| 1 |
tmb |
8543 |
type: security |
| 2 |
|
|
subject: Updated microcode packages fix security vulnerabilities |
| 3 |
|
|
CVE: |
| 4 |
|
|
- CVE-2018-12126 |
| 5 |
|
|
- CVE-2018-12127 |
| 6 |
|
|
- CVE-2018-12130 |
| 7 |
|
|
- CVE-2019-11091 |
| 8 |
|
|
src: |
| 9 |
|
|
6: |
| 10 |
|
|
nonfree: |
| 11 |
|
|
- microcode-0.20190514-1.mga6.nonfree |
| 12 |
|
|
description: | |
| 13 |
|
|
This update provides the Intel 20190514 microcode release that adds the |
| 14 |
|
|
microcode side mitigations for the Microarchitectural Data Sampling (MDS, |
| 15 |
|
|
also called ZombieLoad attack) vulnerabilities in Intel processors that |
| 16 |
|
|
can allow attackers to retrieve data being processed inside a CPU. |
| 17 |
|
|
|
| 18 |
|
|
The fixed / mitigated issues are: |
| 19 |
|
|
|
| 20 |
|
|
Modern Intel microprocessors implement hardware-level micro-optimizations |
| 21 |
|
|
to improve the performance of writing data back to CPU caches. The write |
| 22 |
|
|
operation is split into STA (STore Address) and STD (STore Data) |
| 23 |
|
|
sub-operations. These sub-operations allow the processor to hand-off |
| 24 |
|
|
address generation logic into these sub-operations for optimized writes. |
| 25 |
|
|
Both of these sub-operations write to a shared distributed processor |
| 26 |
|
|
structure called the 'processor store buffer'. As a result, an |
| 27 |
|
|
unprivileged attacker could use this flaw to read private data resident |
| 28 |
|
|
within the CPU's processor store buffer. (CVE-2018-12126) |
| 29 |
|
|
|
| 30 |
|
|
Microprocessors use a ‘load port’ subcomponent to perform load operations |
| 31 |
|
|
from memory or IO. During a load operation, the load port receives data |
| 32 |
|
|
from the memory or IO subsystem and then provides the data to the CPU |
| 33 |
|
|
registers and operations in the CPU’s pipelines. Stale load operations |
| 34 |
|
|
results are stored in the 'load port' table until overwritten by newer |
| 35 |
|
|
operations. Certain load-port operations triggered by an attacker can be |
| 36 |
|
|
used to reveal data about previous stale requests leaking data back to the |
| 37 |
|
|
attacker via a timing side-channel. (CVE-2018-12127) |
| 38 |
|
|
|
| 39 |
|
|
A flaw was found in the implementation of the "fill buffer", a mechanism |
| 40 |
|
|
used by modern CPUs when a cache-miss is made on L1 CPU cache. If an |
| 41 |
|
|
attacker can generate a load operation that would create a page fault, |
| 42 |
|
|
the execution will continue speculatively with incorrect data from the |
| 43 |
|
|
fill buffer while the data is fetched from higher level caches. This |
| 44 |
|
|
response time can be measured to infer data in the fill buffer. |
| 45 |
|
|
(CVE-2018-12130) |
| 46 |
|
|
|
| 47 |
|
|
Uncacheable memory on some microprocessors utilizing speculative execution |
| 48 |
|
|
may allow an authenticated user to potentially enable information disclosure |
| 49 |
|
|
via a side channel with local access. (CVE-2019-11091) |
| 50 |
|
|
references: |
| 51 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=24800 |
| 52 |
|
|
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html |
| 53 |
tmb |
8546 |
ID: MGASA-2019-0173 |
Parent Directory
| 
Revision Log