addresses the following issues: Provides protections against a new subclass of speculative execution side-channe...

September 10, 2019—KB4516062 (Security-only update)

September 10, 2019—KB4516062 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

September 10, 2019—KB4516044 (OS Build 14393.3204)

September 10, 2019—KB4516044 OS Build 14393.3204 Reminder: The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to th...