Bug 1646784 (CVE-2018-12130) - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
Summary: CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-12130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1690348 1690349 1690350 1690351 1690352 1690353 1692387 1692598 1693224 1693225 1693226 1693227 1693228 1693229 1693230 1693231 1698973 1698974 1698986 1698987 1698988 1698989 1698990 1698991 1698992 1698993 1698994 1698995 1698996 1698997 1698998 1698999 1699000 1699001 1699002 1699003 1699004 1699005 1699006 1699007 1699008 1699009 1699010 1699011 1699012 1699013 1699014 1703302 1703303 1703304 1703305 1703306 1703307 1704541 1704542 1704543 1704544 1704556 1704557 1704558 1704559 1704563 1704564 1704625 1704626 1704627 1704628 1704629 1704630 1704631 1704987 1707263 1707266 1709996 1709997 1710003 1710838 1716255 1716260
Blocks: 1646797 1705393 1705394 1705395 1705397 1705398 1705399
TreeView+ depends on / blocked
 
Reported: 2018-11-06 02:14 UTC by Wade Mealing
Modified: 2021-08-12 14:40 UTC (History)
115 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.
Clone Of:
Environment:
Last Closed: 2019-05-22 15:09:01 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1241 0 None None None 2019-05-16 19:29:35 UTC
Red Hat Product Errata RHBA-2019:1242 0 None None None 2019-05-16 19:28:50 UTC
Red Hat Product Errata RHSA-2019:1155 0 None None None 2019-05-14 19:10:57 UTC
Red Hat Product Errata RHSA-2019:1167 0 None None None 2019-05-14 18:13:54 UTC
Red Hat Product Errata RHSA-2019:1168 0 None None None 2019-05-14 19:07:53 UTC
Red Hat Product Errata RHSA-2019:1169 0 None None None 2019-05-14 18:30:40 UTC
Red Hat Product Errata RHSA-2019:1170 0 None None None 2019-05-14 19:08:42 UTC
Red Hat Product Errata RHSA-2019:1171 0 None None None 2019-05-14 20:45:55 UTC
Red Hat Product Errata RHSA-2019:1172 0 None None None 2019-05-14 20:18:57 UTC
Red Hat Product Errata RHSA-2019:1174 0 None None None 2019-05-14 18:14:11 UTC
Red Hat Product Errata RHSA-2019:1175 0 None None None 2019-05-14 18:13:33 UTC
Red Hat Product Errata RHSA-2019:1176 0 None None None 2019-05-14 19:08:04 UTC
Red Hat Product Errata RHSA-2019:1177 0 None None None 2019-05-14 19:07:13 UTC
Red Hat Product Errata RHSA-2019:1178 0 None None None 2019-05-14 19:07:23 UTC
Red Hat Product Errata RHSA-2019:1179 0 None None None 2019-05-14 19:07:38 UTC
Red Hat Product Errata RHSA-2019:1180 0 None None None 2019-05-14 18:31:15 UTC
Red Hat Product Errata RHSA-2019:1181 0 None None None 2019-05-14 18:31:50 UTC
Red Hat Product Errata RHSA-2019:1182 0 None None None 2019-05-14 19:10:30 UTC
Red Hat Product Errata RHSA-2019:1183 0 None None None 2019-05-14 19:11:10 UTC
Red Hat Product Errata RHSA-2019:1184 0 None None None 2019-05-14 19:08:52 UTC
Red Hat Product Errata RHSA-2019:1185 0 None None None 2019-05-14 19:09:06 UTC
Red Hat Product Errata RHSA-2019:1186 0 None None None 2019-05-14 20:46:35 UTC
Red Hat Product Errata RHSA-2019:1187 0 None None None 2019-05-14 20:46:24 UTC
Red Hat Product Errata RHSA-2019:1188 0 None None None 2019-05-14 20:47:06 UTC
Red Hat Product Errata RHSA-2019:1189 0 None None None 2019-05-14 20:46:53 UTC
Red Hat Product Errata RHSA-2019:1190 0 None None None 2019-05-14 20:27:06 UTC
Red Hat Product Errata RHSA-2019:1193 0 None None None 2019-05-14 19:52:04 UTC
Red Hat Product Errata RHSA-2019:1194 0 None None None 2019-05-14 20:30:02 UTC
Red Hat Product Errata RHSA-2019:1195 0 None None None 2019-05-14 19:52:49 UTC
Red Hat Product Errata RHSA-2019:1196 0 None None None 2019-05-14 19:52:30 UTC
Red Hat Product Errata RHSA-2019:1197 0 None None None 2019-05-14 20:46:12 UTC
Red Hat Product Errata RHSA-2019:1198 0 None None None 2019-05-14 19:53:10 UTC
Red Hat Product Errata RHSA-2019:1199 0 None None None 2019-05-14 20:44:18 UTC
Red Hat Product Errata RHSA-2019:1200 0 None None None 2019-05-14 20:44:46 UTC
Red Hat Product Errata RHSA-2019:1201 0 None None None 2019-05-14 20:45:41 UTC
Red Hat Product Errata RHSA-2019:1202 0 None None None 2019-05-14 20:45:20 UTC
Red Hat Product Errata RHSA-2019:1203 0 None None None 2019-05-14 21:10:03 UTC
Red Hat Product Errata RHSA-2019:1204 0 None None None 2019-05-14 21:10:22 UTC
Red Hat Product Errata RHSA-2019:1205 0 None None None 2019-05-14 21:10:46 UTC
Red Hat Product Errata RHSA-2019:1206 0 None None None 2019-05-14 21:10:57 UTC
Red Hat Product Errata RHSA-2019:1207 0 None None None 2019-05-14 21:11:09 UTC
Red Hat Product Errata RHSA-2019:1208 0 None None None 2019-05-14 21:11:41 UTC
Red Hat Product Errata RHSA-2019:1209 0 None None None 2019-05-14 21:11:29 UTC
Red Hat Product Errata RHSA-2019:1455 0 None None None 2019-06-11 13:35:48 UTC
Red Hat Product Errata RHSA-2019:2553 0 None None None 2019-08-22 09:18:34 UTC

Description Wade Mealing 2018-11-06 02:14:36 UTC 
A flaw was found by researchers in the implementation of fill buffers used by Intel microprocessors. 

A fill buffer holds data that has missed in the processor L1 data cache, as a result of an attempt to use a value that is not present. When a level 1 data cache miss occurs within an Intel core, the fill buffer design allows the processor to continue with other operations while the value to be accessed is loaded from higher levels of cache. The design also allows the result to be forwarded to the Execution Unit requiring the load directly without being written into the Level 1 data cache.

A load operation is not decoupled in the same way that a store is, but it does involve an AGU (Address Generation Unit) operation. If the AGU generates a fault (#PF, etc.) or an assist (A/D bits) then the classical Intel design would block the load and later reissue it. In contemporary designs, it instead allows subsequent speculation operations to temporarily see a forwarded data value from the fill buffer slot prior to the load actually taking place. Thus it is possible to read data that was recently accessed by another thread if the fill buffer entry is not overwritten.




Additional information:
https://access.redhat.com/security/vulnerabilities/mds

Upstream fixes:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5


Intel Advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Comment 20 Petr Matousek 2019-05-14 17:28:43 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1709996]


Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1709997]
Comment 21 Petr Matousek 2019-05-14 17:42:43 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1710003]
Comment 22 errata-xmlrpc 2019-05-14 18:13:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175
Comment 23 errata-xmlrpc 2019-05-14 18:13:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1167 https://access.redhat.com/errata/RHSA-2019:1167
Comment 24 errata-xmlrpc 2019-05-14 18:14:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1174 https://access.redhat.com/errata/RHSA-2019:1174
Comment 25 errata-xmlrpc 2019-05-14 18:30:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1169 https://access.redhat.com/errata/RHSA-2019:1169
Comment 26 errata-xmlrpc 2019-05-14 18:31:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1180 https://access.redhat.com/errata/RHSA-2019:1180
Comment 27 errata-xmlrpc 2019-05-14 18:31:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1181 https://access.redhat.com/errata/RHSA-2019:1181
Comment 28 errata-xmlrpc 2019-05-14 19:07:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1177 https://access.redhat.com/errata/RHSA-2019:1177
Comment 29 errata-xmlrpc 2019-05-14 19:07:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1178 https://access.redhat.com/errata/RHSA-2019:1178
Comment 30 errata-xmlrpc 2019-05-14 19:07:33 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1179 https://access.redhat.com/errata/RHSA-2019:1179
Comment 31 errata-xmlrpc 2019-05-14 19:07:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168
Comment 32 errata-xmlrpc 2019-05-14 19:07:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1176 https://access.redhat.com/errata/RHSA-2019:1176
Comment 33 errata-xmlrpc 2019-05-14 19:08:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170
Comment 34 errata-xmlrpc 2019-05-14 19:08:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1184 https://access.redhat.com/errata/RHSA-2019:1184
Comment 35 errata-xmlrpc 2019-05-14 19:09:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:1185 https://access.redhat.com/errata/RHSA-2019:1185
Comment 36 errata-xmlrpc 2019-05-14 19:10:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1182 https://access.redhat.com/errata/RHSA-2019:1182
Comment 37 errata-xmlrpc 2019-05-14 19:10:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1155 https://access.redhat.com/errata/RHSA-2019:1155
Comment 38 errata-xmlrpc 2019-05-14 19:11:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:1183 https://access.redhat.com/errata/RHSA-2019:1183
Comment 39 errata-xmlrpc 2019-05-14 19:52:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1193 https://access.redhat.com/errata/RHSA-2019:1193
Comment 40 errata-xmlrpc 2019-05-14 19:52:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1196 https://access.redhat.com/errata/RHSA-2019:1196
Comment 41 errata-xmlrpc 2019-05-14 19:52:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1195 https://access.redhat.com/errata/RHSA-2019:1195
Comment 42 errata-xmlrpc 2019-05-14 19:53:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1198 https://access.redhat.com/errata/RHSA-2019:1198
Comment 43 errata-xmlrpc 2019-05-14 20:18:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1172 https://access.redhat.com/errata/RHSA-2019:1172
Comment 44 errata-xmlrpc 2019-05-14 20:27:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190
Comment 45 errata-xmlrpc 2019-05-14 20:29:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:1194 https://access.redhat.com/errata/RHSA-2019:1194
Comment 46 errata-xmlrpc 2019-05-14 20:44:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:1199 https://access.redhat.com/errata/RHSA-2019:1199
Comment 47 errata-xmlrpc 2019-05-14 20:44:41 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:1200 https://access.redhat.com/errata/RHSA-2019:1200
Comment 48 errata-xmlrpc 2019-05-14 20:45:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:1202 https://access.redhat.com/errata/RHSA-2019:1202
Comment 49 errata-xmlrpc 2019-05-14 20:45:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:1201 https://access.redhat.com/errata/RHSA-2019:1201
Comment 50 errata-xmlrpc 2019-05-14 20:45:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1171 https://access.redhat.com/errata/RHSA-2019:1171
Comment 51 errata-xmlrpc 2019-05-14 20:46:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:1197 https://access.redhat.com/errata/RHSA-2019:1197
Comment 52 errata-xmlrpc 2019-05-14 20:46:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:1187 https://access.redhat.com/errata/RHSA-2019:1187
Comment 53 errata-xmlrpc 2019-05-14 20:46:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:1186 https://access.redhat.com/errata/RHSA-2019:1186
Comment 54 errata-xmlrpc 2019-05-14 20:46:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2019:1189 https://access.redhat.com/errata/RHSA-2019:1189
Comment 55 errata-xmlrpc 2019-05-14 20:47:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2019:1188 https://access.redhat.com/errata/RHSA-2019:1188
Comment 56 errata-xmlrpc 2019-05-14 21:09:54 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1203 https://access.redhat.com/errata/RHSA-2019:1203
Comment 57 errata-xmlrpc 2019-05-14 21:10:13 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1204 https://access.redhat.com/errata/RHSA-2019:1204
Comment 58 errata-xmlrpc 2019-05-14 21:10:42 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.3

Via RHSA-2019:1205 https://access.redhat.com/errata/RHSA-2019:1205
Comment 59 errata-xmlrpc 2019-05-14 21:10:53 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2019:1206 https://access.redhat.com/errata/RHSA-2019:1206
Comment 60 errata-xmlrpc 2019-05-14 21:11:04 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1207 https://access.redhat.com/errata/RHSA-2019:1207
Comment 61 errata-xmlrpc 2019-05-14 21:11:25 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1209 https://access.redhat.com/errata/RHSA-2019:1209
Comment 62 errata-xmlrpc 2019-05-14 21:11:36 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:1208 https://access.redhat.com/errata/RHSA-2019:1208
Comment 67 errata-xmlrpc 2019-06-11 13:35:43 UTC 
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.0.0.Z

Via RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:1455
Comment 70 errata-xmlrpc 2019-08-22 09:18:30 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553
Comment 71 msiddiqu 2019-10-09 07:42:34 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.
Comment 73 Sam Fowler 2020-05-18 06:32:53 UTC 
OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects.
Note You need to log in before you can comment on or make changes to this bug.