Bug 1646768 (CVE-2018-12207) - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)
Summary: CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-12207
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering1690334 Engineering1690343 Engineering1690344 Engineering1690345 Engineering1690346 Embargoed1690347 Engineering1692385 Engineering1692596 Engineering1698408 Engineering1698409 Embargoed1698410 Engineering1698411 Engineering1698412 Engineering1698413 Engineering1698414 Engineering1698415 Engineering1698416 Engineering1698417 Red Hat1707269 Engineering1733009 Engineering1733010 Red Hat1762993 Engineering1766964 Embargoed1766965 Engineering1766977 Engineering1766978 Engineering1766987 Engineering1768306 Embargoed1768307 Engineering1768308 Engineering1768309 1771645 Engineering1779250
Blocks: Embargoed1709291 Red Hat1750329 Red Hat1750330 Red Hat1750331 Red Hat1750332 Red Hat1750333 Red Hat1750334 Embargoed1752312
TreeView+ depends on / blocked
 
Reported: 2018-11-06 01:21 UTC by Wade Mealing
Modified: 2023-03-24 14:20 UTC (History)
88 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.
Clone Of:
Environment:
Last Closed: 2019-11-13 00:51:11 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3866 0 None None None 2019-11-13 15:53:27 UTC
Red Hat Product Errata RHBA-2019:3886 0 None None None 2019-11-14 15:29:55 UTC
Red Hat Product Errata RHBA-2019:4120 0 None None None 2019-12-09 21:41:30 UTC
Red Hat Product Errata RHSA-2019:3832 0 None None None 2019-11-12 19:53:57 UTC
Red Hat Product Errata RHSA-2019:3833 0 None None None 2019-11-12 19:08:52 UTC
Red Hat Product Errata RHSA-2019:3834 0 None None None 2019-11-12 20:46:58 UTC
Red Hat Product Errata RHSA-2019:3835 0 None None None 2019-11-12 19:25:30 UTC
Red Hat Product Errata RHSA-2019:3836 0 None None None 2019-11-12 20:57:10 UTC
Red Hat Product Errata RHSA-2019:3837 0 None None None 2019-11-12 20:44:47 UTC
Red Hat Product Errata RHSA-2019:3838 0 None None None 2019-11-12 20:45:47 UTC
Red Hat Product Errata RHSA-2019:3839 0 None None None 2019-11-12 21:33:36 UTC
Red Hat Product Errata RHSA-2019:3840 0 None None None 2019-11-12 21:19:06 UTC
Red Hat Product Errata RHSA-2019:3841 0 None None None 2019-11-12 20:58:51 UTC
Red Hat Product Errata RHSA-2019:3842 0 None None None 2019-11-12 21:09:18 UTC
Red Hat Product Errata RHSA-2019:3843 0 None None None 2019-11-12 21:10:17 UTC
Red Hat Product Errata RHSA-2019:3844 0 None None None 2019-11-12 21:07:40 UTC
Red Hat Product Errata RHSA-2019:3860 0 None None None 2019-11-12 20:10:43 UTC
Red Hat Product Errata RHSA-2019:3916 0 None None None 2019-11-19 15:56:40 UTC
Red Hat Product Errata RHSA-2019:3936 0 None None None 2019-11-20 20:50:45 UTC
Red Hat Product Errata RHSA-2019:3941 0 None None None 2019-11-21 09:55:37 UTC
Red Hat Product Errata RHSA-2020:0026 0 None None None 2020-01-06 14:12:38 UTC
Red Hat Product Errata RHSA-2020:0028 0 None None None 2020-01-06 14:41:00 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:24:49 UTC

Description Wade Mealing 2018-11-06 01:21:12 UTC 
A flaw was found in computer hardware of the Intel microprocessors related to the instruction-side TLB (Translation Lookaside Buffer) that caches translations from guest (and host) virtual addresses into physical addresses.  

This is a software fix that attempts to prevent exploitation of the hardware through preventing a hacker from creating an exploitable condition



Additional information:

https://access.redhat.com/security/vulnerabilities/ifu-page-mce
Comment 11 Wade Mealing 2019-05-06 10:36:42 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ifu-page-mce
Comment 31 Prasad Pandit 2019-11-12 18:07:45 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1771645]
Comment 32 Petr Matousek 2019-11-12 18:12:00 UTC 
External References:

https://access.redhat.com/security/vulnerabilities/ifu-page-mce
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html
Comment 33 errata-xmlrpc 2019-11-12 19:08:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3833 https://access.redhat.com/errata/RHSA-2019:3833
Comment 34 errata-xmlrpc 2019-11-12 19:25:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3835 https://access.redhat.com/errata/RHSA-2019:3835
Comment 35 errata-xmlrpc 2019-11-12 19:53:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3832 https://access.redhat.com/errata/RHSA-2019:3832
Comment 36 errata-xmlrpc 2019-11-12 20:10:39 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:3860 https://access.redhat.com/errata/RHSA-2019:3860
Comment 37 errata-xmlrpc 2019-11-12 20:44:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:3837 https://access.redhat.com/errata/RHSA-2019:3837
Comment 38 errata-xmlrpc 2019-11-12 20:45:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3838 https://access.redhat.com/errata/RHSA-2019:3838
Comment 39 errata-xmlrpc 2019-11-12 20:46:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3834 https://access.redhat.com/errata/RHSA-2019:3834
Comment 40 errata-xmlrpc 2019-11-12 20:57:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836
Comment 41 errata-xmlrpc 2019-11-12 20:58:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3841
Comment 42 errata-xmlrpc 2019-11-12 21:07:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:3844 https://access.redhat.com/errata/RHSA-2019:3844
Comment 43 errata-xmlrpc 2019-11-12 21:09:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:3842 https://access.redhat.com/errata/RHSA-2019:3842
Comment 44 errata-xmlrpc 2019-11-12 21:10:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:3843 https://access.redhat.com/errata/RHSA-2019:3843
Comment 45 errata-xmlrpc 2019-11-12 21:19:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:3840 https://access.redhat.com/errata/RHSA-2019:3840
Comment 46 errata-xmlrpc 2019-11-12 21:33:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:3839 https://access.redhat.com/errata/RHSA-2019:3839
Comment 47 Product Security DevOps Team 2019-11-13 00:51:11 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-12207
Comment 48 Wade Mealing 2019-11-13 01:55:07 UTC 
Mitigation:

For mitigation related information, please refer to the Red Hat vulnerability article: https://access.redhat.com/security/vulnerabilities/ifu-page-mce .
Comment 50 errata-xmlrpc 2019-11-19 15:56:35 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.2

Via RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3916
Comment 54 errata-xmlrpc 2019-11-20 20:50:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3936
Comment 55 errata-xmlrpc 2019-11-21 09:55:30 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.1

Via RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2019:3941
Comment 71 errata-xmlrpc 2020-01-06 14:12:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0026
Comment 72 errata-xmlrpc 2020-01-06 14:40:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0028
Comment 73 errata-xmlrpc 2020-01-22 21:26:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
Note You need to log in before you can comment on or make changes to this bug.