{"id": "OPENSUSE-SU-2019:1402-1", "bulletinFamily": "unix", "title": "Security update for ucode-intel (important)", "description": "This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n\n Release notes:\n\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old-&gt;New\n - ---- new platforms ----------------------------------------\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n - ---- updated platforms ------------------------------------\n - SNB D2/G1/Q0 6-2a-7/12 0000002e-&gt;0000002f Core Gen2\n - IVB E1/L1 6-3a-9/12 00000020-&gt;00000021 Core Gen3\n - HSW C0 6-3c-3/32 00000025-&gt;00000027 Core Gen4\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b-&gt;0000002d Core Gen5\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e-&gt;0000042f Core Gen3 X Series;\n Xeon E5 v2\n - IVB-EX D1 6-3e-7/ed 00000714-&gt;00000715 Xeon E7 v2\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041-&gt;00000043 Core Gen4 X series;\n Xeon E5 v3\n - HSX-EX E0 6-3f-4/80 00000013-&gt;00000014 Xeon E7 v3\n - HSW-U C0/D0 6-45-1/72 00000024-&gt;00000025 Core Gen4\n - HSW-H C0 6-46-1/32 0000001a-&gt;0000001b Core Gen4\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e-&gt;00000020 Core Gen5\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6-&gt;000000cc Core Gen6\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a-&gt;0000005e Xeon Scalable\n - SKX-D M1 6-55-4/b7 0200005a-&gt;0000005e Xeon D-21xx\n - BDX-DE V1 6-56-2/10 00000019-&gt;0000001a Xeon D-1520/40\n - BDX-DE V2/3 6-56-3/10 07000016-&gt;07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n - BDX-DE Y0 6-56-4/10 0f000014-&gt;0f000015 Xeon\n D-1557/59/67/71/77/81/87\n - BDX-NS A0 6-56-5/10 0e00000c-&gt;0e00000d Xeon\n D-1513N/23/33/43/53\n - APL D0 6-5c-9/03 00000036-&gt;00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n - SKL-H/S R0/N0 6-5e-3/36 000000c6-&gt;000000cc Core Gen6; Xeon E3 v5\n - DNV B0 6-5f-1/01 00000024-&gt;0000002e Atom Processor C\n Series\n - GLK B0 6-7a-1/01 0000002c-&gt;0000002e Pentium Silver\n N/J5xxx, Celeron N/J4xxx\n - AML-Y22 H0 6-8e-9/10 0000009e-&gt;000000b4 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 0000009a-&gt;000000b4 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 0000009e-&gt;000000b4 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000a4-&gt;000000b8 Core Gen8 Mobile\n - WHL-U V0 6-8e-d/94 000000b2-&gt;000000b8 Core Gen8 Mobile\n - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a-&gt;000000b4 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000aa-&gt;000000b4 Core Gen8 Desktop,\n Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000aa-&gt;000000b4 Core Gen8\n - CFL-H/S P0 6-9e-c/22 000000a2-&gt;000000ae Core Gen9\n - CFL-H R0 6-9e-d/22 000000b0-&gt;000000b8 Core Gen9 Mobile\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "published": "2019-05-16T15:39:54", "modified": "2019-05-16T15:39:54", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00039.html", "reporter": "Suse", "references": ["https://bugzilla.suse.com/1111331"], "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "type": "suse", "lastseen": "2019-05-16T18:20:31", "edition": 1, "viewCount": 183, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-16T18:20:31", "rev": 2}, "dependencies": {"references": [{"type": "vmware", "idList": ["VMSA-2019-0008"]}, {"type": "f5", "idList": ["F5:K80159635", "F5:K52370164", "F5:K34303485", "F5:K97035296"]}, {"type": "cve", "idList": ["CVE-2018-12130", "CVE-2019-11091", "CVE-2018-12127", "CVE-2018-12126"]}, {"type": "nessus", "idList": ["FEDORA_2019-1F5832FC0E.NASL", "ORACLEVM_OVMSA-2019-0016.NASL", "SUSE_SU-2019-1313-1.NASL", "CENTOS_RHSA-2019-1180.NASL", "REDHAT-RHSA-2019-1172.NASL", "REDHAT-RHSA-2019-1174.NASL", "SMB_NT_MS19_MAY_MICROCODE.NASL", "ORACLELINUX_ELSA-2019-1177.NASL", "REDHAT-RHSA-2019-1186.NASL", "REDHAT-RHSA-2019-1178.NASL"]}, {"type": "ubuntu", "idList": ["USN-3983-2", "USN-3977-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1403-1", "OPENSUSE-SU-2019:1505-1", "OPENSUSE-SU-2019:1420-1"]}, {"type": "redhat", "idList": ["RHSA-2019:1186", "RHSA-2019:1203", "RHSA-2019:1168", "RHSA-2019:1181", "RHSA-2019:1201", "RHSA-2019:1195", "RHSA-2019:1198", "RHSA-2019:1182", "RHSA-2019:1208"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876375", "OPENVAS:1361412562310852523", "OPENVAS:1361412562310891787", "OPENVAS:1361412562311220192289", "OPENVAS:1361412562310883056", "OPENVAS:1361412562310883052", "OPENVAS:1361412562310852638", "OPENVAS:1361412562310876383"]}, {"type": "mskb", "idList": ["KB4499165", "KB4516068", "KB4515384", "KB4499158", "KB4516064"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E69484607521DCF7CA9844727923D7C3"]}, {"type": "centos", "idList": ["CESA-2019:1180"]}, {"type": "threatpost", "idList": ["THREATPOST:B43D65BEF15E504CF4DFB8EB516972D7"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1168", "ELSA-2019-4636", "ELSA-2019-1177", "ELSA-2019-4629"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4447-2:8C972", "DEBIAN:DSA-4444-1:2DFF1", "DEBIAN:DSA-4447-1:76E6B", "DEBIAN:DLA-1787-1:EA5F1"]}, {"type": "fedora", "idList": ["FEDORA:E197860874D7"]}, {"type": "amazon", "idList": ["ALAS-2019-1260", "ALAS-2019-1205"]}, {"type": "thn", "idList": ["THN:ABCC9DD36D10CA51E767D6104EF69F5C"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994150"]}], "modified": "2019-05-16T18:20:31", "rev": 2}, "vulnersScore": 6.7}, "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.0", "arch": "x86_64", "operator": "lt", "packageFilename": "ucode-intel-20190507-lp150.2.18.1.x86_64.rpm", "packageName": "ucode-intel", "packageVersion": "20190507-lp150.2.18.1"}]}

{"vmware": [{"lastseen": "2019-11-14T23:21:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**1\\. Impacted Products**\n\n * VMware vCenter Server (VC)\n * VMware vSphere ESXi (ESXi)\n * VMware Workstation Pro / Player (WS)\n * VMware Fusion Pro / Fusion (Fusion)\n * vCloud Usage Meter (UM)\n * Identity Manager (vIDM)\n * vCenter Server (vCSA)\n * vSphere Data Protection (VDP)\n * vSphere Integrated Containers (VIC)\n * vRealize Automation (vRA)\n\n**2\\. Introduction \n**\n\nIntel has disclosed details on speculative-execution vulnerabilities known collectively as \u201cMicroarchitectural Data Sampling (MDS)\" that can occur on Intel microarchitecture prior to 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake). These issues may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms. \n\n\nThere are four uniquely identifiable vulnerabilities associated with MDS: \n\n\n * CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) - CVSSv3 = 6.5\n * CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVSSv3 = 6.5\n * CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) - CVSSv3 = 6.5\n * CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVSSv3 = 3.8\n\nTo assist in understanding speculative-execution vulnerabilities, VMware previously defined the following mitigation categories:\n\n * _Hypervisor-Specific Mitigations_ prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.\n * _Hypervisor-Assisted Guest Mitigations _virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.\n * _Operating System-Specific Mitigations_ are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware Virtual Appliances, by VMware.\n * _Microcode Mitigations_ are applied to a system\u2019s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective. \n\n\nMDS vulnerabilities require _Hypervisor-Specific Mitigations_ (described in section 3a.) _Hypervisor-Assisted Guest Mitigations_ (described in section 3b.) and _Operating System-Specific Mitigations_ (described in section 3c.) \n\n\n**3a. _Hypervisor-Specific Mitigations_ for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 \n** \n\n\n**Description: \n**\n\nvCenter Server, ESXi, Workstation, and Fusion updates include _Hypervisor-Specific Mitigations_ for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the [Moderate severity range](<https://www.vmware.com/support/policies/security_response.html>) with a maximum CVSSv3 base score of 6.5. \n\n\n**Known Attack Vectors: \n**\n\nA malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. \n\n\nThere are two known attack vector variants for MDS at the Hypervisor level:\n\n * _Sequential-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.\n * _Concurrent-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.\n\n**Resolution:**\n\n * The _Sequential-context attack vector_ (Inter-VM): is mitigated by a Hypervisor update to the product versions listed in the table below. These mitigations are dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.\n * The _Concurrent-context attack vector_ (Inter-VM): is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default.\n\n**Workarounds:**\n\n * There are no known Hypervisor-Specific workarounds for the MDS class of vulnerabilities.\n\n**Additional Documentation:**\n\n * vSphere: [KB67577](<https://kb.vmware.com/kb/67577>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts\n * Workstation/Fusion: [KB68025](<https://kb.vmware.com/kb/68025>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts.\n\n**Notes: \n**\n\n * VMware Hypervisors running on 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities.\n\n**Acknowledgements:**\n\n * None.\n\n**Resolution Matrix: \n \n**\n\nProduct | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation \n---|---|---|---|---|---|---|---|--- \nvCenter Server1 | 6.7 | Any | N/A | N/A | N/A | [6.7 U2a](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.5 | Any | N/A | N/A | N/A | [6.5 U2g](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.0 | Any | N/A | N/A | N/A | [6.0 U3i](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi3 | 6.7 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi670-201911401-BG \nESXi670-201911402-BG2 \n](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.5 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi650-201905401-BG \nESXi650-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.0 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi600-201905401-BG \nESXi600-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nWorkstation3 | 15.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [15.5.1](<https://www.vmware.com/go/downloadworkstation>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \nFusion3 | 11.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [11.5.1](<https://www.vmware.com/go/downloadfusion>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \n \n1\\. vCenter updates are listed in the above table as a requirement for _Hypervisor-Specific Mitigations_ as these updates include enhanced EVC modes which support the new MD-CLEAR functionality included in ESXi microcode updates. \n2\\. These patches contain updated microcode. At the time of this publication Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi. \n3\\. A regression introduced in ESXi 6.7u2, Workstation 15.5.0, and Fusion 11.5.0 causes _Hypervisor-Specific Mitigations_ for L1TF (CVE-2018-3646) and MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be ineffective. This issue has been resolved in the patches reflected in the table above. This regression does not affect the ESXi 6.5 and 6.0 release lines, nor does it affect ESXi 6.7u2 if the _ESXi Side-Channel-Aware Scheduler Version 2_ is enabled.\n", "edition": 4, "modified": "2019-11-12T00:00:00", "published": "2019-05-14T00:00:00", "id": "VMSA-2019-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html", "title": "VMware product updates enable\u00a0Hypervisor-Specific Mitigations,\u00a0Hypervisor-Assisted Guest Mitigations, and\u00a0Operating System-Specific Mitigations\u00a0for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and\u00a0CVE-2019-11091)", "type": "vmware", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784685 (BIG-IP), ID 786089 (BIG-IQ), ID 787421 (F5 iWorkflow), ID 787397 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability and understanding of any potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-05-16T01:28:00", "id": "F5:K80159635", "href": "https://support.f5.com/csp/article/K80159635", "title": "Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784677 (BIG-IP), ID 785913 (BIG-IQ), ID 787429 (F5 iWorkflow), ID 787373 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploiting this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:33:00", "published": "2019-05-16T00:33:00", "id": "F5:K52370164", "href": "https://support.f5.com/csp/article/K52370164", "title": "Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784689 (BIG-IP), ID 786105 (BIG-IQ), ID 787417 (F5 iWorkflow), ID 787401 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:12:00", "published": "2019-05-16T01:42:00", "id": "F5:K34303485", "href": "https://support.f5.com/csp/article/K34303485", "title": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784681 (BIG-IP), ID 785937 (BIG-IQ), ID 787425 (F5 iWorkflow), ID 787377 (Enterprise Manager) and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance stability and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:48:00", "published": "2019-05-16T01:14:00", "id": "F5:K97035296", "href": "https://support.f5.com/csp/article/K97035296", "title": "Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12126", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_store_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12126", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12130", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12130"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12130", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:26", "description": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12127", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12127"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_load_port_data_sampling_firmware:-"], "id": "CVE-2018-12127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12127", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_load_port_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:47", "description": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 22, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2019-11091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11091"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-", "cpe:/o:fedoraproject:fedora:29"], "id": "CVE-2019-11091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11091", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-06-01T20:44:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[2.6.32-754.14.2.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754.14.2]\n- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}\n[2.6.32-754.14.1]\n- [s390] kernel: Add crypto card toleration support (Hendrik Brueckner) [1695496]\n[2.6.32-754.13.1]\n- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1686170]", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1169", "href": "http://linux.oracle.com/errata/ELSA-2019-1169.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:44:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.5.0-10.0.1]\n- bump the version\n[4.5.0-10.el7_6.9]\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-10.el7_6.8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130)", "edition": 2, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "ELSA-2019-1177", "href": "http://linux.oracle.com/errata/ELSA-2019-1177.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-22T17:06:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.18.0-80.1.2_0.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-80.1.2_0]\n- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\nfile (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n[4.18.0-80.1.1_0]\n- [zstream] switch to zstream (Frantisek Hrbata)", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1167", "href": "http://linux.oracle.com/errata/ELSA-2019-1167.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.10.2-64.0.1]\n- Replace docs/et.png in tarball with blank image\n[0.10.2-64.el6_10.1]\n- cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1180", "href": "http://linux.oracle.com/errata/ELSA-2019-1180.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "kernel-uek\n[3.8.13-118.33.2]\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [Orabug: 29751729] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Only worry about firmware loaded microcode (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n[3.8.13-118.33.1]\n- x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: 29721936] {CVE-2019-11091}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Allow runtime checking of CPU features (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4636", "href": "http://linux.oracle.com/errata/ELSA-2019-4636.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-01T20:45:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.14.35-1844.4.5.2]\n- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}\n- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n[4.14.35-1844.4.5.1]\n- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\nfile (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}\n- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4628", "href": "http://linux.oracle.com/errata/ELSA-2019-4628.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2019-06-05T01:41:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844011", "type": "openvas", "title": "Ubuntu Update for intel-microcode USN-3977-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844011\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:18 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for intel-microcode USN-3977-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3977-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3977-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the USN-3977-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310704447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704447", "type": "openvas", "title": "Debian Security Advisory DSA 4447-1 (intel-microcode - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704447\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:00:06 +0000 (Thu, 16 May 2019)\");\n script_name(\"Debian Security Advisory DSA 4447-1 (intel-microcode - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4447.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4447-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the DSA-4447-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update ships updated CPU microcode for most types of Intel CPUs. It\nprovides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware\nvulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages as released in DSA 4444.\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 3.20190514.1~deb9u1.\n\nWe recommend that you upgrade your intel-microcode packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-29T19:29:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310891789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891789", "type": "openvas", "title": "Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891789\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:09 +0000 (Fri, 17 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1789-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/929007\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the DLA-1789-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update ships updated CPU microcode for most types of Intel CPUs. It\nprovides microcode support to implement mitigations for the MSBDS,\nMFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages. Please refer to DLA-1787-1 for the Linux\nkernel updates required to mitigate these hardware vulnerabilities on\nIntel processors.\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.20190514.1~deb8u1 of the intel-microcode package, and also by the\nLinux kernel package updates described in DLA-1787-1.\n\nWe recommend that you upgrade your intel-microcode packages, and Linux\nkernel packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:53:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310852502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852502", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2019:1403-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852502\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:46 +0000 (Fri, 17 May 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2019:1403-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1403-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00038.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2019:1403-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionally\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the 'mds' commandline option, see the\n documentation.\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n - Fixes in Live migrating PV domUs\n\n An earlier change broke live migration of PV domUs without a device\n model. The migration would stall for 10 seconds while the domU was paused,\n which caused network connections to drop. Fix this by tracking the need\n for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)\n\n - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1403=1\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.10.3_04~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310852504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852504", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852504\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:58 +0000 (Fri, 17 May 2019)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1402-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1402-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00039.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1402-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n\n Release notes:\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms ----------------------------------------\n\n - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2\n\n - ---- updated platforms ------------------------------------\n\n - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2\n\n - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3\n\n - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4\n\n - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5\n\n - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series,\n Xeon E5 v2\n\n - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2\n\n - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series,\n Xeon E5 v3\n\n - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3\n\n - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4\n\n - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4\n\n - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5\n\n - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6\n\n - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable\n\n - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx\n\n - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40\n\n - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon\n D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n\n - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon\n D-1557/59/67/71/77/81/87\n\n - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon\n D-1513N/23/33/43/53\n\n - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,\n Celeron N/J3xxx, Atom x5/7-E39xx\n\n - SKL-H/S R0/N0 6-5e-3/36 0000 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190507~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191611", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1611)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1611\");\n script_version(\"2020-01-23T12:16:56+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:16:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:16:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1611)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1611\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1611\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kvm' package(s) announced via the EulerOS-SA-2019-1611 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.(CVE-2018-12126)\n\nA flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.CVE-2018-12130\n\nMicroprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.(CVE-2018-12127)\n\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'kvm' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~4.4.11~30.014\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "mskb": [{"lastseen": "2021-01-01T22:37:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4512578, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (<strong>Settings </strong>&gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong>). If you would like to get an available update right away, select <strong>Download and install now</strong>. To find out more about this feature, please go to this <a href=\"https://blogs.windows.com/windowsexperience/?p=172316\" managed-link=\"\" target=\"_blank\">blog</a>.\u00a0</p><p><em><span>When Windows 10 devices are at, or within several months of reaching, end of service, Windows Update will begin to automatically initiate a feature update. This keeps those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 17763.737) released September 10, 2019.\u00a0</span>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on. please see the following <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/824684\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer, Microsoft Edge,\u00a0and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li></ul><h2>Improvements and fixes</h2><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Fundamentals, Windows Authentication, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4493509\" managed-link=\"\" target=\"_blank\">KB 4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</td><td><ol><li>Uninstall and reinstall any recently added language packs. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4496404\" managed-link=\"\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>.</li><li>Select\u00a0<strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4027667\" managed-link=\"\" target=\"_blank\">Update Windows 10</a>.</li></ol><p><strong>Note</strong> If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</p><ol><li>Go to the <strong>Settings </strong>app &gt; <strong>Recovery</strong>.</li><li>Select <strong>Get Started</strong> under the <strong>Reset this PC</strong> recovery option.</li><li>Select <strong>Keep my Files</strong>.</li></ol><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Applications and scripts that call the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" managed-link=\"\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider\" managed-link=\"\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, \u201c1359: an internal error occurred.\u201d\u00a0This issue occurs in this update and in all the updates before June 18, 2019.</td><td>This issue is resolved in <a data-content-id=\"4516077\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4516077</a>.</td></tr><tr><td>After installing this update, Windows Mixed Reality Portal users may intermittently receive a \u201c15-5\u201d error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing \u201cWake up\u201d may appear to produce no action.</td><td><p>This issue is resolved in <a data-content-id=\"4520062\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4520062</a>.</p></td></tr><tr><td>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (<strong>ChsIME.EXE</strong>) and Chinese Traditional (<strong>ChtIME.EXE</strong>) with Changjie/Quick keyboard.</td><td><p><span><span>Due to security related changes in this update, this issue may occur when the\u00a0Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:</span></span></p><ol><li><span><span> <span>Select the <strong>Start </strong>button and type \u201cservices\u201d.</span></span></span></li><li><span><span> <span>Open the Services app and locate <strong>Touch Keyboard and Handwriting Panel Service.</strong></span></span></span></li><li><span><span> <span>Double-click <strong>Touch Keyboard and Handwriting Panel Service </strong>and select <strong>Properties</strong>.</span></span></span></li><li><span><span> <span>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong>.</span></span></span></li><li><span><span> <span>Select <strong>OK</strong>.</span></span></span></li></ol><p><span><span>The TabletInputService<strong> </strong>service is now in the default configuration and IME should work as expected.</span></span></p></td></tr><tr><td><p>When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</p><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</td><td><p>This issue is resolved in <a data-content-id=\"4534321\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4534321</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4512577\" managed-link=\"\" target=\"_blank\">KB 4512577</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4512578\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/1/0/1104925f-ef7b-4bfc-af92-9a6cf04b1798/4512578.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4512578</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 27, "modified": "2020-01-23T23:33:27", "id": "KB4512578", "href": "https://support.microsoft.com/en-us/help/4512578/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4512578 (OS Build 17763.737)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:37:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516064, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a href=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td width=\"312\"><p><strong>Symptom</strong></p></td><td width=\"312\"><p><strong>Workaround</strong></p></td></tr><tr><td width=\"312\">Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td width=\"312\"><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4512938\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512938</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516064\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 8.1, Windows Server 2012 R2</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/6/c/16c2d04c-1ba6-4c8c-9a0b-95099a33a5db/4516064.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516064</a>.\u00a0</p><p>\u00a0</p></body></html>", "edition": 4, "modified": "2019-09-21T00:29:38", "id": "KB4516064", "href": "https://support.microsoft.com/en-us/help/4516064/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516064 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:39:50", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516068, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>: </span></span></span></strong><span><span><span>Windows 10 Enterprise and Windows 10 Education editions will reach end of service on October 8, 2019.\u00a0<span><span><span><span> To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10</span></span></span><em><span><span><span>.</span></span></span></em></span></span></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12\u00a0and April 9 were the last two Delta updates for Windows 10, version\u00a01703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em><span><span><span><span>Windows 10, version 1703, reached end of service on October 8, 2018</span></span></span></span></em><em><span><span><span>. Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em>Windows 10 Mobile, version 1703, reached end of service on June 11, 2019. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and\u00a0input devices such as a mouse, keyboard, or stylus.</li><li>Updates for verifying user names and passwords.</li><li>Updates for\u00a0storing and managing files.</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions.)</li><li>Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4511839\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4511839</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516068\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/b/f/f/bff283ad-19ce-49df-b8c4-601faea35667/4516068.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4516068</a>.</p></body></html>", "edition": 18, "modified": "2019-09-10T18:19:32", "id": "KB4516068", "href": "https://support.microsoft.com/en-us/help/4516068/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516068 (OS Build 15063.2045)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:43:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4503287, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" originalsrc=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" shash=\"cgZ6fxMrQXl5WDKOS9UeiMKo1aOk6N/CLx43s1XLy1TzMAWUeHnq1Kp14OPeyoPe8tRI/5Zhihlc3cV7XL/RZpnWOskkEJcBmZvtkjnvqvPYNC3uJiWgsi/SzHvsx6mI8RcVh69zn+MmkO9QFVvOdgVHRRg2gjP90PvPeesgDM8=\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Kernel, Internet Information Services, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log </strong>in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</td><td><p>This issue is resolved in <a data-content-id=\"4508774\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4508774</a>.</p></td></tr><tr><td>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing this update on a WDS server.</td><td><p>This issue is resolved in <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4493730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493730</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update is now available for installation through WSUS. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503287\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/C/E/4/CE4CD3CF-45D9-46EB-A54B-AAB4F16D6197/4503287.csv\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">file information for update 4503287</a>.\u00a0</p></div></body></html>", "edition": 2, "modified": "2019-08-19T19:08:19", "id": "KB4503287", "href": "https://support.microsoft.com/en-us/help/4503287/", "published": "2019-06-11T00:00:00", "title": "June 11, 2019\u2014KB4503287 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:51:40", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516033, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT </strong>Verify that<strong> </strong>you have installed the required updates listed in the <strong>How to get this update</strong> section <u>before</u> installing this update.\u00a0</p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows.\u00a0<br/>For more information, see <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">Security Advisory 190013</a>. This advisory includes\u00a0CVE-2019-11091,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&amp;sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&amp;reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a>CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4073119\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4072698\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Kernel, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>After installing this update, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in the Event Log related to <strong>cryptnet.dll</strong>.</td><td>This issue is resolved in <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4516048\" managed-link=\"\" target=\"_blank\">KB4516048</a>.</td></tr></tbody></table><p>\u00a0</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p><strong>Prerequisite:</strong></p><p>You must install\u00a0the updates listed below and <strong><u>restart your device</u></strong> before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup.</p><ol><li>The\u00a0March 12, 2019 servicing stack update (SSU) (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4490628\" managed-link=\"\" target=\"_blank\">KB4490628</a>).\u00a0To get the standalone package for this SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</li><li>The latest SHA-2 update (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4474419\" managed-link=\"\" target=\"_blank\">KB4474419</a>) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4472027\" managed-link=\"\" target=\"_blank\">2019 SHA-2 Code Signing Support requirement for Windows and WSUS</a>.</li><li>The <u>latest </u>SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4516655\" managed-link=\"\" target=\"_blank\">KB4516655</a>).\u00a0If you are using Windows Update, the latest SSU\u00a0will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</li></ol><p>\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516033\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/6/3/6/636df5b4-609a-4780-8348-1a39a6b15f08/4516033.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516033</a>.\u00a0</p></body></html>", "edition": 8, "modified": "2019-11-05T20:20:23", "id": "KB4516033", "href": "https://support.microsoft.com/en-us/help/4516033/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516033 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:36:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499171, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4493462\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493462 </a>(released April 25, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved <a data-content-id=\"4503285\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503285</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</td><td><p>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</p><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul></td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4505050\" data-content-type=\"article\" href=\"https://support.microsoft.com/en/help/4505050\" managed-link=\"\" tabindex=\"0\">KB4505050</a>.</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503295\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503295</a>.</p><span><span></span></span></td></tr></tbody></table><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499171\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/6/6/D/66D0ACA8-8A3A-4CF7-8B6C-46596D8DF860/4499171.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499171</a>.\u00a0</p></div></body></html>", "edition": 16, "modified": "2019-06-20T21:32:27", "id": "KB4499171", "href": "https://support.microsoft.com/en-us/help/4499171/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499171 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:41:43", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499181, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12^th and April 9^th will be the last two Delta updates for Windows 10, version\u00a01703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em><span><span><span><span>Windows 10, version 1703, reached end of service on October 8, 2018</span></span></span></span></em><em><span><span><span>. Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></span></p><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>: </span></span></span></strong><span><span><span>Windows 10 Enterprise and Windows 10 Education editions will receive one year of additional servicing at no cost.</span></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Note</p><div class=\"row\"><div class=\"col-xs-24\"><p><span>This release also contains updates for Windows 10 Mobile (OS Build 15063.1805) released May 14, 2019.</span></p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Client OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Storage and Filesystems, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Cryptography, Windows Datacenter Networking, Windows Server, Windows Virtualization, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505055\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505055</a>.</td></tr><tr><td><p>After installing this update and restarting, some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\".</p></td><td><p>This issue is resolved in <a data-content-id=\"4507450\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4507450</a>.</p></td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4500640\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4500640)</a> will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499181\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/3/8/2/382F6D37-AF04-4B5F-8CAE-7AF6E260FD02/4499181.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499181</a>.\u00a0</p></div></body></html>", "edition": 17, "modified": "2019-07-09T17:39:02", "id": "KB4499181", "href": "https://support.microsoft.com/en-us/help/4499181/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499181 (OS Build 15063.1805)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:42:12", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499167, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder:\u00a0</strong>March 12^th and April 9^th will be the last two Delta updates for Windows 10, version\u00a01803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Virtualization, Windows Kernel, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, please refer to the </span></span></span></span><span><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</span></span></span></p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved in <a data-content-id=\"4503286\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503286</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505064\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505064</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4497398\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4497398</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499167\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/9/6/E/96E7D717-7709-4CB1-9192-0AFE8BCC48E5/4499167.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4499167</a>.\u00a0</p></div></body></html>", "edition": 17, "modified": "2019-06-11T18:59:51", "id": "KB4499167", "href": "https://support.microsoft.com/en-us/help/4499167/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499167 (OS Build 17134.765)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:47:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499151, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4493443\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493443</a> (released April 25, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>.\u00a0</em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer.</li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Datacenter Networking, Windows Wireless Networking, Windows Kernel, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td width=\"312\"><p><strong>Symptom</strong></p></td><td width=\"312\"><p><strong>Workaround</strong></p></td></tr><tr><td width=\"312\">After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td width=\"312\"><p>This issue is resolved in <a data-content-id=\"4503276\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503276</a>.</p></td></tr><tr><td width=\"312\">Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td width=\"312\"><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td width=\"312\">Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or\u00a0McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.</td><td width=\"312\"><p>This issue has been resolved. McAfee has released an automatic update to address this issue.</p><p>Guidance for McAfee customers can be found in the following McAfee support articles:</p><ul><li><a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" managed-link=\"\" originalsrc=\"https://community.sophos.com/kb/en-us/133945\" shash=\"AiRC2XKiBQBQGDmUATR5uuGFI9FV8g96wd/zNGX+TZ+C6sdXUq6XkNFlxAyegFAZVDXPvE0z97/wqABgDwvnUNiF+GeOzxcFkgCMn9xS8JMEAVbuTH+5d4C2Cd3+xs3GcQ03J8Q6l5wPgnJ7tmGDGaSKm8tNc/sbEsz772/1eYE=\" tabindex=\"0\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a></li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" managed-link=\"\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a></li><li><a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a></li></ul></td></tr><tr><td width=\"312\">If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</td><td width=\"312\"><p>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</p><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul></td></tr><tr><td width=\"312\">After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td width=\"312\">This issue is resolved in\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4505050\" data-content-type=\"article\" href=\"https://support.microsoft.com/en/help/4505050\" managed-link=\"\" tabindex=\"0\">KB4505050</a>.</td></tr><tr><td width=\"312\">Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td width=\"312\"><p>This issue is resolved in <a data-content-id=\"4503283\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503283</a>.</p><span></span></td></tr></tbody></table><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499151\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/B/6/4/B64C4E7A-4C28-40E6-BD59-BBDADEAA7864/4499151.csv\" managed-link=\"\" target=\"_blank\">file information for\u00a0update 4499151</a>.\u00a0</p></div></body></html>", "edition": 16, "modified": "2019-08-13T17:50:54", "id": "KB4499151", "href": "https://support.microsoft.com/en-us/help/4499151/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499151 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:39:51", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4499175, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>.\u00a0</em>(These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).</li><li>Addresses an issue that may prevent applications that rely on unconstrained delegation from authenticating after the Kerberos ticket-granting ticket (TGT) expires (the default is 10 hours).</li><li>Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Cryptography, Windows Wireless Networking, Windows Kernel, Windows Server, and the Microsoft JET Database.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><p>Microsoft is not currently aware of any issues with this update.</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4490628\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4490628</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update is now available for installation through WSUS.\u00a0To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499175\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/7/E/8/7E8D841F-628C-4AAC-96EC-0019201D2E08/4499175.csv\" managed-link=\"\" target=\"_blank\">file information for update 4499175</a>.\u00a0</p></div></body></html>", "edition": 2, "modified": "2019-05-14T23:45:47", "id": "KB4499175", "href": "https://support.microsoft.com/en-us/help/4499175/", "published": "2019-05-14T00:00:00", "title": "May 14, 2019\u2014KB4499175 (Security-only update)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "citrix": [{"lastseen": "2020-12-24T11:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security issues have been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.</p>\n<p>These issues have the following identifiers:</p>\n<p>\u2022 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling</p>\n<p>\u2022 CVE-2018-12127: Microarchitectural Load Port Data Sampling</p>\n<p>\u2022 CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling</p>\n<p>\u2022 CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory</p>\n<p>Although these are not vulnerabilities in the Citrix Hypervisor (formerly Citrix XenServer) product, this bulletin and associated hotfixes provides assistance in mitigating these CPU issues.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with AMD CPUs are believed to be unaffected by these issues.</p>\n<p>Some Intel CPUs are believed to be unaffected by these issues. A list of affected Intel CPUs is expected to be made available at <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a></p>\n<p>Identification of the specific CPU(s) present on a Citrix Hypervisor machine may be obtained by typing the command</p>\n<p> <i>grep \u201cmodel name\u201d /proc/cpuinfo</i></p>\n<p>in the Dom0 console.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Full mitigation of these issues for systems with vulnerable CPUs requires all of:</p>\n<ol>\n<li>Updates to Citrix Hypervisor</li>\n<li>Updates to the CPU microcode</li>\n<li>Disabling CPU hyper-threading (also known as simultaneous multi-threading)</li>\n</ol>\n<p> </p>\n<p>In addition, updates to guest operating systems may be required to protect guest VMs from code running within that same VM. Guest VMs will need to be stopped and started (rather than rebooted) to fully mitigate these issues within the guest VM. Customers are advised to follow their operating system provider\u2019s recommendations. Likewise, updates to the host system firmware (\u201cBIOS updates\u201d) may be required and Citrix recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p> <u>Updates to Citrix Hypervisor</u></p>\n<p>Citrix has released hotfixes that contain mitigations for these CPU issues. These hotfixes can be found on the Citrix website at the following locations:</p>\n<p>Citrix Hypervisor 8.0: CTX250041 \u2013 <a href=\"https://support.citrix.com/article/CTX250041\">https://support.citrix.com/article/CTX250041</a></p>\n<p>Citrix XenServer 7.6: CTX250040 \u2013 <a href=\"https://support.citrix.com/article/CTX250040\">https://support.citrix.com/article/CTX250040</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX250039 \u2013 <a href=\"https://support.citrix.com/article/CTX250039\">https://support.citrix.com/article/CTX250039</a></p>\n<p>Citrix XenServer 7.0: CTX250038 \u2013 <a href=\"https://support.citrix.com/article/CTX250038\">https://support.citrix.com/article/CTX250038</a></p>\n<p> <u>Updates to the CPU microcode</u></p>\n<p>The hotfixes released with this bulletin contain microcode for all supported CPU models for which Intel has presently made updates available. This microcode will be automatically applied each time the system boots. Any further microcode updates may be installed by means of system firmware updates (\u201cBIOS updates\u201d) and Citrix strongly recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>\n<p>CPUs that are vulnerable to these issues, and for which the CPU manufacturer has not provided microcode updates, will not have full mitigation of these issues.</p>\n<p>Once the hotfix has been applied, customers with vulnerable CPUs can determine if the microcode required to mitigate these issues has been loaded into the CPU by typing the command</p>\n<p> <i>xl dmesg | grep \u201cHardware features:\u201d</i></p>\n<p>in the Dom0 console shortly after the host has rebooted to apply the hotfix. If the output includes the text MD_CLEAR, updated microcode is present.</p>\n<p> <u>Disabling CPU hyper-threading</u></p>\n<p>Mitigation of these issues requires disabling hyper-threading on vulnerable CPUs. Customers should evaluate their workload and determine if the mitigation of disabling hyper-threading is required in their environment, and to understand the performance impact of this mitigation. Citrix recommends disabling hyper-threading in deployments with untrusted workloads. The following document provides the steps to disable hyper-threading via the Xen command line: <a href=\"https://support.citrix.com/article/CTX237190\">https://support.citrix.com/article/CTX237190</a></p>\n<p>Note that disabling hyper-threading will result in the number of available pCPUs being reduced and is likely to adversely impact performance. The following document covers additional issues that may be encountered in environments where customers have over-provisioned or pinned pCPUs (for example when hyper-threads are disabled): <a href=\"https://support.citrix.com/article/CTX236977\">https://support.citrix.com/article/CTX236977</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>14th May 2019</td>\n<td>Initial publication</td>\n</tr>\n<tr>\n<td>16th May 2019</td>\n<td>Added additional hotfixes and included guidance on restarting guest VMs</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-05-16T04:00:00", "published": "2019-05-14T04:00:00", "id": "CTX251995", "href": "https://support.citrix.com/article/CTX251995", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "centos": [{"lastseen": "2020-12-08T03:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1177\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035351.html\n\n**Affected packages:**\nlibvirt\nlibvirt-admin\nlibvirt-bash-completion\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-driver-storage-core\nlibvirt-daemon-driver-storage-disk\nlibvirt-daemon-driver-storage-gluster\nlibvirt-daemon-driver-storage-iscsi\nlibvirt-daemon-driver-storage-logical\nlibvirt-daemon-driver-storage-mpath\nlibvirt-daemon-driver-storage-rbd\nlibvirt-daemon-driver-storage-scsi\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-libs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T20:33:30", "published": "2019-05-15T20:33:30", "id": "CESA-2019:1177", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035351.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-08T03:35:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1169\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros (BZ#1686170)\n\n* Tolerate new s390x crypto hardware for migration (BZ#1695496)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035347.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:42:15", "published": "2019-05-15T15:42:15", "id": "CESA-2019:1169", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035347.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-08T03:39:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1178\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035350.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T20:31:32", "published": "2019-05-15T20:31:32", "id": "CESA-2019:1178", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035350.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2019-05-20T22:30:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for qemu fixes the following issues:\n\n - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86\n cpu feature &quot;md-clear&quot; (bsc#1111331)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-05-20T21:11:04", "published": "2019-05-20T21:11:04", "id": "OPENSUSE-SU-2019:1420-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00044.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:57", "published": "2019-05-15T00:38:01", "id": "RHSA-2019:1204", "href": "https://access.redhat.com/errata/RHSA-2019:1204", "type": "redhat", "title": "(RHSA-2019:1204) Important: vdsm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T23:44:58", "published": "2019-05-14T23:36:58", "id": "RHSA-2019:1193", "href": "https://access.redhat.com/errata/RHSA-2019:1193", "type": "redhat", "title": "(RHSA-2019:1193) Important: kernel security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:08:12", "published": "2019-05-14T21:24:34", "id": "RHSA-2019:1181", "href": "https://access.redhat.com/errata/RHSA-2019:1181", "type": "redhat", "title": "(RHSA-2019:1181) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:02:20", "published": "2019-05-14T21:22:02", "id": "RHSA-2019:1174", "href": "https://access.redhat.com/errata/RHSA-2019:1174", "type": "redhat", "title": "(RHSA-2019:1174) Important: kernel-rt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:23:11", "published": "2019-05-14T21:23:25", "id": "RHSA-2019:1177", "href": "https://access.redhat.com/errata/RHSA-2019:1177", "type": "redhat", "title": "(RHSA-2019:1177) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T23:44:56", "published": "2019-05-14T23:37:13", "id": "RHSA-2019:1195", "href": "https://access.redhat.com/errata/RHSA-2019:1195", "type": "redhat", "title": "(RHSA-2019:1195) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T23:44:57", "published": "2019-05-14T23:37:08", "id": "RHSA-2019:1196", "href": "https://access.redhat.com/errata/RHSA-2019:1196", "type": "redhat", "title": "(RHSA-2019:1196) Important: kernel security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:08:16", "published": "2019-05-14T21:24:28", "id": "RHSA-2019:1180", "href": "https://access.redhat.com/errata/RHSA-2019:1180", "type": "redhat", "title": "(RHSA-2019:1180) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2020-11-27T14:11:56", "description": "The remote Windows host is missing a security update. It is,\ntherefore, missing microcode updates to address the following\nvulnerabilities:\n\n - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)\n - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)\n - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)\n - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)\n\nNote that Nessus did not actually test for these flaws nor checked the\ntarget processor architecture but instead, has relied on the version\nof mcupdate_GenuineIntel.dll to be latest for supported Windows release.", "edition": 16, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "Intel Microcode Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (May 2019) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_MAY_MICROCODE.NASL", "href": "https://www.tenable.com/plugins/nessus/125149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125149);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/26\");\n\n script_cve_id(\n \"CVE-2019-11091\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\"\n );\n script_bugtraq_id(108330);\n script_xref(name:\"MSKB\", value:\"4494175\");\n script_xref(name:\"MSKB\", value:\"4494452\");\n script_xref(name:\"MSKB\", value:\"4494453\");\n script_xref(name:\"MSKB\", value:\"4494454\");\n script_xref(name:\"MSKB\", value:\"4497165\");\n script_xref(name:\"MSFT\", value:\"MS19-4494175\");\n script_xref(name:\"MSFT\", value:\"MS19-4494452\");\n script_xref(name:\"MSFT\", value:\"MS19-4494453\");\n script_xref(name:\"MSFT\", value:\"MS19-4494454\");\n script_xref(name:\"MSFT\", value:\"MS19-4497165\");\n\n script_name(english:\"Intel Microcode Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (May 2019) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is missing a microcode update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, missing microcode updates to address the following\nvulnerabilities:\n\n - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)\n - Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)\n - Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)\n - Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)\n\nNote that Nessus did not actually test for these flaws nor checked the\ntarget processor architecture but instead, has relied on the version\nof mcupdate_GenuineIntel.dll to be latest for supported Windows release.\");\n# https://support.microsoft.com/en-ie/help/4494175/kb4494175-intel-microcode-updates\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6715877\");\n# https://support.microsoft.com/en-ie/help/4494452/kb4494452-intel-microcode-updates\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c600e5d\");\n# https://support.microsoft.com/en-au/help/4494453/kb4494453-intel-microcode-updates\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16fb167c\");\n# https://support.microsoft.com/en-au/help/4494454/kb4494454-intel-microcode-updates\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc221b4a\");\n# https://support.microsoft.com/en-au/help/4497165/kb4497165-intel-microcode-updates\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1b3721e\");\n # https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c467280\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Windows 10, Windows Server 2016 and Windows Server 2019.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12126\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"enumerate_ms_azure_vm_win.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"Settings/ParanoidReport\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('misc_func.inc');\ninclude('smb_reg_query.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nazure_chk = get_kb_item(\"Host/Azure/azure-instanceId\");\n\nif (!isnull(azure_chk)) audit(AUDIT_HOST_NOT, \"affected\");\n\nbulletin = 'MS19-05';\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nver = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\n# No update for other Windows OS versions, skip testing\nif (hotfix_check_sp_range(win10:'0') <= 0)\n exit(0, 'Windows version ' + ver + ' is not tested.');\n\n# No update for version 1511, 1803, 1809 - skip testing\nos_build = get_kb_item('SMB/WindowsVersionBuild');\nif((os_build == '10586') || (os_build == '17134') || (os_build == '17763'))\n exit(0, 'Windows version ' + ver + ', build ' + os_build + ' is not tested.');\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\nif (\n # RTM\n hotfix_is_vulnerable(os:'10', sp:0, os_build:'10240', file:'mcupdate_genuineintel.dll', version:'10.0.10240.18216', min_version:'10.0.10240.16000', dir:'\\\\system32', bulletin:bulletin, kb:'4494454') ||\n\n # 1607\n hotfix_is_vulnerable(os:'10', sp:0, os_build:'14393', file:'mcupdate_genuineintel.dll', version:'10.0.14393.2907', min_version:'10.0.14393.0', dir:'\\\\system32', bulletin:bulletin, kb:'4494175') ||\n\n # 1703\n hotfix_is_vulnerable(os:'10', sp:0, os_build:'15063', file:'mcupdate_genuineintel.dll', version:'10.0.15063.1749', min_version:'10.0.15063.0', dir:'\\\\system32', bulletin:bulletin, kb:'4494453') ||\n\n # 1709\n hotfix_is_vulnerable(os:'10', sp:0, os_build:'16299', file:'mcupdate_genuineintel.dll', version:'10.0.16299.1091', min_version:'10.0.16299.0', dir:'\\\\system32', bulletin:bulletin, kb:'4494452') ||\n\n # 1903\n hotfix_is_vulnerable(os:'10', sp:0, os_build:'18362', file:'mcupdate_genuineintel.dll', version:'10.0.18362.141', min_version:'10.0.18362.0', dir:'\\\\system32', bulletin:bulletin, kb:'4497165')\n)\n{\n replace_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);\n hotfix_security_warning();\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n\n\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T05:10:01", "description": "From Red Hat Security Advisory 2019:1177 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "Oracle Linux 7 : libvirt (ELSA-2019-1177) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc", "p-cpe:/a:oracle:linux:libvirt-login-shell", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-daemon-lxc"], "id": "ORACLELINUX_ELSA-2019-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/125188", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1177 and \n# Oracle Linux Security Advisory ELSA-2019-1177 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125188);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1177\");\n\n script_name(english:\"Oracle Linux 7 : libvirt (ELSA-2019-1177) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1177 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008734.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.0.1.el7_6.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.0.1.el7_6.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-12T09:40:43", "description": "Multiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of\ndata filled into temporary microarchitectural structures (buffers).\nThis flaw could allow an attacker controlling an unprivileged process\nto read sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee\nhttps://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\nfor more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DLA. The\nupdated CPU microcode may also be available as part of a system\nfirmware ('BIOS') update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the\nupdate to 4.9.168 in the last security update.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.168-1+deb9u2~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "Debian DLA-1787-1 : linux-4.9 security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-source-4.9"], "id": "DEBIAN_DLA-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/125173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1787-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125173);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"Debian DLA-1787-1 : linux-4.9 security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of\ndata filled into temporary microarchitectural structures (buffers).\nThis flaw could allow an attacker controlling an unprivileged process\nto read sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee\nhttps://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\nfor more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DLA. The\nupdated CPU microcode may also be available as part of a system\nfirmware ('BIOS') update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the\nupdate to 4.9.168 in the last security update.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.168-1+deb9u2~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.168-1+deb9u2~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T05:45:22", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "RHEL 7 : qemu-kvm (RHSA-2019:1189) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm"], "id": "REDHAT-RHSA-2019-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/125122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1189. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125122);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1189\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2019:1189) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1189\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-126.el7_3.17\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-126.el7_3.17\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-126.el7_3.17\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-126.el7_3.17\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-126.el7_3.17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T04:39:26", "description": "This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(bsc#1111331)\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data\n Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data\n Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data\n Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling\n Uncacheable Memory (MDSUM)\n\nThese updates contain the CPU Microcode adjustments for the software\nmitigations.\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nRelease notes :\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X\nSNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef\n0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-07-25T00:00:00", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-1806) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:ucode-intel"], "id": "OPENSUSE-2019-1806.NASL", "href": "https://www.tenable.com/plugins/nessus/127037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127037);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-1806) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Check for the openSUSE-2019-1806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nThis update contains the Intel QSR 2019.1 Microcode release\n(bsc#1111331)\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data\n Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data\n Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data\n Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling\n Uncacheable Memory (MDSUM)\n\nThese updates contain the CPU Microcode adjustments for the software\nmitigations.\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nRelease notes :\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X\nSNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef\n0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ucode-intel-20190618-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T01:38:19", "description": "The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by microarchitectural\ndata sampling speculative side-channel vulnerabilities. These\nvulnerabilities may allow a local attacker on a guest machine to\nsample the contents of memory reads and writes. Please refer to the\nvendor advisory for mitigating factors.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-30T00:00:00", "title": "Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX251995.NASL", "href": "https://www.tenable.com/plugins/nessus/125549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125549);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n script_bugtraq_id(108330);\n\n script_name(english:\"Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\nmissing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by microarchitectural\ndata sampling speculative side-channel vulnerabilities. These\nvulnerabilities may allow a local attacker on a guest machine to\nsample the contents of memory reads and writes. Please refer to the\nvendor advisory for mitigating factors.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX251995\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\napp_info = vcf::xenserver::get_app_info();\n\nconstraints = [\n { \"equal\" : \"7.0\", \"patches\" : # XenServer 7.0\n [\"XS70E068\"] }, # CTX250038\n { \"equal\" : \"7.1.2\", \"patches\" : # XenServer 7.1 LTSR CU2\n [\"XS71ECU2008\"] }, # CTX250039\n { \"equal\" : \"7.6\", \"patches\" : # XenServer 7.6\n [\"XS76E004\"] }, # CTX250040\n { \"equal\" : \"8.0\", \"patches\" : # XenServer 8.0\n [\"XS80E001\"] } # CTX250041\n];\n\nvcf::xenserver::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T06:51:49", "description": "This update for ucode-intel fixes the following issues :\n\nThe Intel CPU Microcode was updated to the official QSR 2019.1\nMicrocode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130\nCVE-2018-12127 CVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-23T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1313-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:ucode-intel"], "id": "SUSE_SU-2019-1313-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1313-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125351);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1313-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nThe Intel CPU Microcode was updated to the official QSR 2019.1\nMicrocode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130\nCVE-2018-12127 CVE-2019-11091)\n\n---- new platforms ---------------------------------------- VLV C0\n6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron\nN2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0\n6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X\nseries\n\nReadded missing in last update :\n\nBDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core\ni7-69xx/68xx\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191313-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d310267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1313=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-3.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"ucode-intel-20190514-3.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T05:45:16", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended\nUpdate Support, and Red Hat Enterprise Linux 7.2 Update Services for\nSAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rwsem in inconsistent state leading system to hung (BZ#1690318)", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:1172) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/125118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1172. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125118);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1172\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1172) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended\nUpdate Support, and Red Hat Enterprise Linux 7.2 Update Services for\nSAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rwsem in inconsistent state leading system to hung (BZ#1690318)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1172\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1172\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-abi-whitelists-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-doc-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.78.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-327.78.2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-17T12:04:10", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple\nvulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0154)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0154_QEMU-KVM.NASL", "href": "https://www.tenable.com/plugins/nessus/127430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0154. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127430);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple\nvulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0154\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qemu-kvm packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"qemu-guest-agent-0.12.1.2-2.506.el6_10.3\",\n \"qemu-img-0.12.1.2-2.506.el6_10.3\",\n \"qemu-kvm-0.12.1.2-2.506.el6_10.3\",\n \"qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.3\",\n \"qemu-kvm-tools-0.12.1.2-2.506.el6_10.3\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-01T01:33:54", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 19, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "title": "CentOS 6 : qemu-kvm (CESA-2019:1181) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-guest-agent", "p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm-tools"], "id": "CENTOS_RHSA-2019-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/125172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1181 and \n# CentOS Errata and Security Advisory 2019:1181 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125172);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1181\");\n\n script_name(english:\"CentOS 6 : qemu-kvm (CESA-2019:1181) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-May/023307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5ca3081\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"qemu-guest-agent-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.506.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.506.el6_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "debian": [{"lastseen": "2019-06-20T14:22:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4447-2 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJun 20, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : intel-microcode\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130\n CVE-2019-11091\n\nDSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as\nmitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.20190618.1~deb9u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2019-06-20T06:41:49", "published": "2019-06-20T06:41:49", "id": "DEBIAN:DSA-4447-2:8C972", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00114.html", "title": "[SECURITY] [DSA 4447-2] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-08-12T01:02:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Package : linux-4.9\nVersion : 4.9.168-1+deb9u2~deb8u1\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 928125\n\nMultiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of data\nfilled into temporary microarchitectural structures (buffers). This\nflaw could allow an attacker controlling an unprivileged process to\nread sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\nfor more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DLA. The\nupdated CPU microcode may also be available as part of a system firmware\n(&quot;BIOS&quot;) update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the update\nto 4.9.168 in the last security update.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.9.168-1+deb9u2~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 10, "modified": "2019-05-15T21:20:31", "published": "2019-05-15T21:20:31", "id": "DEBIAN:DLA-1787-1:EA5F1", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00017.html", "title": "[SECURITY] [DLA 1787-1] linux-4.9 security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-02-02T13:12:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4444-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 14, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 928125\n\nMultiple researchers have discovered vulnerabilities in the way the\nIntel processor designs have implemented speculative forwarding of data\nfilled into temporary microarchitectural structures (buffers). This\nflaw could allow an attacker controlling an unprivileged process to\nread sensitive information, including from the kernel and all other\nprocesses running on the system or cross guest/host boundaries to read\nhost memory.\n\nSee https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\nfor more details.\n\nTo fully resolve these vulnerabilities it is also necessary to install\nupdated CPU microcode. An updated intel-microcode package (only\navailable in Debian non-free) will be provided via a separate DSA. The\nupdated CPU microcode may also be available as part of a system firmware\n(&quot;BIOS&quot;) update.\n\nIn addition, this update includes a fix for a regression causing\ndeadlocks inside the loopback driver, which was introduced by the update\nto 4.9.168 in the last Stretch point release.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.168-1+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 19, "modified": "2019-05-14T21:17:59", "published": "2019-05-14T21:17:59", "id": "DEBIAN:DSA-4444-1:2DFF1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00090.html", "title": "[SECURITY] [DSA 4444-1] linux security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-21T02:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Package : intel-microcode\nVersion : 3.20190618~deb8u1\nCVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\nDebian Bug : 929073\n\nDLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as\nmitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nThis update provides additional support for some Sandybridge server\nand Core-X CPUs which were not covered in the original May microcode\nrelease. For a list of specific CPU models now supported please refer\nto the entries listed under CPUID 206D6 and 206D7 at\nhttps://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n3.20190618.1~deb8u1 of the intel-microcode package.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be found\nat: https://wiki.debian.org/LTS\n\nFor the detailed security status of intel-microcode please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\n-- \n Henrique Holschuh\n", "edition": 1, "modified": "2019-06-20T21:50:55", "published": "2019-06-20T21:50:55", "id": "DEBIAN:DLA-1789-2:82C69", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00018.html", "title": "[SECURITY] [DLA 1789-2] intel-microcode security update", "type": "debian", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "xen": [{"lastseen": "2019-05-14T21:19:00", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "#### ISSUE DESCRIPTION\nMicroarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of:\n * CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling * CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling * CVE-2018-12130 - MFBDS - Microarchitectural Fill Buffer Data Sampling * CVE-2019-11091 - MDSUM - Microarchitectural Data Sampling Uncacheable Memory\nThese issues pertain to the Load Ports, Store Buffers and Fill Buffers in the pipeline. The Load Ports are used to service all memory reads. The Store Buffers service all in-flight speculative writes (including IO Port writes), while the Fill Buffers service all memory writes which are post-retirement, and no longer speculative.\nUnder certain circumstances, a later load which takes a fault or assist (an internal condition to processor e.g. setting a pagetable Access or Dirty bit) may be forwarded stale data from these buffers during speculative execution, which may then be leaked via a sidechannel.\nMDSUM (Uncacheable Memory) is a special case of the other three. Previously, the use of uncacheable memory was believed to be safe against speculative sidechannels.\nFor more details, see: <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a>\n#### IMPACT\nAn attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes.\nThis can include data from:\n * A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attacker&#39;s execution.\nVulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads.\nAn attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nOnly x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\nOnly Intel based processors are potentially affected. Processors from other manufacturers (eg, AMD) are not believed to be vulnerable.\nPlease consult the Intel Security Advisory for details on the affected processors, and which are getting microcode updates.\n", "edition": 1, "modified": "2019-05-14T15:51:00", "published": "2019-05-14T15:51:00", "id": "XSA-297", "href": "http://xenbits.xen.org/xsa/advisory-297.html", "title": "Microarchitectural Data Sampling speculative side channel", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "paloalto": [{"lastseen": "2019-06-28T03:19:19", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Palo Alto Networks has determined that WildFire Appliance (WF-500) and WildFire Cloud are affected by the recent vulnerability disclosures, known as Fallout, RIDL, and Zombieload. We are working to validate and implement software updates to address these issues. We will provide updates as they become available. (PAN-117746/CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091)\n", "edition": 3, "modified": "2019-06-27T00:00:00", "published": "2019-05-29T00:00:00", "id": "PAN-SA-2019-0012", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/150", "title": "Information about Recent Intel Side Channel Vulnerabilities", "type": "paloalto", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update provides a new kernel 2.6.32-042stab138.1 for Virtuozzo 6.0 based on the RHEL 6.10 kernel 2.6.32-754.14.2.el6. The new kernel inherits security fixes for the Microarchitectural Store Buffer Data (MDS) vulnerability from the RHEL kernel.\n**Vulnerability id:** CVE-2018-12130\nA flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n\n**Vulnerability id:** CVE-2018-12126\nModern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.\n\n**Vulnerability id:** CVE-2018-12127\nMicroprocessors use a 'load port' subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU's pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.\n\n**Vulnerability id:** CVE-2019-11091\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.\n\n", "edition": 1, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "VZA-2019-037", "href": "https://help.virtuozzo.com/s/article/VZA-2019-037", "title": "Important kernel security update: New kernel 2.6.32-042stab138.1; Virtuozzo 6.0 Update 12 Hotfix 40 (6.0.12-3739)", "type": "virtuozzo", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "lenovo": [{"lastseen": "2020-07-15T07:26:14", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Lenovo Security Advisory:** LEN-26696\n\n**Potential Impact**: Information disclosure\n\n**Severity:** Medium\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:**\n\nCVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) \nCVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) \nCVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) \nCVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n**Summary Description: **\n\nIntel has notified Lenovo of a new sub-class of speculative execution side channel vulnerabilities called Microarchitectural Data Sampling (MDS). These vulnerabilities are referred to by the researchers as ZombieLoad, RIDL, and Fallout. Intel provides technical details of MDS on [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>).\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel states select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family are _not vulnerable_ to MDS. A full list of these processors can be found [here](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). If you are using one of these processors, no further action is necessary.\n\nFor other Intel processors, Intel recommends the following mitigation steps:\n\n * Update to the version of BIOS (or later) described for your system in the Product Impact section below.\n * Update Operating System (OS). See the Reference section of [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details.\n * Update Virtual Machine Managers (VMMs). See the Reference section of [Intel\u2019s MDS page](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>) for full details.\n\nOnce these updates are applied, Intel recommends it may be appropriate for some customers to consider additional actions.\n\n * If running untrusted workloads, and using Simultaneous Multi-Threading (SMT). Refer to [Intel\u2019s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance.\n * If running application software allowing third parties to run arbitrary JavaScript, Java, or ActiveX code. Refer to [Intel\u2019s Software Security Guidance for developers](<https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling>) for additional guidance.\n\n****\n\n**Product Impact:**\n", "edition": 180, "modified": "2020-03-26T12:47:16", "published": "2019-05-14T16:38:15", "id": "LENOVO:PS500247-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len-26696/", "title": "Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US", "type": "lenovo", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "hp": [{"lastseen": "2020-12-24T13:22:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "## Potential Security Impact\nInformation Disclosure\n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported By**: Intel \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout. See table below for further details.\n\nVulnerability\n\n| \n\nDescription\n\n| \n\nCVE \n \n---|---|--- \n \nFallout, RIDL\n\n| \n\nMicroarchitectural Store Buffer Data Sampling (MSBDS) \n\n| \n\nCVE-2018-12126 \n \nRIDL\n\n| \n\nMicroarchitectural Load Port Data Sampling (MLPDS)\n\n| \n\nCVE-2018-12127 \n \nZombieLoad, RIDL\n\n| \n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS)\n\n| \n\nCVE-2018-12130 \n \nRIDL\n\n| \n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n| \n\nCVE-2019-11091\n\n## RESOLUTION\nBoth software updates and firmware updates are required. See the links below for more information regarding software updates.\n\nHypervisors could also be affected. Check with your hypervisor vendor for potential software patches.\n\nHP has identified the affected platforms and target dates for Softpaqs for firmware updates. See the affected platforms listed below. \n", "edition": 6, "modified": "2020-09-10T00:00:00", "published": "2019-05-14T00:00:00", "id": "HP:C06330149", "href": "https://support.hp.com/us-en/document/c06330149", "title": "HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates", "type": "hp", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "threatpost": [{"lastseen": "2020-04-11T11:47:16", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Intel on Tuesday revealed a new class of [speculative execution vulnerabilities](<https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/>), dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.\n\nThe flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems \u2013 and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.\n\n\u201cAs a result of the flaw in the architecture of these processors, an attacker who can execute malicious code locally on an affected system can compromise the confidentiality of data previously handled on the same thread or compromise the confidentiality of data from other hyperthreads on the same processor as the thread where the malicious code executes,\u201d Eric Maurice, director of security for Oracle, [recently wrote in an advisory](<https://blogs.oracle.com/security/intelmds>).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nHere are 10 top takeaways from this latest speculative execution side channel attack impacting Intel chips.\n\n## MDS Different Than Meltdown and Spectre\n\nThe flaws derive from a process called speculative execution in processors. This process \u2013thrown into the spotlight after the 2018 Spectre and Meltdown flaws came to light \u2013 is used in microprocessors so that memory can read before the addresses of all prior memory writes are known.\n\nHowever, while speculative execution side channel attacks \u2013 like Spectre and Meltdown \u2013 targeted data stored in the CPU\u2019s memory; MDS instead refers to issues related to microarchitectural structures of the Intel processors other than the level 1 data cache (where memory is stored). Those issues exists in components called buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers) or Store Buffers (temporary buffers to hold store addresses and data).\n\n## Intel Seeking to Downplay Impact\n\nThere are four vulnerabilities in total tied to MDS. Those are CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. Intel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d\n\nIndeed, CVE-2019-11091 has the lowest severity, with a CVSS score of 3.8, and exists in the microarchitectural data sampling structure for uncacheable memory in CPUs. CVE-2018-12126 (which exists in the Store Buffer), CVE-2018-12127 (which exists in the Load Port) and CVE-2018-12130 (existing in the Fill Buffer) meanwhile have a CVSS score or 6.5, or medium severity.\n\n## Different Attacks Exist to Exploit Flaws\n\nMeanwhile, an array of independent researchers from VUSec, CISPA, Graz University of Technology, and more have developed attacks for these vulnerabilities. Those proof-of-concept attacks were also disclosed Tuesday in coordination with Intel, after mitigations were developed.\n\nThose [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. While these attacks are all based on speculative execution targeting the buffer component of CPUs, they all work in different ways, exploit different flaws and result in different impacts.\n\nFor instance, while ZombieLoad allows attackers to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments; the Fallout attack allows to read data that the operating system recently wrote and to figure out the memory position of the operating system strengthening other attack, and RIDL attack allows to leak information across various security domains\n\n## ZombieLoad: The Hard-Hitting Attack\n\nThe most severe of these attacks is dubbed ZombieLoad, which attacks CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That\u2019s because this attack leaks the most data \u2013 attackers are able to siphon data from system applications, operating system and virtual machines. According to a [research paper](<https://zombieloadattack.com/zombieload.pdf>) released on Tuesday, researchers said that disabling hyperthreading is the \u201conly possible workaround to mitigate ZombieLoad on current processors.\u201d\n\n\u201cWith ZombieLoad, we showed a novel Meltdown-type attack targeting the processor\u2019s fill-buffer logic. ZombieLoad enables an attacker to leak recently loaded values used by the current or sibling logical CPU,\u201d researchers said.\n\nZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including [Meltdown](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>)) as well as researchers from KU Leuven, Cyberus Technology and the Worcester Polytechnic Institute.\n\n## Only Intel is Impacted (That We Know)\n\nIt appears at this time that Intel is the only manufacturer whose chips are impacted. AMD and ARM have both made public statements that the attacks and vulnerabilities related to MDS do not affect their chips.\n\nIn a statement, [AMD said](<https://www.amd.com/en/corporate/product-security>): \u201cAt AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to \u2018Fallout\u2019 or \u2018RIDL\u2019 because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.\u201d\n\n## Future Chips Won\u2019t Be Vulnerable\n\nAccording to Intel\u2019s [microcode update guidance](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>), most Intel Core and Xeon chips dating back to 2011 are theoretically vulnerable to MDS-related flaws.\n\nHowever, Intel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes, Intel said.\n\n## Flood of Vendors Security Advisories\n\nWhile Intel has provided CPU microcode updates, and recommendations for mitigation strategies for operating system (and hypervisor) software, the company recommends users install the software updates provided by your operating system and/or hypervisor vendor. An array of vendors have released separate security advisories in response to MDS, including [Red Hat](<https://access.redhat.com/security/vulnerabilities/mds>), [Oracle](<https://blogs.oracle.com/security/intelmds>), [Apple](<https://threatpost.com/apple-patches-intel-side-channel-ios-macos/144743/>), [Google ](<https://support.google.com/faqs/answer/9330250>)and [Microsoft](<https://threatpost.com/microsoft-patches-zero-day/144742/>).\n\n\u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a [Microsoft advisory released Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013>). \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d\n\nTo completely address these issues, Intel said that there are additional [opt-in mitigations](<https://support.apple.com/kb/HT210107>) to disable hyper threading and enable microcode-based mitigations for all processes by default.\n\n## Performance Hits From Fixes Ignite Concerns\n\nNews that Intel\u2019s fix for ZombieLoad will slow CPU performance has ignited concerns that people will be dissuaded to update their machines. It was a similar case when Spectre and Meltdown fixes were first introduced in 2018.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/15114317/mds-server-hton-16x9.png>)\n\nFor instance, in a security release Apple said that [in tests](<https://support.apple.com/en-us/HT210108>) it found \u201cas much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks\u201d depending on the system.\n\nIntel for its part has a much smaller performance hit estimate: Foe example, in a Core i9 9900K with Hyper-Threading disabled, the company said that the hit could be as little as 9 percent on select data center workloads post-mitigation, for instance.\n\n## How can People Know if Their Systems are Impacted?\n\nResearchers said that it is \u201cvery likely\u201d that Intel chip users\u2019 systems are impacted by the MDS vulnerabilities and subsequent attacks.\n\n\u201cOur attacks affect all modern Intel CPUs in servers, desktops and laptops,\u201d said Fallout researchers [in a post](<https://mdsattacks.com>). \u201cThis includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.\u201d\n\nResearchers also made a tool, [available here](<https://mdsattacks.com>), to discover whether their systems are impacted.\n\n## Side Channel Attacks Continue\n\nThe incident shows that side channel speculative execution attacks continue to plague Intel chips since the Spectre and the related Meltdown vulnerability [were disclosed](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>) in 2018. For instance, in May 2018, in May, a [new vulnerability was found called Variant 4](<https://threatpost.com/intels-virtual-fences-spectre-fix-wont-protect-against-variant-4/132246/>), disclosed by Google Project Zero and Microsoft\u2019s Security Response Center; researchers said it potentially enables attackers to read privileged data across trust boundaries.\n\nMeanwhile, a new Spectre-class exploit, [dubbed SpectreRSB](<https://threatpost.com/new-spectre-level-flaw-targets-return-stack-buffer/134299/>), was detailed by researchers from the University of California at Riverside in a [research paper](<https://arxiv.org/pdf/1807.07940.pdf>) in July; while in August, three new speculative execution design flaws in Intel CPUs [were disclosed](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>), impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-15T16:48:11", "published": "2019-05-15T16:48:11", "id": "THREATPOST:B43D65BEF15E504CF4DFB8EB516972D7", "href": "https://threatpost.com/intel-zombieload-side-channel-attack-10-takeaways/144771/", "type": "threatpost", "title": "Intel ZombieLoad Side-Channel Attack: 10 Takeaways", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-11T11:47:19", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system\u2019s CPU.\n\nIntel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems.\n\n\u201cFirst identified by Intel\u2019s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques,\u201d Intel said in an advisory [released Tuesday](<https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html>). \u201cUnder certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nIntel said it is not aware of any reported real-world exploits of these security issues.\n\nThese vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091) derive from a process called speculative execution in processors. It\u2019s is used in microprocessors so that memory can read before the addresses of all prior memory writes are known; an attacker with local user access can use a side-channel analysis to gain unauthorized disclosure of information.[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14135233/intel.png>)\n\nHowever, while speculative execution side channel previous attacks \u2013 like Meltdown \u2013 targeted data stored in the CPU\u2019s memory that relies on this process; MDS looks to a different component in the chip using speculative execution. Those components are buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers), or Store Buffers (temporary buffers to hold store addresses and data).\n\n\u201cThese structures are much smaller than the [level 1 data cache], and therefore hold less data and are overwritten more frequently,\u201d Intel said in an [analysis of the flaws](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling>). \u201cIt is also more difficult to use MDS methods to infer data that is associated with a specific memory address, which may require the malicious actor to collect significant amounts of data and analyze it to locate any protected data.\u201d\n\n## Attack Vectors\n\nThe [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding, and have been detailed and publicly disclosed on Tuesday by an array of security researchers.\n\nThe ZombieLoad attack \u201cresurrects your private browsing-history and other sensitive data. It allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments,\u201d according to a [page breaking down](<https://cpu.fail/>) the MDS attack vectors.\n\nWith RIDL (Rogue In-Flight Data Load) attackers can exploit MDS flaws to leak sensitive data: \u201cBy analyzing the impact on the CPU pipeline, we developed a variety of practical exploits leaking in-flight data from different internal CPU buffers (such as Line-Fill Buffers and Load Ports), used by the CPU while loading or storing data from memory,\u201d [researchers](<https://mdsattacks.com/files/ridl.pdf>) with VUSec and CISPA said.\n\nMeanwhile, the [Fallout attack](<https://mdsattacks.com/files/fallout.pdf>) allows bad actors to leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data, several independent researchers (a full list of who discovered the Fallout attack can be found [here](<https://mdsattacks.com/>)) said.\n\nFinally, the Store-To-Leak Forwarding attack \u201cexploits CPU optimizations introduced by the store buffer to break address randomization, monitor the operating system or to leak data when combined with Spectre gadgets,\u201d according to [researchers](<https://cpu.fail/store_to_leak_forwarding.pdf>) with the Graz University of Technology.\n\n## Mitigations\n\nIntel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d\n\nHowever, researchers who discovered the flaws were more concerned about their impact: \u201cThe implications are worrisome,\u201d researchers who discovered RDIL [said](<https://mdsattacks.com/files/ridl.pdf>). \u201cContrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software.\u201d\n\nIntel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes.\n\nIn addition to hardware fixes, Intel is releasing processor microcode updates as part of its regularly-scheduled update process with OEMs to address the issue in products where MDS is not addressed in hardware.\n\nAn array of vendors have released separate security advisories in response to MDS, including [Red Hat](<https://access.redhat.com/security/vulnerabilities/mds>), [Oracle](<https://blogs.oracle.com/security/intelmds>) and Microsoft.\n\n\u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a [Microsoft advisory released Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190013>). \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d\n\n## Side Channel Attacks\n\nSide channel speculative execution attacks continue to plague Intel chips \u2013 in August, three new speculative execution design flaws in Intel CPUs [were disclosed](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>), impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\nOther Spectre-class flaws have been discovered over the past half year since Spectre and the related Meltdown vulnerability [were found](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>), including side-channel variants 1, 2, 3, 3a, and 4.\n\nRaoul Strackx, post-doctoral researcher at KU Leuven, who discovered the [Foreshadow](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>) side-channel attack, [recently told Threatpost](<https://threatpost.com/foreshadow-attack/142299/>) that \u201cbasically it comes down to the fact that these processes are simply becoming way too complex.\u201d\n\n\u201cI would say that\u2019s the main problem, but if you disable speculative execution, then the performance impact is going to be huge, and so no one would be willing to do this. So there needs to be more academic research there,\u201d he said.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-14T18:01:49", "published": "2019-05-14T18:01:49", "id": "THREATPOST:6D16350D7053F9F2166165E3E33239B9", "href": "https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/", "type": "threatpost", "title": "Intel CPUs Impacted By New Class of Spectre-Like Attacks", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-05-18T01:05:01", "published": "2019-05-18T01:05:01", "id": "FEDORA:E197860874D7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xen-4.11.1-5.fc30", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-15T01:44:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 4, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3984-1", "href": "https://ubuntu.com/security/notices/USN-3984-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "myhack58": [{"lastseen": "2019-05-20T05:22:37", "bulletinFamily": "info", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Background understanding\n\n5 March 15, the media exposed, security researchers at a month before the Intel chip found in the one called\u201cZombieLoad\u201dthe new vulnerability, this vulnerability may allow an attacker to obtain the current processor is processing the sensitive data.\n\nAn attacker can exploit this vulnerability to initiate the Intel chip's side-channel attack, which is following the earlier Meltdown, the Spectre and Foreshadow after the most serious security vulnerabilities, researchers at a month previous to the Intel report these vulnerabilities.\n\n\u201cZombieLoad\u201ddirect understanding is the\u201czombie load\u201d, i.e. the processor can't understand or properly handle the large amounts of data, forcing the processor to the processor of the microcode request help to prevent a crash. The application usually can only see their own data, but this vulnerability could allow data flow through these boundary walls. The researchers said that ZombieLoad the leakage of the processor cores that are currently loaded all the data. This means that hackers make use of is actually a design flaw, rather than the injection of malicious code.\n\nAttack\n\nWith three previous side-channel attack Meltdown, the Spectre and Foreshadow\uff09in a similar way, the new attack is the use of the processor's speculative execution in the process of vulnerability.\n\nThis vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling\uff08MDS\uff09attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing.\n\nIntel said ZombieLoad includes 4 exploits. Respectively, is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of and privacy of data.\n\nThe scope of the impact\n\nSince 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. At the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large.\n\nBug fixes\n\nCurrently Intel has released a microcode update, and the new processor will not be affected. This includes the Intel Xeon, the Broadwell And Sandy Bridge, And Skylake and Haswell chips and models. Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake, and all of the atom and the Knights of the processor are also affected.\n\nCurrently, Apple, Microsoft and Google have already released patches.\n\nIntel on the micro-structure of the data sampling analysis\n\nThe micro-architecture of the data sampling\uff08MDS\uff09work principle\n\nMDS allows can be executed locally on the system the code of the malicious user inferred by the schema mechanism to protect the data, although the use of loopholes\u201cZombieLoad\u201don the system to locate specific data may be very difficult, but the malicious attacker can collect and analyze large amounts of data to find the protected data. Specific process, please see the deep dive in the MDS table: CPUID enumeration and architecture of the MSR action, through this way to obtain may be affected by MDS the impact of the processor list. MDS only relates to the primary data cache(L1D)outside of the micro system structure the structure of The Associated method, and therefore does not include the exception data cache load(RDCL)or L1 Terminal failure(L1TF)\u3002\n\nMDS speculative execution side-channel method can be used to leak following micro-architectural structures in the data:\n\n1. Storage buffer: used to save the storage address and the data of the temporary buffers;\n\n2. Fill the buffer: CPU cache between the temporary buffer;\n\n3. Loading port: will be loaded into the data register when using the temporary buffer;\n\nOf these structure than the L1D is much smaller, and therefore can save less data, and more are frequently covered. The use of MDS methods to infer with a particular memory address associated with the data is also more difficult, which may require a malicious attacker to gather a lot of data and analyzed to find any protected data.\n\nThe new micro-code update(MCUs)is being planned to be released to help the program mitigate these vulnerabilities. Intel recommends that in switching to the previous program untrusted program to update the micro code and remove the micro-architecture of the buffer area. These mitigation measures will be required for the[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>), the Virtual Machine Management Program and the Intel \u00aeprogram Protection Extensions the Intel \u00aeSGX for changes and updates.\n\nIn this document the micro-architecture details only apply to the MDS technical effect of the processor, and not all Intel processors a General purpose processor. For the affected processor list, please refer to the CPUID enumeration and architecture of the MSR.\n\nThe micro-architecture of the storage buffer data sampling\uff08MSBDS\uff09CVE-2018-12126\n\nPerform the storage operation, the processor writes data is called a storage buffer of a temporary micro-architecture. This makes the processor capable of writing data into the cache or main memory before continuing execution of the storage operation after the instruction. In addition, the I / O write, for example, the OUT is also stored in the storage buffer.\n\nWhen the load operation from the earlier Store operation to the same memory address when data is read, the processor can directly from the memory buffer forwards the data to the load operation instead of the wait from memory or cache to load data, this optimization process is referred to as a repository to load forwarding store-to-load forwarding it.\n\nUnder certain conditions, from the storage operation of the data from the Store Buffer is speculatively forwarded to a different memory address of the fault or auxiliary load operation. Since the memory size is less than the stored buffer width, or not to perform storage of the data portion, therefore storage may not cover the memory buffer within the entire data field. These situations may cause forwarding of data from previously stored data. Since the loading operation will lead to a fault/assist1 and its results will be discarded, and therefore the forwarding of data does not lead to the vulnerability of the program execution or the architectural state change. However, a malicious attacker may be able to be such only for speculative data forwarded to an open-source gadget framework disclosure gadget, to allow them to infer this value.\n\nMSBDS the cross-thread implications\n\nFor the MSBDS effects processors, physical cores on the stored data buffer in the kernel on the active thread on the static partition. This means that having two active threads of the kernel will have half the storage buffer entry is used only for Thread 1, the half only for another thread. When the thread enters the sleep state, its store buffer entry may be other active threads to use. This will cause previously used to enter the sleep state of the thread, and may contain expired data of the storage buffer entry by the other active thread reuse. When a thread from a sleep state is Wake-up time, the storage buffer will be re-partition. This will cause the memory buffer Store Buffer entry from the already active thread of the transmission to just Wake up the thread.\n\nThe micro-architecture of the fill of the buffer data sampling\uff08MFBDS\uff09CVE-2018-12130\n\nFill the buffer is an internal structure, for collecting a first level data cache lost data. When the memory request missing the L1 data cache, the processor will allocate a fill buffer to manage the data of the cache line Request. In addition, the fill buffer is also temporary management response to the memory or by the I / O operation returns, or to send the data. Fill the buffer data can be forwarded to the load operation, you can also write data to the data cache. Once the fill buffer data is written to the cache, the processor will release the fill buffer, thereby allowing in the future the memory operation in the reuse of the entry.\n", "edition": 1, "modified": "2019-05-20T00:00:00", "published": "2019-05-20T00:00:00", "id": "MYHACK58:62201994183", "href": "http://www.myhack58.com/Article/html/3/62/2019/94183.htm", "title": "Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities\u201cZombieLoad\u201ddetailed technical analysis on-the vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "cloudfoundry": [{"lastseen": "2019-07-12T20:44:31", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n## Description\n\n[USN-3977-1](<https://usn.ubuntu.com/3977-1>) and [USN-3977-2](<https://usn.ubuntu.com/3977-2>) provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html>))\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html>))\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html>))\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11091.html>))\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.131\n * 3541.x versions prior to 3541.125\n * 3468.x versions prior to 3468.136\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.64\n * 250.x versions prior to 250.73\n * 170.x versions prior to 170.93\n * 97.x versions prior to 97.122\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.131\n * Upgrade 3541.x versions to 3541.125\n * Upgrade 3468.x versions to 3468.136\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.64\n * Upgrade 250.x versions to 250.73\n * Upgrade 170.x versions to 170.93\n * Upgrade 97.x versions to 97.122\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-3](<https://usn.ubuntu.com/3977-3>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 1, "modified": "2019-07-12T00:00:00", "published": "2019-07-12T00:00:00", "id": "CFOUNDRY:B2E69F41B4038981C401E61FA93A1C88", "href": "https://www.cloudfoundry.org/blog/usn-3977-3/", "title": "USN-3977-3: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}]}