4.7
CVSSv2

CVE-2018-12130

Published: 30/05/2019 Updated: 11/06/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 421
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

A vulnerability in the Microarchitectural Fill Buffer Data Sampling (MFBDS) of Intel microcode could allow a local malicious user to access sensitive information on a targeted system. The vulnerability is due to improper memory operations that could expose a side channel on the affected system. An attacker with local access to a targeted system could exploit this vulnerability to access sensitive information on the targeted system. A successful exploit could be used to conduct further attacks. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. Intel has confirmed the vulnerability and released software updates. A third-party patch is also available.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

intel microarchitectural_fill_buffer_data_sampling_firmware -

fedoraproject fedora 29

Vendor Advisories

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP S ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: rhvm-setup-plugins security update Type/Severity Security Advisory: Important Topic An update for rhvm-setup-plugins is now available for Red Hat Virtualization 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 EUSRed Hat Product Security has ra ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP S ...
Synopsis Important: rhvm-setup-plugins security update Type/Severity Security Advisory: Important Topic An update for rhvm-setup-plugins is now available for Red Hat Virtualization 43Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: Advanced Virtualization security update Type/Severity Security Advisory: Important Topic The updated Advanced Virtualization module is now available for Red HatEnterprise Linux 80 Advanced VirtualizationRed Hat Product Security has rated this update as having a security impact of Impor ...
Several security issues were fixed in the Linux kernel ...
Impact: Important Public Date: 2019-05-14 CWE: CWE-203->CWE-385 Bugzilla: 1646784: CVE-2018-12130 ha ...
Debian Bug report logs - #929994 xen: XSA-288: x86: Inconsistent PV IOMMU discipline Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:10 UTC Severity: important Tags: security, upstre ...
The system could be made to expose sensitive information ...
Several security issues were fixed in the Linux kernel ...
Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers) This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other proces ...
Synopsis Important: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 43Red Hat Product Security has rated this ...
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Debian Bug report logs - #930001 xen: XSA-287: x86: steal_page violates page_struct access discipline Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:45:07 UTC Severity: important Tags: ...
Debian Bug report logs - #929993 xen: XSA-292: x86: insufficient TLB flushing when using PCID Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:07 UTC Severity: important Tags: securit ...
Debian Bug report logs - #929999 xen: XSA-293: x86: PV kernel context switch corruption Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:45:02 UTC Severity: important Tags: security, ups ...
Debian Bug report logs - #929992 xen: XSA-294: x86 shadow: Insufficient TLB flushing when using PCID Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:04 UTC Severity: important Tags: ...
Debian Bug report logs - #929129 Xen Hypervisor security update for Intel MDS - XSA 297 Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Wiebe Cazemier <wiebe@ytecnl> Date: Fri, 17 May 2019 15:24:01 UTC Severity: grave Tags: security, upstream Found i ...
The system could be made to expose sensitive information ...
Several security issues were addressed in libvirt ...
Several issues were addressed in libvirt ...
This update ships updated CPU microcode for most types of Intel CPUs It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444 For the stable distribution (stretch), these problems have been fixed i ...
Debian Bug report logs - #929995 xen: XSA-291: x86/PV: page type reference counting issue with failed IOMMU update Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:02 UTC Severity: im ...
Debian Bug report logs - #929991 xen: XSA-284: grant table transfer issues on large hosts Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:01 UTC Severity: important Tags: security, u ...
Debian Bug report logs - #929998 xen: XSA-285: race with pass-through device hotplug Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:19 UTC Severity: important Tags: security, upstre ...
Several security issues were fixed in the Linux kernel ...
The system could be made to expose sensitive information ...
Debian Bug report logs - #929996 xen: XSA-290: missing preemption in x86 PV page table unvalidation Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:04 UTC Severity: important Tags: s ...
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126 )- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130 )- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127 ) MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load (store-to-load forwarding) as an opti ...
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches The write operation is split into STA (STore Address) and STD (STore Data) sub-operations These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writ ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Debian Bug report logs - #927439 qemu: CVE-2019-5008 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Apr 2019 20:42:02 UTC Severity: important Tags: patch, security, upstream Found in version ...
Several security issues were fixed in the Linux kernel ...
Several issues were addressed in QEMU ...
Security vulnerabilities made public by Intel on May 14, 2019 have the potential to allow an attacker running code on the same physical CPU to read other data being processed by that CPU There are no known exploits at this time IBM takes security threats seriously and is deploying measures to protect our clients from exploitation of these vulnera ...
IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities ...
Potential security vulnerabilities in CPUs may allow information disclosure Intel released Microcode Updates (MCU) updates to mitigate this potential vulnerability IBM Integrated Analytics System has addressed the applicable CVE ...
Advisory ID VMSA-2019-0008 Advisory Severity Moderate CVSSv3 Range 38 - 65 Synopsis VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Mac ...
Several security issues were fixed in the Linux kernel ...
Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API Additionally the libvirt's cpu map was updated to make address ...
A potential security vulnerability in Intel CPUs may allow information disclosure ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso May 14, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4447-2 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff Jun 20, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4447-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff May 15, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:26mcu Security Advisory The FreeBSD Project Topic: Intel CPU Microcode Update Category: 3rd pa ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 / XSA-297 Microarchitectural Data Sampling speculative side channel ISSUE DESCRIPTION ================= Microarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities They co ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 security () debian org wwwdebianorg/security/ Ben Hutchings November 12, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 22, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4602-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff January 13, 2020 wwwdebianorg/security/faq ...

Github Repositories

2019 Toorcon Writing PoCs for processor software side-channels Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE

Simple script to implement protections against speculative execution side-channel vulnerabilities in Windows systems.

Windows-Spectre-Meltdown-Mitigation-Script supportmicrosoftcom/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in Simple script to implement protections against speculative execution side-channel vulnerabilities in Windows systems Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “specu

Simple script to implement protections against speculative execution side-channel vulnerabilities in Windows systems.

Windows-Specture-Meltdown-Mitigation-Script supportmicrosoftcom/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in Simple script to implement protections against speculative execution side-channel vulnerabilities in Windows systems Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “spec

PowerShell DSC for enabling the Speculation Control (Meltdown/Spectre) on Windows

cSpeculationControlFixes Description PowerShell DSC for enabling Speculation Control fixes on Windows Authored by Kieran Jacobsen The Microsoft KB Windows Server guidance to protect against speculative execution side-channel vulnerabilities provides a number of options on what speculative controls you can implement, use the table below to map the titles of each mitgation in t

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown and Spectre Detection on Linux On Linux, the mod

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Microarchitectural exploitation and other hardware attacks.

Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV

Recent Articles

Intel ZombieLoad Side-Channel Attack: 10 Takeaways
Threatpost • Lindsey O'Donnell • 15 May 2019

Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.
The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.
“As a result of the flaw in the architecture of these processors, an attacker ...

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub
The Register • Thomas Claburn in San Francisco • 14 May 2019

Plug pulled on SMT tech as software makers put security ahead of performance

Analysis In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.
Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.
The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary...

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
Threatpost • Tara Seals • 14 May 2019

Apple has rolled out 173 patches across in various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.
The update also includes a patch for the side-channel vulnerabilities in Intel chips disclosed on Tuesday, which open the door to the attack vectors collectively dubbed “ZombieLoad.”
All Mac laptops stretching back to 2011 are affected by the Intel flaws.
Of particular note in the massive...

Intel CPUs Impacted By New Class of Spectre-Like Attacks
Threatpost • Lindsey O'Donnell • 14 May 2019

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU.
Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems.
“First identified by Intel’s internal r...

New RIDL and Fallout Attacks Impact All Modern Intel CPUs
BleepingComputer • Ionut Ilascu • 14 May 2019

Multiple security researchers have released details about a new class of speculative execution attacks against most modern Intel processors. Called data-sampling attacks, they are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.
 is a method for optimizing the performance of a CPU by running tasks in advance, without knowing whether they will be needed or not.
Securi...

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub
The Register • Thomas Claburn in San Francisco • 14 May 2019

Plug pulled on SMT tech as software makers put security ahead of performance

Analysis In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.
Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.
The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary...

References

CWE-200https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.htmlhttps://access.redhat.com/errata/RHSA-2019:1455https://usn.ubuntu.com/3977-3/https://lists.debian.org/debian-lts-announce/2019/06/msg00018.htmlhttps://seclists.org/bugtraq/2019/Jun/28https://seclists.org/bugtraq/2019/Jun/36http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txthttps://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-enhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.htmlhttps://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.aschttps://access.redhat.com/errata/RHSA-2019:2553https://kc.mcafee.com/corporate/index?page=content&id=SB10292https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfhttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.aschttps://seclists.org/bugtraq/2019/Nov/16https://seclists.org/bugtraq/2019/Nov/15http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlhttps://www.synology.com/security/advisory/Synology_SA_19_24https://www.debian.org/security/2020/dsa-4602https://seclists.org/bugtraq/2020/Jan/21https://security.gentoo.org/glsa/202003-56https://github.com/hwroot/Presentationshttps://nvd.nist.govhttps://threatpost.com/intel-zombieload-side-channel-attack-10-takeaways/144771/https://tools.cisco.com/security/center/viewAlert.x?alertId=60202https://usn.ubuntu.com/3983-1/