A flaw was found in many Intel microprocessor designs related to possible information leak of the processor store buffer structure which contains recent stores (writes) to memory.. Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. The processor store buffer is conceptually a table of address, value, and 'is valid' entries. As the sub-operations can execute independently of each other, they can each update the address, and/or value columns of the table independently. This means that at different points in time the address or value may be invalid. The processor may speculatively forward entries from the store buffer. The split design used allows for such forwarding to speculatively use stale values, such as the wrong address, returning data from a previous unrelated store. Since this only occurs for loads that will be reissued following the fault/assist resolution, the program is not architecturally impacted, but store buffer state can be leaked to malicious code carefully crafted to retrieve this data via side-channel analysis. The processor store buffer entries are equally divided between the number of active Hyper-Threads. Conditions such as power-state change can reallocate the processor store buffer entries in a half-updated state to another thread without ensuring that the entries have been cleared. Additional information: https://access.redhat.com/security/vulnerabilities/mds Upstream fixes: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5 Intel Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1709976] Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1709977]
External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html https://access.redhat.com/security/vulnerabilities/mds
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200
This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203
This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207
This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.0.0.Z Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553
Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.
OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects.