Bug 1667782 (CVE-2018-12127) - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
Summary: CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Inform...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-12127
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190514:1700,...
: 1646775 1646778 (view as bug list)
Depends On: 1690360 1690361 1698890 1698895 1698912 1698916 1703308 1703310 1703311 1704565 1705791 1711105 1716261 1690358 1690359 1690362 1692388 1692599 1693234 1693235 1693236 1693237 1693238 1693239 1693240 1693241 1698887 1698889 1698891 1698892 1698894 1698896 1698897 1698898 1698899 1698900 1698901 1698902 1698903 1698904 1698905 1698906 1698907 1698908 1698909 1698910 1698911 1698913 1698914 1698915 1698917 1698925 1698926 1703309 1703312 1703313 1704537 1704538 1704539 1704540 1704552 1704553 1704554 1704555 1704566 1704618 1704619 1704620 1704621 1704622 1704623 1704624 1704986 1707267 1709978 1709979 1710004 1716256
Blocks: 1646797 1705393 1705394 1705395 1705397 1705398 1705399
TreeView+ depends on / blocked
 
Reported: 2019-01-21 04:29 UTC by Wade Mealing
Modified: 2019-08-22 09:18 UTC (History)
110 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.
Clone Of:
Environment:
Last Closed: 2019-05-22 15:10:30 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1241 None None None 2019-05-16 19:29:35 UTC
Red Hat Product Errata RHBA-2019:1242 None None None 2019-05-16 19:28:54 UTC
Red Hat Product Errata RHSA-2019:1155 None None None 2019-05-14 19:10:59 UTC
Red Hat Product Errata RHSA-2019:1167 None None None 2019-05-14 18:14:01 UTC
Red Hat Product Errata RHSA-2019:1168 None None None 2019-05-14 19:07:53 UTC
Red Hat Product Errata RHSA-2019:1169 None None None 2019-05-14 18:30:48 UTC
Red Hat Product Errata RHSA-2019:1170 None None None 2019-05-14 19:08:43 UTC
Red Hat Product Errata RHSA-2019:1171 None None None 2019-05-14 20:46:01 UTC
Red Hat Product Errata RHSA-2019:1172 None None None 2019-05-14 20:18:59 UTC
Red Hat Product Errata RHSA-2019:1174 None None None 2019-05-14 18:14:12 UTC
Red Hat Product Errata RHSA-2019:1175 None None None 2019-05-14 18:13:37 UTC
Red Hat Product Errata RHSA-2019:1176 None None None 2019-05-14 19:08:09 UTC
Red Hat Product Errata RHSA-2019:1177 None None None 2019-05-14 19:07:13 UTC
Red Hat Product Errata RHSA-2019:1178 None None None 2019-05-14 19:07:27 UTC
Red Hat Product Errata RHSA-2019:1179 None None None 2019-05-14 19:07:43 UTC
Red Hat Product Errata RHSA-2019:1180 None None None 2019-05-14 18:31:28 UTC
Red Hat Product Errata RHSA-2019:1181 None None None 2019-05-14 18:31:57 UTC
Red Hat Product Errata RHSA-2019:1182 None None None 2019-05-14 19:10:41 UTC
Red Hat Product Errata RHSA-2019:1183 None None None 2019-05-14 19:11:12 UTC
Red Hat Product Errata RHSA-2019:1184 None None None 2019-05-14 19:08:56 UTC
Red Hat Product Errata RHSA-2019:1185 None None None 2019-05-14 19:09:12 UTC
Red Hat Product Errata RHSA-2019:1186 None None None 2019-05-14 20:46:36 UTC
Red Hat Product Errata RHSA-2019:1187 None None None 2019-05-14 20:46:26 UTC
Red Hat Product Errata RHSA-2019:1188 None None None 2019-05-14 20:47:09 UTC
Red Hat Product Errata RHSA-2019:1189 None None None 2019-05-14 20:46:56 UTC
Red Hat Product Errata RHSA-2019:1190 None None None 2019-05-14 20:27:13 UTC
Red Hat Product Errata RHSA-2019:1193 None None None 2019-05-14 19:52:08 UTC
Red Hat Product Errata RHSA-2019:1194 None None None 2019-05-14 20:30:11 UTC
Red Hat Product Errata RHSA-2019:1195 None None None 2019-05-14 19:53:00 UTC
Red Hat Product Errata RHSA-2019:1196 None None None 2019-05-14 19:52:39 UTC
Red Hat Product Errata RHSA-2019:1197 None None None 2019-05-14 20:46:13 UTC
Red Hat Product Errata RHSA-2019:1198 None None None 2019-05-14 19:53:09 UTC
Red Hat Product Errata RHSA-2019:1199 None None None 2019-05-14 20:44:19 UTC
Red Hat Product Errata RHSA-2019:1200 None None None 2019-05-14 20:44:53 UTC
Red Hat Product Errata RHSA-2019:1201 None None None 2019-05-14 20:45:43 UTC
Red Hat Product Errata RHSA-2019:1202 None None None 2019-05-14 20:45:21 UTC
Red Hat Product Errata RHSA-2019:1203 None None None 2019-05-14 21:10:03 UTC
Red Hat Product Errata RHSA-2019:1204 None None None 2019-05-14 21:10:35 UTC
Red Hat Product Errata RHSA-2019:1205 None None None 2019-05-14 21:10:46 UTC
Red Hat Product Errata RHSA-2019:1206 None None None 2019-05-14 21:10:58 UTC
Red Hat Product Errata RHSA-2019:1207 None None None 2019-05-14 21:11:19 UTC
Red Hat Product Errata RHSA-2019:1208 None None None 2019-05-14 21:11:41 UTC
Red Hat Product Errata RHSA-2019:1209 None None None 2019-05-14 21:11:30 UTC
Red Hat Product Errata RHSA-2019:1455 None None None 2019-06-11 13:35:51 UTC
Red Hat Product Errata RHSA-2019:2553 None None None 2019-08-22 09:18:36 UTC

Description Wade Mealing 2019-01-21 04:29:27 UTC
Microprocessors use ‘load ports’ to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines.

In some implementations, the writeback data bus within each load port can retain data values from older load operations until newer load operations overwrite that data 

MLPDS can reveal stale load port data to malicious actors when:

- A faulting/assisting SSE/AVX/AVX-512 loads that are more than 64 bits in size 
- A faulting/assisting load which spans a 64-byte boundary.

In the above cases, the load operation speculatively provides stale data values from the internal data structures to dependent operations. Speculatively forwarding this data does not end up modifying program execution, but this can be used as a widget to speculatively infer the contents of a victim processes data value through timing access to the load port.



Additional information:
https://access.redhat.com/security/vulnerabilities/mds

Upstream fixes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5


Intel Advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

Comment 1 Wade Mealing 2019-01-24 04:31:21 UTC
*** Bug 1646775 has been marked as a duplicate of this bug. ***

Comment 2 Wade Mealing 2019-01-24 04:31:49 UTC
*** Bug 1646778 has been marked as a duplicate of this bug. ***

Comment 15 Wade Mealing 2019-05-02 00:27:07 UTC
Acknowledgement:

Red Hat thanks Intel and industry partners for reporting this issue and collaborating on the mitigations for the same.  
 
Additionally Red Hat thanks the original reporters,

This vulnerability was found internally by Intel employees and Microsoft.  Intel would like to thank Brandon Falk – Microsoft Windows Platform Security Team, Ke Sun, Henrique Kawakami, Kekai Hu, and Rodrigo Branco - Intel. It was independently reported by Matt Miller – Microsoft, and by Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida - VUSec group at VU Amsterdam.

Comment 17 Wade Mealing 2019-05-06 10:38:28 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/security/vulnerabilities/mds

Comment 20 Wade Mealing 2019-05-14 17:12:41 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1709978]


Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1709979]

Comment 22 Petr Matousek 2019-05-14 17:44:46 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1710004]

Comment 23 errata-xmlrpc 2019-05-14 18:13:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175

Comment 24 errata-xmlrpc 2019-05-14 18:13:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167

Comment 25 errata-xmlrpc 2019-05-14 18:14:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174

Comment 26 errata-xmlrpc 2019-05-14 18:30:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169

Comment 27 errata-xmlrpc 2019-05-14 18:31:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180

Comment 28 errata-xmlrpc 2019-05-14 18:31:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181

Comment 29 errata-xmlrpc 2019-05-14 19:07:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177

Comment 30 errata-xmlrpc 2019-05-14 19:07:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178

Comment 31 errata-xmlrpc 2019-05-14 19:07:38 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179

Comment 32 errata-xmlrpc 2019-05-14 19:07:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168

Comment 33 errata-xmlrpc 2019-05-14 19:08:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176

Comment 34 errata-xmlrpc 2019-05-14 19:08:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170

Comment 35 errata-xmlrpc 2019-05-14 19:08:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184

Comment 36 errata-xmlrpc 2019-05-14 19:09:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185

Comment 37 errata-xmlrpc 2019-05-14 19:10:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182

Comment 38 errata-xmlrpc 2019-05-14 19:10:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155

Comment 39 errata-xmlrpc 2019-05-14 19:11:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183

Comment 40 errata-xmlrpc 2019-05-14 19:52:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193

Comment 41 errata-xmlrpc 2019-05-14 19:52:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196

Comment 42 errata-xmlrpc 2019-05-14 19:52:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195

Comment 43 errata-xmlrpc 2019-05-14 19:53:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198

Comment 44 errata-xmlrpc 2019-05-14 20:18:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172

Comment 45 errata-xmlrpc 2019-05-14 20:27:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190

Comment 46 errata-xmlrpc 2019-05-14 20:30:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194

Comment 47 errata-xmlrpc 2019-05-14 20:44:14 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199

Comment 48 errata-xmlrpc 2019-05-14 20:44:49 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200

Comment 49 errata-xmlrpc 2019-05-14 20:45:17 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202

Comment 50 errata-xmlrpc 2019-05-14 20:45:38 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201

Comment 51 errata-xmlrpc 2019-05-14 20:45:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171

Comment 52 errata-xmlrpc 2019-05-14 20:46:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197

Comment 53 errata-xmlrpc 2019-05-14 20:46:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187

Comment 54 errata-xmlrpc 2019-05-14 20:46:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186

Comment 55 errata-xmlrpc 2019-05-14 20:46:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189

Comment 56 errata-xmlrpc 2019-05-14 20:47:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188

Comment 57 errata-xmlrpc 2019-05-14 21:09:54 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203

Comment 58 errata-xmlrpc 2019-05-14 21:10:29 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204

Comment 59 errata-xmlrpc 2019-05-14 21:10:42 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205

Comment 60 errata-xmlrpc 2019-05-14 21:10:53 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206

Comment 61 errata-xmlrpc 2019-05-14 21:11:14 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207

Comment 62 errata-xmlrpc 2019-05-14 21:11:26 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209

Comment 63 errata-xmlrpc 2019-05-14 21:11:36 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208

Comment 68 errata-xmlrpc 2019-06-11 13:35:46 UTC
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.0.0.Z

Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455

Comment 71 errata-xmlrpc 2019-08-22 09:18:32 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553


Note You need to log in before you can comment on or make changes to this bug.