1 |
type: security |
2 |
subject: Updated kernel packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-12126 |
5 |
- CVE-2018-12127 |
6 |
- CVE-2018-12130 |
7 |
- CVE-2019-11091 |
8 |
src: |
9 |
6: |
10 |
core: |
11 |
- kernel-4.14.119-1.mga6 |
12 |
- kernel-userspace-headers-4.14.119-1.mga6 |
13 |
- kmod-vboxadditions-6.0.6-3.mga6 |
14 |
- kmod-virtualbox-6.0.6-3.mga6 |
15 |
- kmod-xtables-addons-2.13-85.mga6 |
16 |
description: | |
17 |
This kernel update provides the upstream 4.14.119 that adds the kernel side |
18 |
mitigations for the Microarchitectural Data Sampling (MDS, also called |
19 |
ZombieLoad attack) vulnerabilities in Intel processors that can allow |
20 |
attackers to retrieve data being processed inside a CPU. To complete the |
21 |
mitigations new microcode is also needed, either by installing the |
22 |
microcode-0.20190514-1.mga6 package, or get an updated bios / uefi |
23 |
firmware from the motherboard vendor. |
24 |
|
25 |
The fixed / mitigated issues are: |
26 |
|
27 |
Modern Intel microprocessors implement hardware-level micro-optimizations |
28 |
to improve the performance of writing data back to CPU caches. The write |
29 |
operation is split into STA (STore Address) and STD (STore Data) |
30 |
sub-operations. These sub-operations allow the processor to hand-off |
31 |
address generation logic into these sub-operations for optimized writes. |
32 |
Both of these sub-operations write to a shared distributed processor |
33 |
structure called the 'processor store buffer'. As a result, an |
34 |
unprivileged attacker could use this flaw to read private data resident |
35 |
within the CPU's processor store buffer. (CVE-2018-12126) |
36 |
|
37 |
Microprocessors use a ‘load port’ subcomponent to perform load operations |
38 |
from memory or IO. During a load operation, the load port receives data |
39 |
from the memory or IO subsystem and then provides the data to the CPU |
40 |
registers and operations in the CPU’s pipelines. Stale load operations |
41 |
results are stored in the 'load port' table until overwritten by newer |
42 |
operations. Certain load-port operations triggered by an attacker can be |
43 |
used to reveal data about previous stale requests leaking data back to the |
44 |
attacker via a timing side-channel. (CVE-2018-12127) |
45 |
|
46 |
A flaw was found in the implementation of the "fill buffer", a mechanism |
47 |
used by modern CPUs when a cache-miss is made on L1 CPU cache. If an |
48 |
attacker can generate a load operation that would create a page fault, |
49 |
the execution will continue speculatively with incorrect data from the |
50 |
fill buffer while the data is fetched from higher level caches. This |
51 |
response time can be measured to infer data in the fill buffer. |
52 |
(CVE-2018-12130) |
53 |
|
54 |
Uncacheable memory on some microprocessors utilizing speculative execution |
55 |
may allow an authenticated user to potentially enable information disclosure |
56 |
via a side channel with local access. (CVE-2019-11091) |
57 |
references: |
58 |
- https://bugs.mageia.org/show_bug.cgi?id=24820 |
59 |
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html |
60 |
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.117 |
61 |
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118 |
62 |
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119 |