Bug 1705312 (CVE-2019-11091)

Summary: CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Product: [Other] Security Response Reporter: Wade Mealing <wmealing>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, agedosier, ahardin, airlied, amit, areis, berrange, bhu, blc, bleanhar, bmcclain, brdeoliv, bskeggs, ccoleman, cfergeau, clalancette, danken, dbecker, dblechte, dedgar, dfediuck, dhoward, dvlasenk, dwmw2, eblake, eedri, ehabkost, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jcm, jdenemar, jen, jeremy, jferlan, jforbes, jglisse, jgoulding, jjoyce, jkacur, john.j5live, jonathan, josef, jross, jschluet, jshortt, jstancek, jsuchane, jwboyer, kbasil, kernel-maint, kernel-mgr, knoel, labbott, laine, lgoncalv, lhh, libvirt-maint, linville, lpeer, lsurette, matt, mburns, mchappel, mchehab, mcressma, mgoldboi, michal.skrivanek, mjg59, mkenneth, mlangsdo, mrezanin, mst, nmurray, osoukup, pbonzini, pkrempa, plougher, pmatouse, rbalakri, ribarry, richard.poettler, rjones, rt-maint, rvrbovsk, sbonazzo, sclewis, security-response-team, sherold, slinaber, srevivo, steved, tburke, tgolembi, veillard, virt-maint, virt-maint, williams, ycui, yjog, yturgema
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-22 15:09:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1705799, 1705800, 1705801, 1705802, 1705803, 1705804, 1705805, 1705806, 1705807, 1705808, 1705809, 1705810, 1705811, 1705812, 1705813, 1705814, 1705815, 1705816, 1705817, 1705818, 1705819, 1705820, 1705821, 1705822, 1705823, 1705824, 1705825, 1705826, 1705827, 1705828, 1705829, 1705830, 1705831, 1705832, 1705833, 1705834, 1705835, 1705836, 1705837, 1705838, 1705839, 1705840, 1705841, 1705842, 1705843, 1705844, 1705845, 1705846, 1705847, 1705848, 1705849, 1705850, 1705851, 1705852, 1705853, 1707272, 1707274, 1707275, 1707633, 1708449, 1709081, 1709082, 1709296, 1709983, 1709984, 1710006, 1710844, 1710845, 1713695, 1713709, 1713710, 1716257, 1716263    
Bug Blocks: 1646797, 1705393, 1705394, 1705395, 1705397, 1705398, 1705399    

Description Wade Mealing 2019-05-02 00:35:28 UTC 
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.



Additional information:
https://access.redhat.com/security/vulnerabilities/mds

Upstream fixes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5

Intel Advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Comment 17 Wade Mealing 2019-05-14 17:15:20 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1709983]


Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1709984]
Comment 18 Petr Matousek 2019-05-14 17:45:16 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1710006]
Comment 19 errata-xmlrpc 2019-05-14 18:13:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175
Comment 20 errata-xmlrpc 2019-05-14 18:13:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167
Comment 21 errata-xmlrpc 2019-05-14 18:14:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174
Comment 22 errata-xmlrpc 2019-05-14 18:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169
Comment 23 errata-xmlrpc 2019-05-14 18:31:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180
Comment 24 errata-xmlrpc 2019-05-14 18:31:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181
Comment 25 errata-xmlrpc 2019-05-14 19:07:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177
Comment 26 errata-xmlrpc 2019-05-14 19:07:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178
Comment 27 errata-xmlrpc 2019-05-14 19:07:40 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179
Comment 28 errata-xmlrpc 2019-05-14 19:07:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168
Comment 29 errata-xmlrpc 2019-05-14 19:08:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176
Comment 30 errata-xmlrpc 2019-05-14 19:08:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170
Comment 31 errata-xmlrpc 2019-05-14 19:08:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184
Comment 32 errata-xmlrpc 2019-05-14 19:09:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185
Comment 33 errata-xmlrpc 2019-05-14 19:10:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182
Comment 34 errata-xmlrpc 2019-05-14 19:10:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155
Comment 35 errata-xmlrpc 2019-05-14 19:11:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183
Comment 36 errata-xmlrpc 2019-05-14 19:52:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193
Comment 37 errata-xmlrpc 2019-05-14 19:52:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196
Comment 38 errata-xmlrpc 2019-05-14 19:52:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195
Comment 39 errata-xmlrpc 2019-05-14 19:53:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198
Comment 40 errata-xmlrpc 2019-05-14 20:19:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172
Comment 41 errata-xmlrpc 2019-05-14 20:27:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190
Comment 42 errata-xmlrpc 2019-05-14 20:30:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194
Comment 43 errata-xmlrpc 2019-05-14 20:44:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199
Comment 44 errata-xmlrpc 2019-05-14 20:44:52 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200
Comment 45 errata-xmlrpc 2019-05-14 20:45:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202
Comment 46 errata-xmlrpc 2019-05-14 20:45:47 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201
Comment 47 errata-xmlrpc 2019-05-14 20:45:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171
Comment 48 errata-xmlrpc 2019-05-14 20:46:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197
Comment 49 errata-xmlrpc 2019-05-14 20:46:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187
Comment 50 errata-xmlrpc 2019-05-14 20:46:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186
Comment 51 errata-xmlrpc 2019-05-14 20:46:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189
Comment 52 errata-xmlrpc 2019-05-14 20:47:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188
Comment 53 errata-xmlrpc 2019-05-14 21:10:12 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203
Comment 54 errata-xmlrpc 2019-05-14 21:10:30 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204
Comment 55 errata-xmlrpc 2019-05-14 21:10:43 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205
Comment 56 errata-xmlrpc 2019-05-14 21:11:04 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206
Comment 57 errata-xmlrpc 2019-05-14 21:11:15 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207
Comment 58 errata-xmlrpc 2019-05-14 21:11:26 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209
Comment 59 errata-xmlrpc 2019-05-14 21:11:46 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208
Comment 66 errata-xmlrpc 2019-06-11 13:35:53 UTC 
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.0.0.Z

Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455
Comment 69 errata-xmlrpc 2019-08-22 09:18:43 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553
Comment 70 msiddiqu 2019-10-09 07:42:40 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.