ID OPENSUSE-SU-2019:1402-1 Type suse Reporter Suse Modified 2019-05-16T15:39:54
Description
This update for ucode-intel fixes the following issues:
This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)
Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)
These updates contain the CPU Microcode adjustments for the software
mitigations.
For more information on this set of vulnerabilities, check out
<a rel="nofollow" href="https://www.suse.com/support/kb/doc/?id=7023736">https://www.suse.com/support/kb/doc/?id=7023736</a>
Release notes:
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
{"vmware": [{"lastseen": "2019-11-14T23:21:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**1\\. Impacted Products**\n\n * VMware vCenter Server (VC)\n * VMware vSphere ESXi (ESXi)\n * VMware Workstation Pro / Player (WS)\n * VMware Fusion Pro / Fusion (Fusion)\n * vCloud Usage Meter (UM)\n * Identity Manager (vIDM)\n * vCenter Server (vCSA)\n * vSphere Data Protection (VDP)\n * vSphere Integrated Containers (VIC)\n * vRealize Automation (vRA)\n\n**2\\. Introduction \n**\n\nIntel has disclosed details on speculative-execution vulnerabilities known collectively as \u201cMicroarchitectural Data Sampling (MDS)\" that can occur on Intel microarchitecture prior to 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake). These issues may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms. \n\n\nThere are four uniquely identifiable vulnerabilities associated with MDS: \n\n\n * CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) - CVSSv3 = 6.5\n * CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVSSv3 = 6.5\n * CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) - CVSSv3 = 6.5\n * CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVSSv3 = 3.8\n\nTo assist in understanding speculative-execution vulnerabilities, VMware previously defined the following mitigation categories:\n\n * _Hypervisor-Specific Mitigations_ prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.\n * _Hypervisor-Assisted Guest Mitigations _virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.\n * _Operating System-Specific Mitigations_ are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware Virtual Appliances, by VMware.\n * _Microcode Mitigations_ are applied to a system\u2019s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective. \n\n\nMDS vulnerabilities require _Hypervisor-Specific Mitigations_ (described in section 3a.) _Hypervisor-Assisted Guest Mitigations_ (described in section 3b.) and _Operating System-Specific Mitigations_ (described in section 3c.) \n\n\n**3a. _Hypervisor-Specific Mitigations_ for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 \n** \n\n\n**Description: \n**\n\nvCenter Server, ESXi, Workstation, and Fusion updates include _Hypervisor-Specific Mitigations_ for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the [Moderate severity range](<https://www.vmware.com/support/policies/security_response.html>) with a maximum CVSSv3 base score of 6.5. \n\n\n**Known Attack Vectors: \n**\n\nA malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. \n\n\nThere are two known attack vector variants for MDS at the Hypervisor level:\n\n * _Sequential-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.\n * _Concurrent-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.\n\n**Resolution:**\n\n * The _Sequential-context attack vector_ (Inter-VM): is mitigated by a Hypervisor update to the product versions listed in the table below. These mitigations are dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.\n * The _Concurrent-context attack vector_ (Inter-VM): is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default.\n\n**Workarounds:**\n\n * There are no known Hypervisor-Specific workarounds for the MDS class of vulnerabilities.\n\n**Additional Documentation:**\n\n * vSphere: [KB67577](<https://kb.vmware.com/kb/67577>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts\n * Workstation/Fusion: [KB68025](<https://kb.vmware.com/kb/68025>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts.\n\n**Notes: \n**\n\n * VMware Hypervisors running on 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities.\n\n**Acknowledgements:**\n\n * None.\n\n**Resolution Matrix: \n \n**\n\nProduct | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation \n---|---|---|---|---|---|---|---|--- \nvCenter Server1 | 6.7 | Any | N/A | N/A | N/A | [6.7 U2a](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.5 | Any | N/A | N/A | N/A | [6.5 U2g](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.0 | Any | N/A | N/A | N/A | [6.0 U3i](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi3 | 6.7 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi670-201911401-BG \nESXi670-201911402-BG2 \n](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.5 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi650-201905401-BG \nESXi650-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.0 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi600-201905401-BG \nESXi600-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nWorkstation3 | 15.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [15.5.1](<https://www.vmware.com/go/downloadworkstation>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \nFusion3 | 11.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [11.5.1](<https://www.vmware.com/go/downloadfusion>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \n \n1\\. vCenter updates are listed in the above table as a requirement for _Hypervisor-Specific Mitigations_ as these updates include enhanced EVC modes which support the new MD-CLEAR functionality included in ESXi microcode updates. \n2\\. These patches contain updated microcode. At the time of this publication Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi. \n3\\. A regression introduced in ESXi 6.7u2, Workstation 15.5.0, and Fusion 11.5.0 causes _Hypervisor-Specific Mitigations_ for L1TF (CVE-2018-3646) and MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be ineffective. This issue has been resolved in the patches reflected in the table above. This regression does not affect the ESXi 6.5 and 6.0 release lines, nor does it affect ESXi 6.7u2 if the _ESXi Side-Channel-Aware Scheduler Version 2_ is enabled.\n", "edition": 4, "modified": "2019-11-12T00:00:00", "published": "2019-05-14T00:00:00", "id": "VMSA-2019-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html", "title": "VMware product updates enable\u00a0Hypervisor-Specific Mitigations,\u00a0Hypervisor-Assisted Guest Mitigations, and\u00a0Operating System-Specific Mitigations\u00a0for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and\u00a0CVE-2019-11091)", "type": "vmware", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784685 (BIG-IP), ID 786089 (BIG-IQ), ID 787421 (F5 iWorkflow), ID 787397 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability and understanding of any potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-05-16T01:28:00", "id": "F5:K80159635", "href": "https://support.f5.com/csp/article/K80159635", "title": "Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784677 (BIG-IP), ID 785913 (BIG-IQ), ID 787429 (F5 iWorkflow), ID 787373 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploiting this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:33:00", "published": "2019-05-16T00:33:00", "id": "F5:K52370164", "href": "https://support.f5.com/csp/article/K52370164", "title": "Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784689 (BIG-IP), ID 786105 (BIG-IQ), ID 787417 (F5 iWorkflow), ID 787401 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:12:00", "published": "2019-05-16T01:42:00", "id": "F5:K34303485", "href": "https://support.f5.com/csp/article/K34303485", "title": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784681 (BIG-IP), ID 785937 (BIG-IQ), ID 787425 (F5 iWorkflow), ID 787377 (Enterprise Manager) and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance stability and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:48:00", "published": "2019-05-16T01:14:00", "id": "F5:K97035296", "href": "https://support.f5.com/csp/article/K97035296", "title": "Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12130", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12130"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12130", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12126", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_store_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12126", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:39", "description": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2019-11091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11091"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-", "cpe:/o:fedoraproject:fedora:29"], "id": "CVE-2019-11091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11091", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12127", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12127"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_load_port_data_sampling_firmware:-"], "id": "CVE-2018-12127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12127", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_load_port_data_sampling_firmware:-:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T12:41:52", "description": "This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(boo#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\nRelease notes :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms\n ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3\n X Series; Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 \n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6;\n Xeon E3 v5\n\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\nIt also contains the update to 20190312 release (boo#1129231) :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile\n\n - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop\n\n - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3\n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx\n\n - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8\n Mobile\n\n - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8\n\nAnd it also contains the update to 20180807a, no change except\nlicensing. (boo#1104479).", "edition": 15, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-21T00:00:00", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-1408) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ucode-intel-debugsource", "p-cpe:/a:novell:opensuse:ucode-intel-blob", "p-cpe:/a:novell:opensuse:ucode-intel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:ucode-intel-debuginfo"], "id": "OPENSUSE-2019-1408.NASL", "href": "https://www.tenable.com/plugins/nessus/125304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1408.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-1408) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Check for the openSUSE-2019-1408 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(boo#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\nRelease notes :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms\n ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3\n X Series; Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 \n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6;\n Xeon E3 v5\n\n - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C\n Series\n\n - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile\n\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8\n\n - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9\n\n - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile\n\nIt also contains the update to 20190312 release (boo#1129231) :\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile\n\n - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile\n\n - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop\n\n - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X\n series; Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3\n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon\n Scalable\n\n - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium\n D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx\n\n - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n\n - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8\n Mobile\n\n - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8\n\nAnd it also contains the update to 20180807a, no change except\nlicensing. (boo#1104479).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129231\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel-blob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ucode-intel-20190514-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ucode-intel-blob-20190514-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ucode-intel-debuginfo-20190514-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ucode-intel-debugsource-20190514-32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel / ucode-intel-blob / ucode-intel-debuginfo / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-09-18T10:59:31", "description": "USN-3977-1 provided mitigations for Microarchitectural Data Sampling\n(MDS) vulnerabilities in Intel Microcode for a large number of Intel\nprocessor families. This update provides the corresponding updated\nmicrocode mitigations for Intel Cherry Trail and Bay Trail processor\nfamilies.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-23T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Intel Microcode update (USN-3977-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3977-2.NASL", "href": "https://www.tenable.com/plugins/nessus/125353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3977-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125353);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"USN\", value:\"3977-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Intel Microcode update (USN-3977-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3977-1 provided mitigations for Microarchitectural Data Sampling\n(MDS) vulnerabilities in Intel Microcode for a large number of Intel\nprocessor families. This update provides the corresponding updated\nmicrocode mitigations for Intel Cherry Trail and Bay Trail processor\nfamilies.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3977-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.18.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"intel-microcode\", pkgver:\"3.20190514.0ubuntu0.19.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T04:47:13", "description": "Description of changes:\n\n[4.14.35-1844.4.5.2.el7uek]\n- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) \n[Orabug: 29721848] {CVE-2019-11091}\n- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad \nRzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n\n[4.14.35-1844.4.5.1.el7uek]\n- x86/speculation: Support 'mitigations=' cmdline option (Josh \nPoimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations \noff (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add boot option to enable MDS protection only \nwhile in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Move arch_smt_update() call to after mitigation \ndecisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh \nPoimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Move L1TF to separate directory (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry \n(Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas \nGleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas \nGleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\nfile (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Simplify the CPU bug detection logic (Dominik \nBrodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4628) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4628.NASL", "href": "https://www.tenable.com/plugins/nessus/125113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4628.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125113);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4628) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.14.35-1844.4.5.2.el7uek]\n- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) \n[Orabug: 29721848] {CVE-2019-11091}\n- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad \nRzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n\n[4.14.35-1844.4.5.1.el7uek]\n- x86/speculation: Support 'mitigations=' cmdline option (Josh \nPoimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations \noff (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add boot option to enable MDS protection only \nwhile in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Move arch_smt_update() call to after mitigation \ndecisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} \n{CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh \nPoimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Move L1TF to separate directory (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry \n(Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas \nGleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas \nGleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\nfile (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) \n[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Simplify the CPU bug detection logic (Dominik \nBrodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: \n29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008716.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4628\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.14\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.14.35-1844.4.5.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.14.35-1844.4.5.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.14.35-1844.4.5.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.14.35-1844.4.5.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.14.35-1844.4.5.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-tools-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-tools-4.14.35-1844.4.5.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T04:53:17", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=3885a020649df84b883ea20d11ca15b7d7640201\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/HVM: don't give the wrong impression of WRMSR\n succeeding (root) \n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=71714f34026c4e0b105bf2def8d2dc4c7171d5b8\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Red-tape: Update repo with new CVE for XSA-297 (Patrick\n Colp) [Orabug: 29725297] (CVE-2019-11091)\n\n - x86/spec-ctl: Expose X86_FEATURE_MD_CLEAR to guests\n (Patrick Colp) [Orabug: 29677162] (CVE-2018-12126)\n (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: Introduce options to control VERW\n flushing (Andrew Cooper) [Orabug: 2977162]\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: Infrastructure to use VERW to flush\n pipeline buffers (Andrew Cooper) [Orabug: 29677162]\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: CPUID/MSR definitions for\n Microarchitectural Data Sampling (Andrew Cooper)\n [Orabug: 29677162] (CVE-2018-12126) (CVE-2018-12127)\n (CVE-2018-12130) (CVE-2018-12126) (CVE-2018-12127)\n (CVE-2018-12130)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=0d8ecd7732e56484c10e4b584de17d360d940252\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Config: Update git links to use linux-git.us.oracle.com\n (Patrick Colp) \n\n - gnttab: set page refcount for copy-on-grant-transfer\n (Jan Beulich)", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "OracleVM 3.4 : xen (OVMSA-2019-0016) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2019-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/125104", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0016.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125104);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2019-0016) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=3885a020649df84b883ea20d11ca15b7d7640201\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/HVM: don't give the wrong impression of WRMSR\n succeeding (root) \n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=71714f34026c4e0b105bf2def8d2dc4c7171d5b8\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Red-tape: Update repo with new CVE for XSA-297 (Patrick\n Colp) [Orabug: 29725297] (CVE-2019-11091)\n\n - x86/spec-ctl: Expose X86_FEATURE_MD_CLEAR to guests\n (Patrick Colp) [Orabug: 29677162] (CVE-2018-12126)\n (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: Introduce options to control VERW\n flushing (Andrew Cooper) [Orabug: 2977162]\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: Infrastructure to use VERW to flush\n pipeline buffers (Andrew Cooper) [Orabug: 29677162]\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n (CVE-2018-12126) (CVE-2018-12127) (CVE-2018-12130)\n\n - x86/spec-ctrl: CPUID/MSR definitions for\n Microarchitectural Data Sampling (Andrew Cooper)\n [Orabug: 29677162] (CVE-2018-12126) (CVE-2018-12127)\n (CVE-2018-12130) (CVE-2018-12126) (CVE-2018-12127)\n (CVE-2018-12130)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=0d8ecd7732e56484c10e4b584de17d360d940252\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Config: Update git links to use linux-git.us.oracle.com\n (Patrick Colp) \n\n - gnttab: set page refcount for copy-on-grant-transfer\n (Jan Beulich)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000939.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-222\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-222.0.4.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-222\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-222.0.4.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-17T12:04:09", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by multiple\nvulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0152)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0152_LIBVIRT.NASL", "href": "https://www.tenable.com/plugins/nessus/127426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0152. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127426);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0152)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by multiple\nvulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libvirt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"libvirt-0.10.2-64.el6_10.1\",\n \"libvirt-client-0.10.2-64.el6_10.1\",\n \"libvirt-debuginfo-0.10.2-64.el6_10.1\",\n \"libvirt-devel-0.10.2-64.el6_10.1\",\n \"libvirt-lock-sanlock-0.10.2-64.el6_10.1\",\n \"libvirt-python-0.10.2-64.el6_10.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T05:17:32", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "RHEL 6 : kernel (RHSA-2019:1196) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-1196.NASL", "href": "https://www.tenable.com/plugins/nessus/125126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1196. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125126);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1196\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:1196) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1196\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1196\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-abi-whitelists-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-doc-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-firmware-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.94.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.94.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T06:59:40", "description": "a. Hypervisor Specific and Hypervisor-Assisted Guest Mitigations for\nMDS vulnerabilities\n\nvCenter Server, ESXi, Workstation, and Fusion updates support\nHypervisor-Specific and Hypervisor-Assisted Guest Mitigations for MDS\nspeculative execution vulnerabilities. These updates expose new CPU\ncontrol bits via microcode listed in the table below to the Virtual\nMachine layer. VMware has evaluated the severity of these issues to be\nin the Moderate severity range with a maximum CVSSv3 base score of", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "VMSA-2019-0008 : MDS Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi:6.5", "cpe:/o:vmware:esxi:6.0", "cpe:/o:vmware:esxi:6.7"], "id": "VMWARE_VMSA-2019-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/125146", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2019-0008. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125146);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"VMSA\", value:\"2019-0008\");\n script_xref(name:\"IAVA\", value:\"2019-A-0167\");\n\n script_name(english:\"VMSA-2019-0008 : MDS Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Hypervisor Specific and Hypervisor-Assisted Guest Mitigations for\nMDS vulnerabilities\n\nvCenter Server, ESXi, Workstation, and Fusion updates support\nHypervisor-Specific and Hypervisor-Assisted Guest Mitigations for MDS\nspeculative execution vulnerabilities. These updates expose new CPU\ncontrol bits via microcode listed in the table below to the Virtual\nMachine layer. VMware has evaluated the severity of these issues to be\nin the Moderate severity range with a maximum CVSSv3 base score of\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2019/000456.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2019-05-14\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:cpu-microcode:6.0.0-3.116.13635687\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:esx-base:6.0.0-3.116.13635687\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsan:6.0.0-3.116.13111540\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsanhealth:6.0.0-3000000.3.0.3.116.13111541\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:cpu-microcode:6.5.0-2.88.13635690\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-base:6.5.0-2.88.13635690\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-tboot:6.5.0-2.88.13635690\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsan:6.5.0-2.88.13111446\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsanhealth:6.5.0-2.88.13111447\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:cpu-microcode:6.7.0-3.77.15018017\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:esx-base:6.7.0-3.77.15018017\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:esx-update:6.7.0-3.77.15018017\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:vsan:6.7.0-3.77.14914424\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:vsanhealth:6.7.0-3.77.14914425\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-14T06:18:09", "description": "This update for ucode-intel fixes the following issues :\n\nucode-intel was updated to official QSR 2019.1 microcode release\n(bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded Broadwell CPU ucode that was missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-22T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:1296-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-22T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo"], "id": "SUSE_SU-2019-1296-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1296-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125333);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:1296-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nucode-intel was updated to official QSR 2019.1 microcode release\n(bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\nCVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded Broadwell CPU ucode that was missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191296-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8799a77e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1296=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1296=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1296=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1296=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1296=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1296=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1296=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1296=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20190514-13.44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20190514-13.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T05:17:24", "description": "An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Need to remove radix-tree symbols from the whitelist (BZ#1696222)\n\n* Installation of kernel-modules-extra rpm conflicts with kmod\nweak-modules (BZ#1703395)", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-14T00:00:00", "title": "RHEL 8 : kernel (RHSA-2019:1167) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2019-1167.NASL", "href": "https://www.tenable.com/plugins/nessus/125036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1167. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125036);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2020/01/30\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1167\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2019:1167) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Need to remove radix-tree symbols from the whitelist (BZ#1696222)\n\n* Installation of kernel-modules-extra rpm conflicts with kmod\nweak-modules (BZ#1703395)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1167\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1167\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-abi-whitelists-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-cross-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-cross-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-common-aarch64-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-doc-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-headers-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-libs-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-core-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-devel-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-extra-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-debuginfo-4.18.0-80.1.2.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T04:47:14", "description": "Description of changes:\n\n[2.6.39-400.310.1.el6uek]\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) \n[Orabug: 29752091] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2019-11091}\n- x86/speculation/mds: Only worry about firmware loaded microcode \n(Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127} {CVE-2019-11091}\n\n[2.6.39-400.309.1.el6uek]\n- x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: \n29721938] {CVE-2019-11091}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641786] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Allow runtime checking of CPU features (Patrick \nColp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris \nOstrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas \nGleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: \n29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: \n29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 17, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4637) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4637.NASL", "href": "https://www.tenable.com/plugins/nessus/125116", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4637.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125116);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4637) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.310.1.el6uek]\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) \n[Orabug: 29752091] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2019-11091}\n- x86/speculation/mds: Only worry about firmware loaded microcode \n(Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127} {CVE-2019-11091}\n\n[2.6.39-400.309.1.el6uek]\n- x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: \n29721938] {CVE-2019-11091}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641786] \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Allow runtime checking of CPU features (Patrick \nColp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris \nOstrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas \nGleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} \n{CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: \n29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) \n[Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} \n{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: \n29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008725.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4637\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.310.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.310.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.310.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.310.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.310.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.310.1.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "thn": [{"lastseen": "2019-05-14T20:36:04", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "[](<https://1.bp.blogspot.com/-znUidkkAPSY/XNsdfIR3FZI/AAAAAAAAz_k/3Tf6a5Rz7VsAkj511NSFP3z7_ot_MLXeQCLcBGAs/s728-e100/intel-processor-vulnerability.jpg>)\n\nAcademic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. \n \nAfter the discovery of [Spectre and Meltdown](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) processor vulnerabilities earlier last year that put practically every computer in the world at risk, different [classes of Spectre](<https://thehackernews.com/2018/11/meltdown-spectre-vulnerabilities.html>) and [Meltdown variations](<https://thehackernews.com/2018/08/foreshadow-intel-processor-vulnerability.html>) surfaced again and again. \n \nNow, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. \n \nThe newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. \n \n[Speculative execution](<https://thehackernews.com/2018/01/intel-amt-vulnerability.html>) is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. \n\n\n \nDubbed Microarchitectural Data Sampling ([MDS attacks](<https://mdsattacks.com/>)), the newest class of vulnerabilities consist of four different flaws, which, unlike existing attacks that leak data stored in CPU caches, can leak arbitrary in-flight data from CPU-internal buffers, such as Line Fill Buffers, Load Ports, or Store Buffers. \n \n\n\n> \"The new vulnerabilities can be used by motivated hackers to leak privileged information data from an area of the memory that hardware safeguards deem off-limits. It can be weaponized in highly targeted attacks that would normally require system-wide privileges or deep subversion of the operating system,\" BitDefender told The Hacker New.\n\n \nHere's the list of vulnerabilities derive from the newest [MDS speculative execution](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling#MDS-buffer-overwrite>) in Intel processors: \n \n\n\n 1. **CVE-2018-12126**\u2014Microarchitectural Store Buffer Data Sampling (MSBDS), also known as [Fallout attack](<https://mdsattacks.com/files/fallout.pdf>).\n 2. **CVE-2018-12130**\u2014Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as [Zombieload](<https://zombieloadattack.com/>), or** RIDL** (Rogue In-Flight Data Load).\n 3. **CVE-2018-12127**\u2014Microarchitectural Load Port Data Sampling (MLPDS), also part of [RIDL class of attacks](<https://mdsattacks.com/files/ridl.pdf>).\n 4. **CVE-2019-11091**\u2014Microarchitectural Data Sampling Uncacheable Memory (MDSUM), also part of RIDL class of attacks.\n \nThe Fallout attack is a new transient execution attack that could allow unprivileged user processes to steal information from a previously unexplored microarchitectural component called Store Buffers. \n \nThe attack can be used to read data that the operating system recently wrote and also helps to figure out the memory position of the operating system that could be exploited with other attacks. \n\n\n \nIn their proof-of-concept attack, researchers showed how Fallout could be used to break Kernel Address Space Layout Randomization (KASLR), and leak sensitive data written to memory by the operating system kernel. \n \nZombieLoad attack affects a wide range of desktops, laptops, and cloud computers with Intel processor generations released from 2011 onwards. It can be used to read data that is recently accessed or accessed in parallel on the same processor core. \n\n\nThe ZombieLoad attack does not only work on personal computers to leak information from other applications and the operating system but can also be exploited on virtual machines running in the cloud with common hardware. \n \n\n\n> \"ZombieLoad is furthermore not limited to native code execution, but also works across virtualization boundaries. Hence, virtual machines can attack not only the hypervisor but also different virtual machines running on a sibling logical core,\" researchers explain.\n\n \n\n\n> \"We conclude that disabling hyperthreading, in addition to flushing several microarchitectural states during context switches, is the only possible workaround to prevent this extremely powerful attack.\"\n\n \nResearchers even made available a [tool for Windows](<https://mdsattacks.com/files/mdstool-win.zip>) and [Linux users](<https://mdsattacks.com/files/mdstool-linux.zip>) to test their systems against RIDL and Fallout attacks as well as other speculative execution flaws. \n \nResearchers tested their proof-of-concept exploits against Intel Ivy Bridge, Haswell, Skylake and Kaby Lake microarchitectures as shown in the video demonstrations. \n\n\n \nAcademics have discovered the MDS vulnerabilities from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. \n \nMultiple researchers independently reported Intel of the MSD vulnerabilities starting June 2018, but the Chip giant had asked all the researchers to keep their findings secret, some for more than a year, until the company could come out with fixes for the vulnerabilities. \n\n\nIntel has now released Microcode Updates (MCU) updates to fix the MDS vulnerabilities in both hardware and software by clearing all data from buffers whenever the CPU crosses a security boundary so that the data can't be leaked or stolen. \n \nEvery operating system, virtualization vendor, and other software makers are highly recommended to implement the patch as soon as possible. \n \nAMD and ARM chips are not vulnerable to the MDS attacks, and Intel says that some models of its chip already include hardware mitigations against this flaw. \n \n[Apple](<https://support.apple.com/en-us/HT210107>) says it released a fix to address the vulnerability in the macOS Mojave 10.14.5 and Safari updates that were released yesterday. \n \n[Microsoft](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013>) has also released software updates to help mitigate the MDS vulnerabilities. In some cases, the company says installing the updates will have a performance impact. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "modified": "2019-05-14T20:20:06", "published": "2019-05-14T20:20:00", "id": "THN:ABCC9DD36D10CA51E767D6104EF69F5C", "href": "https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html", "type": "thn", "title": "New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:41:14", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516058, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>The Windows 10 April 2018 Update will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running the\u00a0Windows 10\u00a0April 2018 Update\u00a0starting July 16, 2019\u00a0to help ensure that these devices\u00a0remain\u00a0in a serviced\u00a0and\u00a0secure state. For more information, see the Windows 10, version 1903 section of\u00a0the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/release-information/status-windows-10-1903\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">release information dashboard</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder\u00a0</strong>March 12\u00a0and April 9\u00a0were the last two Delta updates for Windows 10, version\u00a01803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Starting with update KB4499183, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (<strong>Settings </strong>> <strong>Update & Security</strong> > <strong>Windows Update</strong>). If you would like to get an available update right away, select <strong>Download and install now</strong>. To find out more about this feature, please go to this <a href=\"https://blogs.windows.com/windowsexperience/?p=172316\" managed-link=\"\" target=\"_blank\">blog</a>.\u00a0</p><p><em>When Windows 10 devices are at, or within several months of reaching, end of service, Windows Update will begin to automatically initiate a feature update. This keeps those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer, Microsoft Edge,\u00a0and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, Windows Server, and Microsoft Edge.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</td><td><p>This issue is resolved in <a data-content-id=\"4519978\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4519978</a>.</p></td></tr><tr><td>After installing this update, Windows Mixed Reality Portal users may intermittently receive a \u201c15-5\u201d error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing \u201cWake up\u201d may appear to produce no action.</td><td><p>This issue is resolved in <a data-content-id=\"4519978\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4519978</a>.</p></td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</p><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</td><td><p>This issue is resolved in <a data-content-id=\"4534308\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4534308</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512576\" managed-link=\"\" target=\"_blank\">KB 4512576</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516058\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/b/0/1/b011d23a-2e4e-4a36-aa96-790c565c9091/4516058.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516058</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 25, "modified": "2020-01-23T22:44:44", "id": "KB4516058", "href": "https://support.microsoft.com/en-us/help/4516058/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516058 (OS Build 17134.1006)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:52:29", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4515384, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 18362.1031) released September 10,\u00a02019.\u00a0</span>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">ePub support ending in Microsoft Edge</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft Edge will end support for e-books that use the .epub file extension over the next several months. For more information, see <a href=\"https://support.microsoft.com/help/4517840\" managed-link=\"\" target=\"_blank\">Download an ePub app to keep reading e-books</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer, Microsoft Edge,\u00a0networking technologies, and input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><ul><li>Updates for\u00a0storing and managing files.</li><li>Updates an issue that causes a code 52 error (an exclamation mark inside a yellow triangle) when connecting a Bluetooth audio device.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Addresses an issue that causes high CPU usage from\u00a0<strong>SearchUI.exe</strong>\u00a0for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search.</li><li>Addresses an issue that causes a code 52 error (an exclamation mark inside a yellow triangle) when connecting a Bluetooth audio device.</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>Microsoft has received reports that audio in certain games is quieter or different than expected after installing this update. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.</td><td><p>This issue is resolved in <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4517211\" managed-link=\"\" target=\"_blank\">KB4517211</a>.</p></td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</p><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</td><td><p>This issue is resolved in <a data-content-id=\"4530684\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4530684</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU\u00a0and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4515383\" managed-link=\"\" target=\"_blank\">KB 4515383</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4515384\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10, version 1903 and later</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/5/7/4/5741ea9f-30fd-436c-b9f8-08e84455b129/4515384.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4515384</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 27, "modified": "2019-12-10T18:42:58", "id": "KB4515384", "href": "https://support.microsoft.com/en-us/help/4515384/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4515384 (OS Build 18362.356)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:35", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516055, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4512512\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512512</a> (released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512939\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512939</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516055\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows Server 2012, Windows Embedded 8 Standard</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/7/d/67dcdbbd-9bb7-4037-9458-3197fcf7b3d5/4516055.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4516055</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 17, "modified": "2019-09-10T20:10:41", "id": "KB4516055", "href": "https://support.microsoft.com/en-us/help/4516055/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516055 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:41:05", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4503273, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span>Customers who have applied KB4489887 or later Monthly Rollup Packages </span></span><span>to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The \u201cbuild number\u201d component of the version string increases by 1, and the revision number decreases by approximately 4000 numbers. To find out more about this change please refer to the following <a data-content-id=\"4495374\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</span></span></span></p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4499184\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4499184</a> (released May 23, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" originalsrc=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" shash=\"cgZ6fxMrQXl5WDKOS9UeiMKo1aOk6N/CLx43s1XLy1TzMAWUeHnq1Kp14OPeyoPe8tRI/5Zhihlc3cV7XL/RZpnWOskkEJcBmZvtkjnvqvPYNC3uJiWgsi/SzHvsx6mI8RcVh69zn+MmkO9QFVvOdgVHRRg2gjP90PvPeesgDM8=\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Kernel, Internet Information Services, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log </strong>in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing this update on a WDS server.</td><td><p>This issue is resolved in <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4493730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493730</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503273\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/A/A/D/AADEFFA5-FD28-4AC4-93C6-3A28586CA88D/4503273.csv\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">file information for update 4503273</a>.\u00a0</p></div></body></html>", "edition": 15, "modified": "2019-08-19T19:05:56", "id": "KB4503273", "href": "https://support.microsoft.com/en-us/help/4503273/", "published": "2019-06-11T00:00:00", "title": "June 11, 2019\u2014KB4503273 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:42:40", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499165, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>.\u00a0</em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td width=\"312\"><p><strong>Symptom</strong></p></td><td width=\"312\"><p><strong>Workaround</strong></p></td></tr><tr><td width=\"312\">After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td width=\"312\"><p>This issue is resolved in <a data-content-id=\"4503290\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503290</a>.</p></td></tr><tr><td width=\"312\">Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td width=\"312\"><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p>This update is now available for installation through WSUS. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499165\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/7/3/5/7354FFC9-25A3-461A-973D-EEAB7EAEB3A3/4499165.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499165</a>.\u00a0</p></div></body></html>", "edition": 2, "modified": "2019-06-11T17:43:00", "id": "KB4499165", "href": "https://support.microsoft.com/en-us/help/4499165/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499165 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:43:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4503287, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" originalsrc=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" shash=\"cgZ6fxMrQXl5WDKOS9UeiMKo1aOk6N/CLx43s1XLy1TzMAWUeHnq1Kp14OPeyoPe8tRI/5Zhihlc3cV7XL/RZpnWOskkEJcBmZvtkjnvqvPYNC3uJiWgsi/SzHvsx6mI8RcVh69zn+MmkO9QFVvOdgVHRRg2gjP90PvPeesgDM8=\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Kernel, Internet Information Services, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log </strong>in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</td><td><p>This issue is resolved in <a data-content-id=\"4508774\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4508774</a>.</p></td></tr><tr><td>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing this update on a WDS server.</td><td><p>This issue is resolved in <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4493730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493730</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update is now available for installation through WSUS. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503287\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/C/E/4/CE4CD3CF-45D9-46EB-A54B-AAB4F16D6197/4503287.csv\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">file information for update 4503287</a>.\u00a0</p></div></body></html>", "edition": 2, "modified": "2019-08-19T19:08:19", "id": "KB4503287", "href": "https://support.microsoft.com/en-us/help/4503287/", "published": "2019-06-11T00:00:00", "title": "June 11, 2019\u2014KB4503287 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:53:09", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516062, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512939\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512939</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516062\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows Server 2012, Windows Embedded 8 Standard</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/3/0/7/307fbb9c-4008-4100-ac75-40c89f3f871f/4516062.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516062</a>.\u00a0</p></body></html>", "edition": 3, "modified": "2019-09-10T20:13:57", "id": "KB4516062", "href": "https://support.microsoft.com/en-us/help/4516062/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516062 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)", "modified": "2019-05-15T00:42:24", "published": "2019-05-15T00:39:21", "id": "RHSA-2019:1199", "href": "https://access.redhat.com/errata/RHSA-2019:1199", "type": "redhat", "title": "(RHSA-2019:1199) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:10", "published": "2019-05-14T21:23:37", "id": "RHSA-2019:1179", "href": "https://access.redhat.com/errata/RHSA-2019:1179", "type": "redhat", "title": "(RHSA-2019:1179) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T23:44:59", "published": "2019-05-14T23:37:20", "id": "RHSA-2019:1198", "href": "https://access.redhat.com/errata/RHSA-2019:1198", "type": "redhat", "title": "(RHSA-2019:1198) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:56", "published": "2019-05-15T00:37:52", "id": "RHSA-2019:1203", "href": "https://access.redhat.com/errata/RHSA-2019:1203", "type": "redhat", "title": "(RHSA-2019:1203) Important: vdsm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:10", "published": "2019-05-14T21:23:50", "id": "RHSA-2019:1176", "href": "https://access.redhat.com/errata/RHSA-2019:1176", "type": "redhat", "title": "(RHSA-2019:1176) Important: kernel-rt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:32:19", "published": "2019-05-15T00:13:36", "id": "RHSA-2019:1188", "href": "https://access.redhat.com/errata/RHSA-2019:1188", "type": "redhat", "title": "(RHSA-2019:1188) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Need to remove radix-tree symbols from the whitelist (BZ#1696222)\n\n* Installation of kernel-modules-extra rpm conflicts with kmod weak-modules (BZ#1703395)", "modified": "2019-05-14T22:02:17", "published": "2019-05-14T21:22:00", "id": "RHSA-2019:1167", "href": "https://access.redhat.com/errata/RHSA-2019:1167", "type": "redhat", "title": "(RHSA-2019:1167) Important: kernel security and bug fix update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:49:10", "published": "2019-05-14T22:09:20", "id": "RHSA-2019:1184", "href": "https://access.redhat.com/errata/RHSA-2019:1184", "type": "redhat", "title": "(RHSA-2019:1184) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:09", "published": "2019-05-14T21:23:31", "id": "RHSA-2019:1178", "href": "https://access.redhat.com/errata/RHSA-2019:1178", "type": "redhat", "title": "(RHSA-2019:1178) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:58", "published": "2019-05-15T00:38:09", "id": "RHSA-2019:1205", "href": "https://access.redhat.com/errata/RHSA-2019:1205", "type": "redhat", "title": "(RHSA-2019:1205) Important: rhvm-setup-plugins security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "hp": [{"lastseen": "2020-12-24T13:22:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "## Potential Security Impact\nInformation Disclosure\n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported By**: Intel \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout. See table below for further details.\n\nVulnerability\n\n| \n\nDescription\n\n| \n\nCVE \n \n---|---|--- \n \nFallout, RIDL\n\n| \n\nMicroarchitectural Store Buffer Data Sampling (MSBDS) \n\n| \n\nCVE-2018-12126 \n \nRIDL\n\n| \n\nMicroarchitectural Load Port Data Sampling (MLPDS)\n\n| \n\nCVE-2018-12127 \n \nZombieLoad, RIDL\n\n| \n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS)\n\n| \n\nCVE-2018-12130 \n \nRIDL\n\n| \n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n| \n\nCVE-2019-11091\n\n## RESOLUTION\nBoth software updates and firmware updates are required. See the links below for more information regarding software updates.\n\nHypervisors could also be affected. Check with your hypervisor vendor for potential software patches.\n\nHP has identified the affected platforms and target dates for Softpaqs for firmware updates. See the affected platforms listed below. \n", "edition": 6, "modified": "2020-09-10T00:00:00", "published": "2019-05-14T00:00:00", "id": "HP:C06330149", "href": "https://support.hp.com/us-en/document/c06330149", "title": "HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates", "type": "hp", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "xen": [{"lastseen": "2019-05-14T21:19:00", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "#### ISSUE DESCRIPTION\nMicroarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of:\n * CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling * CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling * CVE-2018-12130 - MFBDS - Microarchitectural Fill Buffer Data Sampling * CVE-2019-11091 - MDSUM - Microarchitectural Data Sampling Uncacheable Memory\nThese issues pertain to the Load Ports, Store Buffers and Fill Buffers in the pipeline. The Load Ports are used to service all memory reads. The Store Buffers service all in-flight speculative writes (including IO Port writes), while the Fill Buffers service all memory writes which are post-retirement, and no longer speculative.\nUnder certain circumstances, a later load which takes a fault or assist (an internal condition to processor e.g. setting a pagetable Access or Dirty bit) may be forwarded stale data from these buffers during speculative execution, which may then be leaked via a sidechannel.\nMDSUM (Uncacheable Memory) is a special case of the other three. Previously, the use of uncacheable memory was believed to be safe against speculative sidechannels.\nFor more details, see: <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a>\n#### IMPACT\nAn attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes.\nThis can include data from:\n * A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attacker's execution.\nVulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads.\nAn attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nOnly x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\nOnly Intel based processors are potentially affected. Processors from other manufacturers (eg, AMD) are not believed to be vulnerable.\nPlease consult the Intel Security Advisory for details on the affected processors, and which are getting microcode updates.\n", "edition": 1, "modified": "2019-05-14T15:51:00", "published": "2019-05-14T15:51:00", "id": "XSA-297", "href": "http://xenbits.xen.org/xsa/advisory-297.html", "title": "Microarchitectural Data Sampling speculative side channel", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-09-05T14:52:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883055", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1168 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883055\");\n script_version(\"2019-09-05T05:22:48+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 05:22:48 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:04 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1168 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1168\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023314.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1168 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an\nunprivileged attacker could use this flaw to read private data resident\nwithin the CPU's processor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~957.12.2.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:47:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-07-25T00:00:00", "id": "OPENVAS:1361412562310852638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852638", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1805-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852638\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-25 02:01:52 +0000 (Thu, 25 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1805-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1805-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1805-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n Release notes:\n\n - --- updated platforms ------------------------------------ SNB-E/EN/EP\n C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP\n C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1805=1\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190618~lp150.2.24.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883054", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1169 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883054\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:00 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1169 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1169\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023309.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1169 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result\nin the overlapped portion of the page containing zeros (BZ#1686170)\n\n * Tolerate new s390x crypto hardware for migration (BZ#1695496)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~754.14.2.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844011", "type": "openvas", "title": "Ubuntu Update for intel-microcode USN-3977-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844011\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:18 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for intel-microcode USN-3977-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3977-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3977-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the USN-3977-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:53:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-29T00:00:00", "id": "OPENVAS:1361412562310852523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852523", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852523\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-29 02:00:49 +0000 (Wed, 29 May 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1468-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1468-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00066.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1468-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode\n release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\n CVE-2019-11091)\n\n - --- new platforms ---------------------------------------- VLV\n C0 6-37-8/02 00000838 Atom Z series VLV C0\n 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV\n D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n 6-4c-3/01 00000368 Atom X series CHV D0\n 6-4c-4/01 00000411 Atom X series\n\n read missing in last update:\n\n BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4, Core\n i7-69xx/68xx\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1468=1\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190514~lp150.2.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191611", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1611)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1611\");\n script_version(\"2020-01-23T12:16:56+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:16:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:16:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1611)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1611\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1611\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kvm' package(s) announced via the EulerOS-SA-2019-1611 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.(CVE-2018-12126)\n\nA flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.CVE-2018-12130\n\nMicroprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.(CVE-2018-12127)\n\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'kvm' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~4.4.11~30.014\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-06-01T20:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.10.2-64.0.1]\n- Replace docs/et.png in tarball with blank image\n[0.10.2-64.el6_10.1]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1180", "href": "http://linux.oracle.com/errata/ELSA-2019-1180.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.5.0-10.0.1]\n- bump the version\n[4.5.0-10.el7_6.9]\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-10.el7_6.8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1177", "href": "http://linux.oracle.com/errata/ELSA-2019-1177.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[2.6.39-400.310.1]\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [Orabug: 29752091] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Only worry about firmware loaded microcode (Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n[2.6.39-400.309.1]\n- x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: 29721938] {CVE-2019-11091}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Allow runtime checking of CPU features (Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4637", "href": "http://linux.oracle.com/errata/ELSA-2019-4637.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.14.35-1844.4.5.2]\n- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}\n- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n[4.14.35-1844.4.5.1]\n- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\nfile (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4628", "href": "http://linux.oracle.com/errata/ELSA-2019-4628.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[2.6.32-754.14.2.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754.14.2]\n- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n[2.6.32-754.14.1]\n- [s390] kernel: Add crypto card toleration support (Hendrik Brueckner) [1695496]\n[2.6.32-754.13.1]\n- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1686170]", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1169", "href": "http://linux.oracle.com/errata/ELSA-2019-1169.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.12.1.2-2.506.el6_10.3]\n- kvm-target-i386-define-md-clear-bit.patch [bz#1698996]\n- Resolves: bz#1698996\n (CVE-2018-12130 qemu-kvm: hardware: MFBDS)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1181", "href": "http://linux.oracle.com/errata/ELSA-2019-1181.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2019-05-28T14:31:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for ucode-intel fixes the following issues:\n\n The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode\n release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127\n CVE-2019-11091)\n\n ---- new platforms ---------------------------------------- VLV\n C0 6-37-8/02 00000838 Atom Z series VLV C0\n 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV\n D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n 6-4c-3/01 00000368 Atom X series CHV D0\n 6-4c-4/01 00000411 Atom X series\n\n Readded missing in last update:\n\n BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\n i7-69xx/68xx\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-28T12:15:51", "published": "2019-05-28T12:15:51", "id": "OPENSUSE-SU-2019:1468-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00066.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-06-03T16:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for libvirt fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the libvirt adjustments, that pass through the new\n 'md-clear' CPU flag (bsc#1135273).\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-06-03T15:18:12", "published": "2019-06-03T15:18:12", "id": "OPENSUSE-SU-2019:1505-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html", "title": "Security update for libvirt (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-16T18:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionaly\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the "mds" commandline option, see the\n documentation.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Other fixes:\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n - Fixes in Live migrating PV domUs\n\n An earlier change broke live migration of PV domUs without a device\n model. The migration would stall for 10 seconds while the domU was paused,\n which caused network connections to drop. Fix this by tracking the need\n for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)\n\n - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-16T15:36:02", "published": "2019-05-16T15:36:02", "id": "OPENSUSE-SU-2019:1403-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00038.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2020-10-30T13:37:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4444-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 14, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 928125\n\nMultiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of data\nfilled into temporary microarchitectural structures (buffers). This\nflaw could allow an attacker controlling an unprivileged process to\nread sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\nfor more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DSA. The\nupdated CPU microcode may also be available as part of a system firmware\n("BIOS") update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the update\nto 4.9.168 in the last Stretch point release.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.168-1+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2019-05-14T21:17:59", "published": "2019-05-14T21:17:59", "id": "DEBIAN:DSA-4444-1:2DFF1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00090.html", "title": "[SECURITY] [DSA 4444-1] linux security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "huawei": [{"lastseen": "2019-07-15T10:37:38", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Products\n\nSwitches\nRouters\nWLAN\nStorage\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nIntelligent Computing\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nIndustry Cloud Enablement Service\nImprovement Service\nCustomer Support Service\nSee All\n\n\n\nPartner\n\nFind a Partner\nChannel Partner Program\nBecome a Partner\nOpenLab\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\nPre-Sale Resource Center\n\nGo to Full Support", "edition": 1, "modified": "2019-07-12T00:00:00", "published": "2019-07-12T00:00:00", "id": "HUAWEI-SA-20190712-01-MDS", "href": "https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-01-mds-en", "title": "Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities", "type": "huawei", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-06-01T18:56:15", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n# Description\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.118\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.26\n * 250.x versions prior to 250.48\n * 170.x versions prior to 170.69\n * 97.x versions prior to 97.96\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.118\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.26\n * Upgrade 250.x versions to 250.48\n * Upgrade 170.x versions to 170.69\n * Upgrade 97.x versions to 97.96\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-1](<https://usn.ubuntu.com/3977-1>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 3, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "CFOUNDRY:E69484607521DCF7CA9844727923D7C3", "href": "https://www.cloudfoundry.org/blog/usn-3977-1/", "title": "USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "myhack58": [{"lastseen": "2019-05-15T15:20:57", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "! [](/Article/UploadPic/2019-5/2019515185455532. png) \n\nSecurity personnel recently discovered for Intel processor of the new side channel attack, which is also following the earlier Meltdown, the Spectre and Foreshadow after a fairly serious security problems. This vulnerability may allow an attacker to obtain the current processor is processing the data. \n\nFor the speculative execution of the new attack mode \nWith three previous side-channel attacks in a similar way, the new attack is the use of the processor's speculative execution problems in the process. \nThis vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling\uff08MDS\uff09attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing. \nCurrently such\uff08MDS\uff09attack has four kinds, respectively is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of data. \n\nThe scope of the impact \nRecently published research papers mentioned, since 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. There are already part of the security personnel posted some demo videos, here you can watch\uff081\u30012\u30013\uff09\u3002 The demo showed Zombieload attack can achieve a breakthrough between applications of the privacy protection function to obtain sensitive information. \n\nBug fixes \nCurrently Intel has released a microcode update, and the new processor will not be affected. Expect Microsoft, Apple and Linux each release will also soon launch a system update to mitigate this vulnerability. \nAt the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large. \nThe current security personnel have been Zombieload establish a website and publish the research papers, bug fixes navigation and other content, the user can timely update: https://zombieloadattack.com/ the. \n\n", "edition": 1, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "MYHACK58:62201994150", "href": "http://www.myhack58.com/Article/html/3/62/2019/94150.htm", "title": "Zombieload: Intel CPU exposure of a new side channel attack-exploit warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2020-12-08T03:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1181\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035345.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:40:19", "published": "2019-05-15T15:40:19", "id": "CESA-2019:1181", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035345.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "threatpost": [{"lastseen": "2020-04-11T11:47:16", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Intel on Tuesday revealed a new class of [speculative execution vulnerabilities](<https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/>), dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.\n\nThe flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems \u2013 and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.\n\n\u201cAs a result of the flaw in the architecture of these processors, an attacker who can execute malicious code locally on an affected system can compromise the confidentiality of data previously handled on the same thread or compromise the confidentiality of data from other hyperthreads on the same processor as the thread where the malicious code executes,\u201d Eric Maurice, director of security for Oracle, [recently wrote in an advisory](<https://blogs.oracle.com/security/intelmds>).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nHere are 10 top takeaways from this latest speculative execution side channel attack impacting Intel chips.\n\n## MDS Different Than Meltdown and Spectre\n\nThe flaws derive from a process called speculative execution in processors. This process \u2013thrown into the spotlight after the 2018 Spectre and Meltdown flaws came to light \u2013 is used in microprocessors so that memory can read before the addresses of all prior memory writes are known.\n\nHowever, while speculative execution side channel attacks \u2013 like Spectre and Meltdown \u2013 targeted data stored in the CPU\u2019s memory; MDS instead refers to issues related to microarchitectural structures of the Intel processors other than the level 1 data cache (where memory is stored). Those issues exists in components called buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers) or Store Buffers (temporary buffers to hold store addresses and data).\n\n## Intel Seeking to Downplay Impact\n\nThere are four vulnerabilities in total tied to MDS. Those are CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. Intel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d\n\nIndeed, CVE-2019-11091 has the lowest severity, with a CVSS score of 3.8, and exists in the microarchitectural data sampling structure for uncacheable memory in CPUs. CVE-2018-12126 (which exists in the Store Buffer), CVE-2018-12127 (which exists in the Load Port) and CVE-2018-12130 (existing in the Fill Buffer) meanwhile have a CVSS score or 6.5, or medium severity.\n\n## Different Attacks Exist to Exploit Flaws\n\nMeanwhile, an array of independent researchers from VUSec, CISPA, Graz University of Technology, and more have developed attacks for these vulnerabilities. Those proof-of-concept attacks were also disclosed Tuesday in coordination with Intel, after mitigations were developed.\n\nThose [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. While these attacks are all based on speculative execution targeting the buffer component of CPUs, they all work in different ways, exploit different flaws and result in different impacts.\n\nFor instance, while ZombieLoad allows attackers to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments; the Fallout attack allows to read data that the operating system recently wrote and to figure out the memory position of the operating system strengthening other attack, and RIDL attack allows to leak information across various security domains\n\n## ZombieLoad: The Hard-Hitting Attack\n\nThe most severe of these attacks is dubbed ZombieLoad, which attacks CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That\u2019s because this attack leaks the most data \u2013 attackers are able to siphon data from system applications, operating system and virtual machines. According to a [research paper](<https://zombieloadattack.com/zombieload.pdf>) released on Tuesday, researchers said that disabling hyperthreading is the \u201conly possible workaround to mitigate ZombieLoad on current processors.\u201d\n\n\u201cWith ZombieLoad, we showed a novel Meltdown-type attack targeting the processor\u2019s fill-buffer logic. ZombieLoad enables an attacker to leak recently loaded values used by the current or sibling logical CPU,\u201d researchers said.\n\nZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including [Meltdown](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>)) as well as researchers from KU Leuven, Cyberus Technology and the Worcester Polytechnic Institute.\n\n## Only Intel is Impacted (That We Know)\n\nIt appears at this time that Intel is the only manufacturer whose chips are impacted. AMD and ARM have both made public statements that the attacks and vulnerabilities related to MDS do not affect their chips.\n\nIn a statement, [AMD said](<https://www.amd.com/en/corporate/product-security>): \u201cAt AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to \u2018Fallout\u2019 or \u2018RIDL\u2019 because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.\u201d\n\n## Future Chips Won\u2019t Be Vulnerable\n\nAccording to Intel\u2019s [microcode update guidance](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>), most Intel Core and Xeon chips dating back to 2011 are theoretically vulnerable to MDS-related flaws.\n\nHowever, Intel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes, Intel said.\n\n## Flood of Vendors Security Advisories\n\nWhile Intel has provided CPU microcode updates, and recommendations for mitigation strategies for operating system (and hypervisor) software, the company recommends users install the software updates provided by your operating system and/or hypervisor vendor. An array of vendors have released separate security advisories in response to MDS, including [Red Hat](<https://access.redhat.com/security/vulnerabilities/mds>), [Oracle](<https://blogs.oracle.com/security/intelmds>), [Apple](<https://threatpost.com/apple-patches-intel-side-channel-ios-macos/144743/>), [Google ](<https://support.google.com/faqs/answer/9330250>)and [Microsoft](<https://threatpost.com/microsoft-patches-zero-day/144742/>).\n\n\u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a [Microsoft advisory released Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013>). \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d\n\nTo completely address these issues, Intel said that there are additional [opt-in mitigations](<https://support.apple.com/kb/HT210107>) to disable hyper threading and enable microcode-based mitigations for all processes by default.\n\n## Performance Hits From Fixes Ignite Concerns\n\nNews that Intel\u2019s fix for ZombieLoad will slow CPU performance has ignited concerns that people will be dissuaded to update their machines. It was a similar case when Spectre and Meltdown fixes were first introduced in 2018.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/15114317/mds-server-hton-16x9.png>)\n\nFor instance, in a security release Apple said that [in tests](<https://support.apple.com/en-us/HT210108>) it found \u201cas much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks\u201d depending on the system.\n\nIntel for its part has a much smaller performance hit estimate: Foe example, in a Core i9 9900K with Hyper-Threading disabled, the company said that the hit could be as little as 9 percent on select data center workloads post-mitigation, for instance.\n\n## How can People Know if Their Systems are Impacted?\n\nResearchers said that it is \u201cvery likely\u201d that Intel chip users\u2019 systems are impacted by the MDS vulnerabilities and subsequent attacks.\n\n\u201cOur attacks affect all modern Intel CPUs in servers, desktops and laptops,\u201d said Fallout researchers [in a post](<https://mdsattacks.com>). \u201cThis includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.\u201d\n\nResearchers also made a tool, [available here](<https://mdsattacks.com>), to discover whether their systems are impacted.\n\n## Side Channel Attacks Continue\n\nThe incident shows that side channel speculative execution attacks continue to plague Intel chips since the Spectre and the related Meltdown vulnerability [were disclosed](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>) in 2018. For instance, in May 2018, in May, a [new vulnerability was found called Variant 4](<https://threatpost.com/intels-virtual-fences-spectre-fix-wont-protect-against-variant-4/132246/>), disclosed by Google Project Zero and Microsoft\u2019s Security Response Center; researchers said it potentially enables attackers to read privileged data across trust boundaries.\n\nMeanwhile, a new Spectre-class exploit, [dubbed SpectreRSB](<https://threatpost.com/new-spectre-level-flaw-targets-return-stack-buffer/134299/>), was detailed by researchers from the University of California at Riverside in a [research paper](<https://arxiv.org/pdf/1807.07940.pdf>) in July; while in August, three new speculative execution design flaws in Intel CPUs [were disclosed](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>), impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-15T16:48:11", "published": "2019-05-15T16:48:11", "id": "THREATPOST:B43D65BEF15E504CF4DFB8EB516972D7", "href": "https://threatpost.com/intel-zombieload-side-channel-attack-10-takeaways/144771/", "type": "threatpost", "title": "Intel ZombieLoad Side-Channel Attack: 10 Takeaways", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "USN-3985-2", "href": "https://ubuntu.com/security/notices/USN-3985-2", "title": "libvirt update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "paloalto": [{"lastseen": "2019-06-28T03:19:19", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Palo Alto Networks has determined that WildFire Appliance (WF-500) and WildFire Cloud are affected by the recent vulnerability disclosures, known as Fallout, RIDL, and Zombieload. We are working to validate and implement software updates to address these issues. We will provide updates as they become available. (PAN-117746/CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091)\n", "edition": 3, "modified": "2019-06-27T00:00:00", "published": "2019-05-29T00:00:00", "id": "PAN-SA-2019-0012", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/150", "title": "Information about Recent Intel Side Channel Vulnerabilities", "type": "paloalto", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:28:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update provides a new kernel 2.6.32-042stab138.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.14.2.el6. The new kernel inherits security fixes for the Microarchitectural Store Buffer Data (MDS) vulnerability from the RHEL kernel.\n**Vulnerability id:** CVE-2018-12130\nA flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n\n**Vulnerability id:** CVE-2018-12126\nModern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.\n\n**Vulnerability id:** CVE-2018-12127\nMicroprocessors use a 'load port' subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU's pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.\n\n**Vulnerability id:** CVE-2019-11091\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.\n\n", "edition": 1, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "VZA-2019-036", "href": "https://help.virtuozzo.com/s/article/VZA-2019-036", "title": "Important kernel security update: New kernel 2.6.32-042stab138.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "citrix": [{"lastseen": "2020-12-24T11:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security issues have been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.</p>\n<p>These issues have the following identifiers:</p>\n<p>\u2022 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling</p>\n<p>\u2022 CVE-2018-12127: Microarchitectural Load Port Data Sampling</p>\n<p>\u2022 CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling</p>\n<p>\u2022 CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory</p>\n<p>Although these are not vulnerabilities in the Citrix Hypervisor (formerly Citrix XenServer) product, this bulletin and associated hotfixes provides assistance in mitigating these CPU issues.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with AMD CPUs are believed to be unaffected by these issues.</p>\n<p>Some Intel CPUs are believed to be unaffected by these issues. A list of affected Intel CPUs is expected to be made available at <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a></p>\n<p>Identification of the specific CPU(s) present on a Citrix Hypervisor machine may be obtained by typing the command</p>\n<p> <i>grep \u201cmodel name\u201d /proc/cpuinfo</i></p>\n<p>in the Dom0 console.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Full mitigation of these issues for systems with vulnerable CPUs requires all of:</p>\n<ol>\n<li>Updates to Citrix Hypervisor</li>\n<li>Updates to the CPU microcode</li>\n<li>Disabling CPU hyper-threading (also known as simultaneous multi-threading)</li>\n</ol>\n<p> </p>\n<p>In addition, updates to guest operating systems may be required to protect guest VMs from code running within that same VM. Guest VMs will need to be stopped and started (rather than rebooted) to fully mitigate these issues within the guest VM. Customers are advised to follow their operating system provider\u2019s recommendations. Likewise, updates to the host system firmware (\u201cBIOS updates\u201d) may be required and Citrix recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p> <u>Updates to Citrix Hypervisor</u></p>\n<p>Citrix has released hotfixes that contain mitigations for these CPU issues. These hotfixes can be found on the Citrix website at the following locations:</p>\n<p>Citrix Hypervisor 8.0: CTX250041 \u2013 <a href=\"https://support.citrix.com/article/CTX250041\">https://support.citrix.com/article/CTX250041</a></p>\n<p>Citrix XenServer 7.6: CTX250040 \u2013 <a href=\"https://support.citrix.com/article/CTX250040\">https://support.citrix.com/article/CTX250040</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX250039 \u2013 <a href=\"https://support.citrix.com/article/CTX250039\">https://support.citrix.com/article/CTX250039</a></p>\n<p>Citrix XenServer 7.0: CTX250038 \u2013 <a href=\"https://support.citrix.com/article/CTX250038\">https://support.citrix.com/article/CTX250038</a></p>\n<p> <u>Updates to the CPU microcode</u></p>\n<p>The hotfixes released with this bulletin contain microcode for all supported CPU models for which Intel has presently made updates available. This microcode will be automatically applied each time the system boots. Any further microcode updates may be installed by means of system firmware updates (\u201cBIOS updates\u201d) and Citrix strongly recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p>CPUs that are vulnerable to these issues, and for which the CPU manufacturer has not provided microcode updates, will not have full mitigation of these issues.</p>\n<p>Once the hotfix has been applied, customers with vulnerable CPUs can determine if the microcode required to mitigate these issues has been loaded into the CPU by typing the command</p>\n<p> <i>xl dmesg | grep \u201cHardware features:\u201d</i></p>\n<p>in the Dom0 console shortly after the host has rebooted to apply the hotfix. If the output includes the text MD_CLEAR, updated microcode is present.</p>\n<p> <u>Disabling CPU hyper-threading</u></p>\n<p>Mitigation of these issues requires disabling hyper-threading on vulnerable CPUs. Customers should evaluate their workload and determine if the mitigation of disabling hyper-threading is required in their environment, and to understand the performance impact of this mitigation. Citrix recommends disabling hyper-threading in deployments with untrusted workloads. The following document provides the steps to disable hyper-threading via the Xen command line: <a href=\"https://support.citrix.com/article/CTX237190\">https://support.citrix.com/article/CTX237190</a></p>\n<p>Note that disabling hyper-threading will result in the number of available pCPUs being reduced and is likely to adversely impact performance. The following document covers additional issues that may be encountered in environments where customers have over-provisioned or pinned pCPUs (for example when hyper-threads are disabled): <a href=\"https://support.citrix.com/article/CTX236977\">https://support.citrix.com/article/CTX236977</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>14th May 2019</td>\n<td>Initial publication</td>\n</tr>\n<tr>\n<td>16th May 2019</td>\n<td>Added additional hotfixes and included guidance on restarting guest VMs</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-05-16T04:00:00", "published": "2019-05-14T04:00:00", "id": "CTX251995", "href": "https://support.citrix.com/article/CTX251995", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}]}
