1705312 – (CVE-2019-11091) CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Bug 1705312 (CVE-2019-11091) - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Summary: CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-11091
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1705799 1705800 1705801 1705802 1705803 1705804 1705805 1705806 1705807 1705808 1705809 1705810 1705811 1705812 1705813 1705814 1705815 1705816 1705817 1705818 1705819 1705820 1705821 1705822 1705823 1705824 1705825 1705826 1705827 1705828 1705829 1705830 1705831 1705832 1705833 1705834 1705835 1705836 1705837 1705838 1705839 1705840 1705841 1705842 1705843 1705844 1705845 1705846 1705847 1705848 1705849 1705850 1705851 1705852 1705853 1707272 1707274 1707275 1707633 1708449 1709081 1709082 1709296 1709983 1709984 1710006 1710844 1710845 1713695 1713709 1713710 1716257 1716263
Blocks:	1646797 1705393 1705394 1705395 1705397 1705398 1705399
TreeView+	depends on / blocked

Reported:	2019-05-02 00:35 UTC by Wade Mealing
Modified:	2023-09-23 18:19 UTC (History)
CC List:	106 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
Clone Of:
Environment:
Last Closed:	2019-05-22 15:09:35 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:1241	None	None	None	2019-05-16 19:29:39 UTC
Red Hat Product Errata	RHBA-2019:1242	None	None	None	2019-05-16 19:28:55 UTC
Red Hat Product Errata	RHSA-2019:1155	None	None	None	2019-05-14 19:11:02 UTC
Red Hat Product Errata	RHSA-2019:1167	None	None	None	2019-05-14 18:14:02 UTC
Red Hat Product Errata	RHSA-2019:1168	None	None	None	2019-05-14 19:07:58 UTC
Red Hat Product Errata	RHSA-2019:1169	None	None	None	2019-05-14 18:30:49 UTC
Red Hat Product Errata	RHSA-2019:1170	None	None	None	2019-05-14 19:08:46 UTC
Red Hat Product Errata	RHSA-2019:1171	None	None	None	2019-05-14 20:46:03 UTC
Red Hat Product Errata	RHSA-2019:1172	None	None	None	2019-05-14 20:19:07 UTC
Red Hat Product Errata	RHSA-2019:1174	None	None	None	2019-05-14 18:14:14 UTC
Red Hat Product Errata	RHSA-2019:1175	None	None	None	2019-05-14 18:13:50 UTC
Red Hat Product Errata	RHSA-2019:1176	None	None	None	2019-05-14 19:08:14 UTC
Red Hat Product Errata	RHSA-2019:1177	None	None	None	2019-05-14 19:07:18 UTC
Red Hat Product Errata	RHSA-2019:1178	None	None	None	2019-05-14 19:07:32 UTC
Red Hat Product Errata	RHSA-2019:1179	None	None	None	2019-05-14 19:07:43 UTC
Red Hat Product Errata	RHSA-2019:1180	None	None	None	2019-05-14 18:31:38 UTC
Red Hat Product Errata	RHSA-2019:1181	None	None	None	2019-05-14 18:32:00 UTC
Red Hat Product Errata	RHSA-2019:1182	None	None	None	2019-05-14 19:10:49 UTC
Red Hat Product Errata	RHSA-2019:1183	None	None	None	2019-05-14 19:11:17 UTC
Red Hat Product Errata	RHSA-2019:1184	None	None	None	2019-05-14 19:09:03 UTC
Red Hat Product Errata	RHSA-2019:1185	None	None	None	2019-05-14 19:09:15 UTC
Red Hat Product Errata	RHSA-2019:1186	None	None	None	2019-05-14 20:46:43 UTC
Red Hat Product Errata	RHSA-2019:1187	None	None	None	2019-05-14 20:46:33 UTC
Red Hat Product Errata	RHSA-2019:1188	None	None	None	2019-05-14 20:47:14 UTC
Red Hat Product Errata	RHSA-2019:1189	None	None	None	2019-05-14 20:46:59 UTC
Red Hat Product Errata	RHSA-2019:1190	None	None	None	2019-05-14 20:27:17 UTC
Red Hat Product Errata	RHSA-2019:1193	None	None	None	2019-05-14 19:52:15 UTC
Red Hat Product Errata	RHSA-2019:1194	None	None	None	2019-05-14 20:30:14 UTC
Red Hat Product Errata	RHSA-2019:1195	None	None	None	2019-05-14 19:53:00 UTC
Red Hat Product Errata	RHSA-2019:1196	None	None	None	2019-05-14 19:52:40 UTC
Red Hat Product Errata	RHSA-2019:1197	None	None	None	2019-05-14 20:46:15 UTC
Red Hat Product Errata	RHSA-2019:1198	None	None	None	2019-05-14 19:53:10 UTC
Red Hat Product Errata	RHSA-2019:1199	None	None	None	2019-05-14 20:44:27 UTC
Red Hat Product Errata	RHSA-2019:1200	None	None	None	2019-05-14 20:44:56 UTC
Red Hat Product Errata	RHSA-2019:1201	None	None	None	2019-05-14 20:45:51 UTC
Red Hat Product Errata	RHSA-2019:1202	None	None	None	2019-05-14 20:45:30 UTC
Red Hat Product Errata	RHSA-2019:1203	None	None	None	2019-05-14 21:10:20 UTC
Red Hat Product Errata	RHSA-2019:1204	None	None	None	2019-05-14 21:10:36 UTC
Red Hat Product Errata	RHSA-2019:1205	None	None	None	2019-05-14 21:10:47 UTC
Red Hat Product Errata	RHSA-2019:1206	None	None	None	2019-05-14 21:11:08 UTC
Red Hat Product Errata	RHSA-2019:1207	None	None	None	2019-05-14 21:11:20 UTC
Red Hat Product Errata	RHSA-2019:1208	None	None	None	2019-05-14 21:11:51 UTC
Red Hat Product Errata	RHSA-2019:1209	None	None	None	2019-05-14 21:11:30 UTC
Red Hat Product Errata	RHSA-2019:1455	None	None	None	2019-06-11 13:35:58 UTC
Red Hat Product Errata	RHSA-2019:2553	None	None	None	2019-08-22 09:18:47 UTC

Description Wade Mealing 2019-05-02 00:35:28 UTC

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.



Additional information:
https://access.redhat.com/security/vulnerabilities/mds

Upstream fixes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5

Intel Advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

Comment 17 Wade Mealing 2019-05-14 17:15:20 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1709983]


Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1709984]

Comment 18 Petr Matousek 2019-05-14 17:45:16 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1710006]

Comment 19 errata-xmlrpc 2019-05-14 18:13:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175

Comment 20 errata-xmlrpc 2019-05-14 18:13:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167

Comment 21 errata-xmlrpc 2019-05-14 18:14:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174

Comment 22 errata-xmlrpc 2019-05-14 18:30:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169

Comment 23 errata-xmlrpc 2019-05-14 18:31:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180

Comment 24 errata-xmlrpc 2019-05-14 18:31:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181

Comment 25 errata-xmlrpc 2019-05-14 19:07:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177

Comment 26 errata-xmlrpc 2019-05-14 19:07:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178

Comment 27 errata-xmlrpc 2019-05-14 19:07:40 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179

Comment 28 errata-xmlrpc 2019-05-14 19:07:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168

Comment 29 errata-xmlrpc 2019-05-14 19:08:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176

Comment 30 errata-xmlrpc 2019-05-14 19:08:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170

Comment 31 errata-xmlrpc 2019-05-14 19:08:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184

Comment 32 errata-xmlrpc 2019-05-14 19:09:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185

Comment 33 errata-xmlrpc 2019-05-14 19:10:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182

Comment 34 errata-xmlrpc 2019-05-14 19:10:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155

Comment 35 errata-xmlrpc 2019-05-14 19:11:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183

Comment 36 errata-xmlrpc 2019-05-14 19:52:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193

Comment 37 errata-xmlrpc 2019-05-14 19:52:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196

Comment 38 errata-xmlrpc 2019-05-14 19:52:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195

Comment 39 errata-xmlrpc 2019-05-14 19:53:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198

Comment 40 errata-xmlrpc 2019-05-14 20:19:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172

Comment 41 errata-xmlrpc 2019-05-14 20:27:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190

Comment 42 errata-xmlrpc 2019-05-14 20:30:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194

Comment 43 errata-xmlrpc 2019-05-14 20:44:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199

Comment 44 errata-xmlrpc 2019-05-14 20:44:52 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200

Comment 45 errata-xmlrpc 2019-05-14 20:45:26 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202

Comment 46 errata-xmlrpc 2019-05-14 20:45:47 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201

Comment 47 errata-xmlrpc 2019-05-14 20:45:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171

Comment 48 errata-xmlrpc 2019-05-14 20:46:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197

Comment 49 errata-xmlrpc 2019-05-14 20:46:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187

Comment 50 errata-xmlrpc 2019-05-14 20:46:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186

Comment 51 errata-xmlrpc 2019-05-14 20:46:55 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189

Comment 52 errata-xmlrpc 2019-05-14 20:47:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188

Comment 53 errata-xmlrpc 2019-05-14 21:10:12 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203

Comment 54 errata-xmlrpc 2019-05-14 21:10:30 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204

Comment 55 errata-xmlrpc 2019-05-14 21:10:43 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205

Comment 56 errata-xmlrpc 2019-05-14 21:11:04 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206

Comment 57 errata-xmlrpc 2019-05-14 21:11:15 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207

Comment 58 errata-xmlrpc 2019-05-14 21:11:26 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209

Comment 59 errata-xmlrpc 2019-05-14 21:11:46 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208

Comment 66 errata-xmlrpc 2019-06-11 13:35:53 UTC

This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.0.0.Z

Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455

Comment 69 errata-xmlrpc 2019-08-22 09:18:43 UTC

This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553

Comment 70 msiddiqu 2019-10-09 07:42:40 UTC

Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
agedosier
ahardin
airlied
amit
areis
berrange
bhu
blc
bleanhar
bmcclain
brdeoliv
bskeggs
ccoleman
cfergeau
clalancette
danken
dbecker
dblechte
dedgar
dfediuck
dhoward
dvlasenk
dwmw2
eblake
eedri
ehabkost
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jcm
jdenemar
jen
jeremy
jferlan
jforbes
jglisse
jgoulding
jjoyce
jkacur
john.j5live
jonathan
josef
jross
jschluet
jshortt
jstancek
jsuchane
jwboyer
kbasil
kernel-maint
kernel-mgr
knoel
labbott
laine
lgoncalv
lhh
libvirt-maint
linville
lpeer
lsurette
matt
mburns
mchappel
mchehab
mcressma
mgoldboi
michal.skrivanek
mjg59
mkenneth
mlangsdo
mrezanin
mst
nmurray
osoukup
pbonzini
pkrempa
plougher
pmatouse
rbalakri
ribarry
richard.poettler
rjones
rt-maint
rvrbovsk
sbonazzo
sclewis
security-response-team
sherold
slinaber
srevivo
steved
tburke
tgolembi
veillard
virt-maint
virt-maint
williams
ycui
yjog
yturgema