1 |
tmb |
8543 |
type: security |
2 |
|
|
subject: Updated microcode packages fix security vulnerabilities |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2018-12126 |
5 |
|
|
- CVE-2018-12127 |
6 |
|
|
- CVE-2018-12130 |
7 |
|
|
- CVE-2019-11091 |
8 |
|
|
src: |
9 |
|
|
6: |
10 |
|
|
nonfree: |
11 |
|
|
- microcode-0.20190514-1.mga6.nonfree |
12 |
|
|
description: | |
13 |
|
|
This update provides the Intel 20190514 microcode release that adds the |
14 |
|
|
microcode side mitigations for the Microarchitectural Data Sampling (MDS, |
15 |
|
|
also called ZombieLoad attack) vulnerabilities in Intel processors that |
16 |
|
|
can allow attackers to retrieve data being processed inside a CPU. |
17 |
|
|
|
18 |
|
|
The fixed / mitigated issues are: |
19 |
|
|
|
20 |
|
|
Modern Intel microprocessors implement hardware-level micro-optimizations |
21 |
|
|
to improve the performance of writing data back to CPU caches. The write |
22 |
|
|
operation is split into STA (STore Address) and STD (STore Data) |
23 |
|
|
sub-operations. These sub-operations allow the processor to hand-off |
24 |
|
|
address generation logic into these sub-operations for optimized writes. |
25 |
|
|
Both of these sub-operations write to a shared distributed processor |
26 |
|
|
structure called the 'processor store buffer'. As a result, an |
27 |
|
|
unprivileged attacker could use this flaw to read private data resident |
28 |
|
|
within the CPU's processor store buffer. (CVE-2018-12126) |
29 |
|
|
|
30 |
|
|
Microprocessors use a ‘load port’ subcomponent to perform load operations |
31 |
|
|
from memory or IO. During a load operation, the load port receives data |
32 |
|
|
from the memory or IO subsystem and then provides the data to the CPU |
33 |
|
|
registers and operations in the CPU’s pipelines. Stale load operations |
34 |
|
|
results are stored in the 'load port' table until overwritten by newer |
35 |
|
|
operations. Certain load-port operations triggered by an attacker can be |
36 |
|
|
used to reveal data about previous stale requests leaking data back to the |
37 |
|
|
attacker via a timing side-channel. (CVE-2018-12127) |
38 |
|
|
|
39 |
|
|
A flaw was found in the implementation of the "fill buffer", a mechanism |
40 |
|
|
used by modern CPUs when a cache-miss is made on L1 CPU cache. If an |
41 |
|
|
attacker can generate a load operation that would create a page fault, |
42 |
|
|
the execution will continue speculatively with incorrect data from the |
43 |
|
|
fill buffer while the data is fetched from higher level caches. This |
44 |
|
|
response time can be measured to infer data in the fill buffer. |
45 |
|
|
(CVE-2018-12130) |
46 |
|
|
|
47 |
|
|
Uncacheable memory on some microprocessors utilizing speculative execution |
48 |
|
|
may allow an authenticated user to potentially enable information disclosure |
49 |
|
|
via a side channel with local access. (CVE-2019-11091) |
50 |
|
|
references: |
51 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=24800 |
52 |
|
|
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html |
53 |
tmb |
8546 |
ID: MGASA-2019-0173 |