Bug 1646781 (CVE-2018-12126)
Summary: | CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, agedosier, ahardin, airlied, amit, areis, berrange, bhu, bleanhar, bmcclain, brdeoliv, bskeggs, ccoleman, cfergeau, clalancette, danken, dbecker, dblechte, dedgar, dfediuck, dhoward, dvlasenk, dwmw2, eblake, eedri, ehabkost, emcnabb, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jbastian, jcm, jdenemar, jen, jeremy, jferlan, jforbes, jglisse, jgoulding, jjoyce, jkacur, jlelli, jmario, jobaker, john.j5live, jonathan, josef, jpoimboe, jross, jschluet, jstancek, jsuchane, jwboyer, kbasil, kernel-maint, kernel-mgr, knoel, labbott, laine, lgoncalv, lhh, libvirt-maint, lilu, linville, longman, lpeer, lsurette, matt, mburns, mchappel, mchehab, mcressma, mgoldboi, michal.skrivanek, mjenner, mjg59, mkenneth, mrezanin, mst, nmurray, osoukup, pbonzini, pkrempa, plougher, pmatouse, pmyers, rbalakri, ribarry, richard.poettler, rjones, rt-maint, rvrbovsk, sbonazzo, sclewis, security-response-team, sherold, slinaber, srevivo, steved, tburke, tgolembi, veillard, virt-maint, virt-maint, williams, wmealing, wrd, ycui, yjog, ykopkova, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-05-22 15:08:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1690335, 1690337, 1690338, 1690339, 1690340, 1690341, 1692386, 1692597, 1693216, 1693217, 1693219, 1693220, 1693221, 1693222, 1693243, 1697550, 1697551, 1698769, 1698770, 1698771, 1698772, 1698773, 1698774, 1698775, 1698776, 1698777, 1698778, 1698779, 1698780, 1698781, 1698782, 1698783, 1698784, 1698785, 1698786, 1698787, 1698788, 1698789, 1698790, 1698791, 1698792, 1698793, 1698794, 1698795, 1698796, 1698797, 1698798, 1698799, 1698800, 1698809, 1698810, 1703295, 1703296, 1703297, 1703298, 1703299, 1703300, 1704533, 1704534, 1704535, 1704536, 1704545, 1704546, 1704548, 1704549, 1704550, 1704551, 1704611, 1704612, 1704613, 1704614, 1704615, 1704616, 1704617, 1704985, 1707262, 1709976, 1709977, 1710002, 1710830, 1716254, 1716262 | ||
Bug Blocks: | 1646797, 1705393, 1705394, 1705395, 1705397, 1705398, 1705399 |
Description
Wade Mealing
2018-11-06 02:09:52 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1709976] Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1709977] External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html https://access.redhat.com/security/vulnerabilities/mds This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194 This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200 This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203 This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207 This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.0.0.Z Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553 Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL. OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects. |