SB2019051422 - Microarchitectural Data Sampling speculative side channel in Xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019051422

SB2019051422 - Microarchitectural Data Sampling speculative side channel in Xen

Published: May 14, 2019 Updated: July 28, 2020

Security Bulletin ID SB2019051422
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-12126)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


2) Information disclosure (CVE-ID: CVE-2018-12127)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


3) Information disclosure (CVE-ID: CVE-2018-12130)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


4) Information disclosure (CVE-ID: CVE-2019-11091)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


Remediation

Install update from vendor's website.

References