1 |
type: security |
2 |
subject: Updated virtualbox packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2018-12126 |
5 |
- CVE-2018-12127 |
6 |
- CVE-2018-12130 |
7 |
- CVE-2019-11091 |
8 |
src: |
9 |
6: |
10 |
core: |
11 |
- virtualbox-6.0.8-1.mga6 |
12 |
- kmod-vboxadditions-6.0.8-1.mga6 |
13 |
- kmod-virtualbox-6.0.8-1.mga6 |
14 |
description: | |
15 |
This update provies Virtualbox 6.0.8 that fixes the Microarchitectural |
16 |
Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in |
17 |
Intel processors that can allow attackers to retrieve data being |
18 |
processed inside a CPU. |
19 |
|
20 |
The fixed / mitigated issues are: |
21 |
|
22 |
Modern Intel microprocessors implement hardware-level micro-optimizations |
23 |
to improve the performance of writing data back to CPU caches. The write |
24 |
operation is split into STA (STore Address) and STD (STore Data) |
25 |
sub-operations. These sub-operations allow the processor to hand-off |
26 |
address generation logic into these sub-operations for optimized writes. |
27 |
Both of these sub-operations write to a shared distributed processor |
28 |
structure called the 'processor store buffer'. As a result, an |
29 |
unprivileged attacker could use this flaw to read private data resident |
30 |
within the CPU's processor store buffer. (CVE-2018-12126) |
31 |
|
32 |
Microprocessors use a ‘load port’ subcomponent to perform load operations |
33 |
from memory or IO. During a load operation, the load port receives data |
34 |
from the memory or IO subsystem and then provides the data to the CPU |
35 |
registers and operations in the CPU’s pipelines. Stale load operations |
36 |
results are stored in the 'load port' table until overwritten by newer |
37 |
operations. Certain load-port operations triggered by an attacker can be |
38 |
used to reveal data about previous stale requests leaking data back to the |
39 |
attacker via a timing side-channel. (CVE-2018-12127) |
40 |
|
41 |
A flaw was found in the implementation of the "fill buffer", a mechanism |
42 |
used by modern CPUs when a cache-miss is made on L1 CPU cache. If an |
43 |
attacker can generate a load operation that would create a page fault, |
44 |
the execution will continue speculatively with incorrect data from the |
45 |
fill buffer while the data is fetched from higher level caches. This |
46 |
response time can be measured to infer data in the fill buffer. |
47 |
(CVE-2018-12130) |
48 |
|
49 |
Uncacheable memory on some microprocessors utilizing speculative execution |
50 |
may allow an authenticated user to potentially enable information disclosure |
51 |
via a side channel with local access. (CVE-2019-11091) |
52 |
|
53 |
For other fixes in this update, see the referenced changelog. |
54 |
references: |
55 |
- https://bugs.mageia.org/show_bug.cgi?id=24831 |
56 |
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html |
57 |
- https://www.virtualbox.org/wiki/Changelog-6.0#v8 |
58 |
ID: MGASA-2019-0179 |