Bug 1646781 (CVE-2018-12126) - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
Summary: CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-12126
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1690335 1690337 1690338 1690339 1690340 1690341 1692386 1692597 1693216 1693217 1693219 1693220 1693221 1693222 1693243 1697550 1697551 1698769 1698770 1698771 1698772 1698773 1698774 1698775 1698776 1698777 1698778 1698779 1698780 1698781 1698782 1698783 1698784 1698785 1698786 1698787 1698788 1698789 1698790 1698791 1698792 1698793 1698794 1698795 1698796 1698797 1698798 1698799 1698800 1698809 1698810 1703295 1703296 1703297 1703298 1703299 1703300 1704533 1704534 1704535 1704536 1704545 1704546 1704548 1704549 1704550 1704551 1704611 1704612 1704613 1704614 1704615 1704616 1704617 1704985 1707262 1709976 1709977 1710002 1710830 1716254 1716262
Blocks: 1646797 1705393 1705394 1705395 1705397 1705398 1705399
TreeView+ depends on / blocked
 
Reported: 2018-11-06 02:09 UTC by Wade Mealing
Modified: 2023-05-12 21:13 UTC (History)
116 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.
Clone Of:
Environment:
Last Closed: 2019-05-22 15:08:48 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1241 0 None None None 2019-05-16 19:29:34 UTC
Red Hat Product Errata RHBA-2019:1242 0 None None None 2019-05-16 19:28:50 UTC
Red Hat Product Errata RHSA-2019:1155 0 None None None 2019-05-14 19:10:51 UTC
Red Hat Product Errata RHSA-2019:1167 0 None None None 2019-05-14 18:13:51 UTC
Red Hat Product Errata RHSA-2019:1168 0 None None None 2019-05-14 19:07:48 UTC
Red Hat Product Errata RHSA-2019:1169 0 None None None 2019-05-14 18:30:39 UTC
Red Hat Product Errata RHSA-2019:1170 0 None None None 2019-05-14 19:08:37 UTC
Red Hat Product Errata RHSA-2019:1171 0 None None None 2019-05-14 20:45:53 UTC
Red Hat Product Errata RHSA-2019:1172 0 None None None 2019-05-14 20:18:56 UTC
Red Hat Product Errata RHSA-2019:1174 0 None None None 2019-05-14 18:14:04 UTC
Red Hat Product Errata RHSA-2019:1175 0 None None None 2019-05-14 18:13:32 UTC
Red Hat Product Errata RHSA-2019:1176 0 None None None 2019-05-14 19:08:04 UTC
Red Hat Product Errata RHSA-2019:1177 0 None None None 2019-05-14 19:07:08 UTC
Red Hat Product Errata RHSA-2019:1178 0 None None None 2019-05-14 19:07:22 UTC
Red Hat Product Errata RHSA-2019:1179 0 None None None 2019-05-14 19:07:33 UTC
Red Hat Product Errata RHSA-2019:1180 0 None None None 2019-05-14 18:31:05 UTC
Red Hat Product Errata RHSA-2019:1181 0 None None None 2019-05-14 18:31:47 UTC
Red Hat Product Errata RHSA-2019:1182 0 None None None 2019-05-14 19:10:20 UTC
Red Hat Product Errata RHSA-2019:1183 0 None None None 2019-05-14 19:11:07 UTC
Red Hat Product Errata RHSA-2019:1184 0 None None None 2019-05-14 19:08:52 UTC
Red Hat Product Errata RHSA-2019:1185 0 None None None 2019-05-14 19:09:03 UTC
Red Hat Product Errata RHSA-2019:1186 0 None None None 2019-05-14 20:46:45 UTC
Red Hat Product Errata RHSA-2019:1187 0 None None None 2019-05-14 20:46:22 UTC
Red Hat Product Errata RHSA-2019:1188 0 None None None 2019-05-14 20:47:04 UTC
Red Hat Product Errata RHSA-2019:1189 0 None None None 2019-05-14 20:47:17 UTC
Red Hat Product Errata RHSA-2019:1190 0 None None None 2019-05-14 20:27:00 UTC
Red Hat Product Errata RHSA-2019:1193 0 None None None 2019-05-14 19:52:04 UTC
Red Hat Product Errata RHSA-2019:1194 0 None None None 2019-05-14 20:30:00 UTC
Red Hat Product Errata RHSA-2019:1195 0 None None None 2019-05-14 19:52:49 UTC
Red Hat Product Errata RHSA-2019:1196 0 None None None 2019-05-14 19:52:28 UTC
Red Hat Product Errata RHSA-2019:1197 0 None None None 2019-05-14 20:46:05 UTC
Red Hat Product Errata RHSA-2019:1198 0 None None None 2019-05-14 19:53:00 UTC
Red Hat Product Errata RHSA-2019:1199 0 None None None 2019-05-14 20:44:17 UTC
Red Hat Product Errata RHSA-2019:1200 0 None None None 2019-05-14 20:44:43 UTC
Red Hat Product Errata RHSA-2019:1201 0 None None None 2019-05-14 20:45:32 UTC
Red Hat Product Errata RHSA-2019:1202 0 None None None 2019-05-14 20:45:11 UTC
Red Hat Product Errata RHSA-2019:1203 0 None None None 2019-05-14 21:10:03 UTC
Red Hat Product Errata RHSA-2019:1204 0 None None None 2019-05-14 21:10:21 UTC
Red Hat Product Errata RHSA-2019:1205 0 None None None 2019-05-14 21:10:36 UTC
Red Hat Product Errata RHSA-2019:1206 0 None None None 2019-05-14 21:10:57 UTC
Red Hat Product Errata RHSA-2019:1207 0 None None None 2019-05-14 21:11:09 UTC
Red Hat Product Errata RHSA-2019:1208 0 None None None 2019-05-14 21:11:40 UTC
Red Hat Product Errata RHSA-2019:1209 0 None None None 2019-05-14 21:11:20 UTC
Red Hat Product Errata RHSA-2019:1455 0 None None None 2019-06-11 13:35:47 UTC
Red Hat Product Errata RHSA-2019:2553 0 None None None 2019-08-22 09:18:32 UTC

Description Wade Mealing 2018-11-06 02:09:52 UTC 
A flaw was found in many Intel microprocessor designs related to possible information leak of the processor store buffer structure which contains recent stores (writes) to memory..

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'.

The processor store buffer is conceptually a table of address, value, and 'is valid' entries. As the sub-operations can execute independently of each other, they can each update the address, and/or value columns of the table independently. This means that at different points in time the address or value may be invalid. 


The processor may speculatively forward entries from the store buffer. The split design used allows for such forwarding to speculatively use stale values, such as the wrong address, returning data from a previous unrelated store. Since this only occurs for loads that will be reissued following the fault/assist resolution, the program is not architecturally impacted, but store buffer state can be leaked to malicious code carefully crafted to retrieve this data via side-channel analysis.

The processor store buffer entries are equally divided between the number of active Hyper-Threads. Conditions such as power-state change can reallocate the processor store buffer entries in a half-updated state to another thread without ensuring that the entries have been cleared.



Additional information:
https://access.redhat.com/security/vulnerabilities/mds

Upstream fixes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5


Intel Advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Comment 23 Wade Mealing 2019-05-14 17:11:56 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1709976]


Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1709977]
Comment 24 Wade Mealing 2019-05-14 17:36:06 UTC 
External References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
https://access.redhat.com/security/vulnerabilities/mds
Comment 25 errata-xmlrpc 2019-05-14 18:13:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175
Comment 26 errata-xmlrpc 2019-05-14 18:13:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167
Comment 27 errata-xmlrpc 2019-05-14 18:14:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174
Comment 28 errata-xmlrpc 2019-05-14 18:30:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169
Comment 29 errata-xmlrpc 2019-05-14 18:31:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180
Comment 30 errata-xmlrpc 2019-05-14 18:31:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181
Comment 31 errata-xmlrpc 2019-05-14 19:07:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177
Comment 32 errata-xmlrpc 2019-05-14 19:07:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178
Comment 33 errata-xmlrpc 2019-05-14 19:07:29 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179
Comment 34 errata-xmlrpc 2019-05-14 19:07:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168
Comment 35 errata-xmlrpc 2019-05-14 19:07:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176
Comment 36 errata-xmlrpc 2019-05-14 19:08:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170
Comment 37 errata-xmlrpc 2019-05-14 19:08:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184
Comment 38 errata-xmlrpc 2019-05-14 19:08:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185
Comment 39 errata-xmlrpc 2019-05-14 19:10:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182
Comment 40 errata-xmlrpc 2019-05-14 19:10:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155
Comment 41 errata-xmlrpc 2019-05-14 19:11:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183
Comment 42 errata-xmlrpc 2019-05-14 19:52:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193
Comment 43 errata-xmlrpc 2019-05-14 19:52:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196
Comment 44 errata-xmlrpc 2019-05-14 19:52:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195
Comment 45 errata-xmlrpc 2019-05-14 19:52:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198
Comment 46 errata-xmlrpc 2019-05-14 20:18:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172
Comment 47 errata-xmlrpc 2019-05-14 20:26:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190
Comment 48 errata-xmlrpc 2019-05-14 20:29:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194
Comment 49 errata-xmlrpc 2019-05-14 20:44:13 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199
Comment 50 errata-xmlrpc 2019-05-14 20:44:38 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200
Comment 51 errata-xmlrpc 2019-05-14 20:45:06 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202
Comment 52 errata-xmlrpc 2019-05-14 20:45:28 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201
Comment 53 errata-xmlrpc 2019-05-14 20:45:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171
Comment 54 errata-xmlrpc 2019-05-14 20:46:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197
Comment 55 errata-xmlrpc 2019-05-14 20:46:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187
Comment 56 errata-xmlrpc 2019-05-14 20:46:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186
Comment 57 errata-xmlrpc 2019-05-14 20:46:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189
Comment 58 errata-xmlrpc 2019-05-14 20:46:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188
Comment 59 errata-xmlrpc 2019-05-14 20:47:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189
Comment 60 errata-xmlrpc 2019-05-14 21:09:54 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203
Comment 61 errata-xmlrpc 2019-05-14 21:10:13 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204
Comment 62 errata-xmlrpc 2019-05-14 21:10:31 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205
Comment 63 errata-xmlrpc 2019-05-14 21:10:53 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206
Comment 64 errata-xmlrpc 2019-05-14 21:11:04 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207
Comment 65 errata-xmlrpc 2019-05-14 21:11:15 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209
Comment 66 errata-xmlrpc 2019-05-14 21:11:36 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208
Comment 71 errata-xmlrpc 2019-06-11 13:35:42 UTC 
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.0.0.Z

Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455
Comment 74 errata-xmlrpc 2019-08-22 09:18:27 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553
Comment 75 msiddiqu 2019-10-09 07:42:37 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.
Comment 77 Sam Fowler 2020-05-18 06:32:38 UTC 
OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects.
Note You need to log in before you can comment on or make changes to this bug.