4.9
CVSSv2

CVE-2018-12207

Published: 14/11/2019 Updated: 19/11/2019
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It exists that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Machine Check Error (MCE) and denial of service (hang or crash). The guest triggers this error by changing page tables without a TLB flush, so that both 4 KB and 2 MB entries for the same virtual address are loaded into the instruction TLB (iTLB). This update implements a mitigation in KVM that prevents guest VMs from loading 2 MB entries into the iTLB. This will reduce performance of guest VMs. Further information on the mitigation can be found at www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html or in the linux-doc-4.9 or linux-doc-4.19 package. A qemu update adding support for the PSCHANGE_MC_NO feature, which allows to disable iTLB Multihit mitigations in nested hypervisors will be provided via DSA 4566-1. Intel's explanation of the issue can be found at software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0. CVE-2019-0154 Intel discovered that on their 8th and 9th generation GPUs, reading certain registers while the GPU is in a low-power state can cause a system hang. A local user permitted to use the GPU can use this for denial of service. This update mitigates the issue through changes to the i915 driver. The affected chips (gen8 and gen9) are listed at en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8. CVE-2019-0155 Intel discovered that their 9th generation and newer GPUs are missing a security check in the Blitter Command Streamer (BCS). A local user permitted to use the GPU could use this to access any memory that the GPU has access to, which could result in a denial of service (memory corruption or crash), a leak of sensitive information, or privilege escalation. This update mitigates the issue by adding the security check to the i915 driver. The affected chips (gen9 onward) are listed at en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9. CVE-2019-11135 It exists that on Intel CPUs supporting transactional memory (TSX), a transaction that is going to be aborted may continue to execute speculatively, reading sensitive data from internal buffers and leaking it through dependent operations. Intel calls this TSX Asynchronous Abort (TAA). For CPUs affected by the previously published Microarchitectural Data Sampling (MDS) issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091), the existing mitigation also mitigates this issue. For processors that are vulnerable to TAA but not MDS, this update disables TSX by default. This mitigation requires updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) will be provided via DSA 4565-1. The updated CPU microcode may also be available as part of a system firmware ("BIOS") update. Further information on the mitigation can be found at www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html or in the linux-doc-4.9 or linux-doc-4.19 package. Intel's explanation of the issue can be found at software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: security-tracker.debian.org/tracker/linux

Vulnerability Trend

Affected Products

Vendor Product Versions
IntelCeleron G1610 Firmware-
IntelCeleron G1610t Firmware-
IntelCeleron G1620 Firmware-
IntelCeleron G1620t Firmware-
IntelCeleron G1630 Firmware-
IntelCeleron G1820 Firmware-
IntelCeleron G1820t Firmware-
IntelCeleron G1820te Firmware-
IntelCeleron G1830 Firmware-
IntelCeleron G1840 Firmware-
IntelCeleron G1840t Firmware-
IntelCeleron G1850 Firmware-
IntelCeleron G3900 Firmware-
IntelCeleron G3900e Firmware-
IntelCeleron G3900t Firmware-
IntelCeleron G3900te Firmware-
IntelCeleron G3902e Firmware-
IntelCeleron G3920 Firmware-
IntelCeleron G3930 Firmware-
IntelCeleron G3930e Firmware-
IntelCeleron G3930t Firmware-
IntelCeleron G3930te Firmware-
IntelCeleron G3950 Firmware-
IntelCeleron G4900 Firmware-
IntelCeleron G4900t Firmware-
IntelCeleron G4920 Firmware-
IntelCeleron G4930 Firmware-
IntelCeleron G4930e Firmware-
IntelCeleron G4930t Firmware-
IntelCeleron G4932e Firmware-
IntelCeleron G4950 Firmware-
IntelCore I3-1005g1 Firmware-
IntelCore I3-10110u Firmware-
IntelCore I3-10110y Firmware-
IntelCore I3-5005u Firmware-
IntelCore I3-5010u Firmware-
IntelCore I3-5015u Firmware-
IntelCore I3-5020u Firmware-
IntelCore I3-5157u Firmware-
IntelCore I3-6100 Firmware-
IntelCore I3-6100h Firmware-
IntelCore I3-6100u Firmware-
IntelCore I3-6167u Firmware-
IntelCore I3-7100 Firmware-
IntelCore I3-7100h Firmware-
IntelCore I3-7100t Firmware-
IntelCore I3-7100u Firmware-
IntelCore I3-7167u Firmware-
IntelCore I3-7300 Firmware-
IntelCore I3-7300t Firmware-
IntelCore I3-7320 Firmware-
IntelCore I3-7350k Firmware-
IntelCore I3-8100 Firmware-
IntelCore I3-8100t Firmware-
IntelCore I3-8109u Firmware-
IntelCore I3-8130u Firmware-
IntelCore I3-8145u Firmware-
IntelCore I3-8300 Firmware-
IntelCore I3-8300t Firmware-
IntelCore I3-8350k Firmware-
IntelCore I3-9100 Firmware-
IntelCore I3-9100t Firmware-
IntelCore I3-9300 Firmware-
IntelCore I3-9300t Firmware-
IntelCore I3-9320 Firmware-
IntelCore I3-9350k Firmware-
IntelCore I5+8400 Firmware-
IntelCore I5+8500 Firmware-
IntelCore I5-10210u Firmware-
IntelCore I5-10210y Firmware-
IntelCore I5-10310y Firmware-
IntelCore I5-1035g1 Firmware-
IntelCore I5-1035g4 Firmware-
IntelCore I5-1035g7 Firmware-
IntelCore I5-5200u Firmware-
IntelCore I5-5250u Firmware-
IntelCore I5-5257u Firmware-
IntelCore I5-5287u Firmware-
IntelCore I5-5350h Firmware-
IntelCore I5-6200u Firmware-
IntelCore I5-6260u Firmware-
IntelCore I5-6267u Firmware-
IntelCore I5-6287u Firmware-
IntelCore I5-6300hq Firmware-
IntelCore I5-6350hq Firmware-
IntelCore I5-7200u Firmware-
IntelCore I5-7260u Firmware-
IntelCore I5-7267u Firmware-
IntelCore I5-7287u Firmware-
IntelCore I5-7300hq Firmware-
IntelCore I5-7360u Firmware-
IntelCore I5-7400 Firmware-
IntelCore I5-7400t Firmware-
IntelCore I5-7440hq Firmware-
IntelCore I5-7500 Firmware-
IntelCore I5-7500t Firmware-
IntelCore I5-7600 Firmware-
IntelCore I5-7600k Firmware-
IntelCore I5-7600t Firmware-
IntelCore I5-7y54 Firmware-
IntelCore I5-8200y Firmware-
IntelCore I5-8250u Firmware-
IntelCore I5-8259u Firmware-
IntelCore I5-8265u Firmware-
IntelCore I5-8269u Firmware-
IntelCore I5-8300h Firmware-
IntelCore I5-8305g Firmware-
IntelCore I5-8350u Firmware-
IntelCore I5-8400 Firmware-
IntelCore I5-8400b Firmware-
IntelCore I5-8400t Firmware-
IntelCore I5-8500b Firmware-
IntelCore I5-8700b Firmware-
IntelCore I5-9300h Firmware-
IntelCore I5-9400 Firmware-
IntelCore I5-9400h Firmware-
IntelCore I5-9400t Firmware-
IntelCore I5-9500 Firmware-
IntelCore I5-9500t Firmware-
IntelCore I5-9600 Firmware-
IntelCore I5-9600k Firmware-
IntelCore I5-9600t Firmware-
IntelCore I7+8700 Firmware-
IntelCore I7-10510u Firmware-
IntelCore I7-10510y Firmware-
IntelCore I7-1065g7 Firmware-
IntelCore I7-10710u Firmware-
IntelCore I7-5500u Firmware-
IntelCore I7-5550u Firmware-
IntelCore I7-5557u Firmware-
IntelCore I7-5700hq Firmware-
IntelCore I7-5750hq Firmware-
IntelCore I7-5775c Firmware-
IntelCore I7-5850hq Firmware-
IntelCore I7-5950hq Firmware-
IntelCore I7-6500u Firmware-
IntelCore I7-6560u Firmware-
IntelCore I7-6567u Firmware-
IntelCore I7-6700hq Firmware-
IntelCore I7-6770hq Firmware-
IntelCore I7-6820hk Firmware-
IntelCore I7-6870hq Firmware-
IntelCore I7-6970hq Firmware-
IntelCore I7-7500u Firmware-
IntelCore I7-7560u Firmware-
IntelCore I7-7567u Firmware-
IntelCore I7-7660u Firmware-
IntelCore I7-7700 Firmware-
IntelCore I7-7700hq Firmware-
IntelCore I7-7700k Firmware-
IntelCore I7-7700t Firmware-
IntelCore I7-7800x Firmware-
IntelCore I7-7820hk Firmware-
IntelCore I7-7820hq Firmware-
IntelCore I7-7820x Firmware-
IntelCore I7-7920hq Firmware-
IntelCore I7-8086k Firmware-
IntelCore I7-8500y Firmware-
IntelCore I7-8550u Firmware-
IntelCore I7-8559u Firmware-
IntelCore I7-8565u Firmware-
IntelCore I7-8650u Firmware-
IntelCore I7-8705g Firmware-
IntelCore I7-8706g Firmware-
IntelCore I7-8709g Firmware-
IntelCore I7-8750h Firmware-
IntelCore I7-8809g Firmware-
IntelCore I7-9700 Firmware-
IntelCore I7-9700k Firmware-
IntelCore I7-9700t Firmware-
IntelCore I7-9750h Firmware-
IntelCore I7-9850h Firmware-
IntelCore I9-10900x X-series Firmware-
IntelCore I9-10920x X-series Firmware-
IntelCore I9-10940x X-series Firmware-
IntelCore I9-10980xe Firmware-
IntelCore I9-7900x Firmware-
IntelCore I9-7920x Firmware-
IntelCore I9-7940x Firmware-
IntelCore I9-7960x Firmware-
IntelCore I9-7980xe Firmware-
IntelCore I9-9900x X-series Firmware-
IntelCore I9-9920x X-series Firmware-
IntelCore I9-9940x X-series Firmware-
IntelCore I9-9960x X-series Firmware-
IntelCore I9-9980xe Firmware-
IntelCore M-5y10 Firmware-
IntelCore M-5y10a Firmware-
IntelCore M-5y10c Firmware-
IntelCore M-5y31 Firmware-
IntelCore M-5y51 Firmware-
IntelCore M-5y70 Firmware-
IntelCore M-5y71 Firmware-
IntelCore M3-6y30 Firmware-
IntelCore M3-6y54 Firmware-
IntelCore M3-7y30 Firmware-
IntelCore M3-8100y Firmware-
IntelPentium Gold 4410y Firmware-
IntelPentium Gold 4415u Firmware-
IntelPentium Gold 4415y Firmware-
IntelPentium Gold 4417u Firmware-
IntelPentium Gold 4425y Firmware-
IntelPentium Gold 5405u Firmware-
IntelPentium Gold 6405u Firmware-
IntelPentium Gold G5400 Firmware-
IntelPentium Gold G5400t Firmware-
IntelPentium Gold G5420 Firmware-
IntelPentium Gold G5420t Firmware-
IntelPentium Gold G5500 Firmware-
IntelPentium Gold G5500t Firmware-
IntelPentium Gold G5600 Firmware-
IntelPentium Gold G5600t Firmware-
IntelPentium Gold G5620 Firmware-
IntelXeon 3040 Firmware-
IntelXeon 3050 Firmware-
IntelXeon 3060 Firmware-
IntelXeon 3065 Firmware-
IntelXeon 3070 Firmware-
IntelXeon 5030 Firmware-
IntelXeon 5040 Firmware-
IntelXeon 5050 Firmware-
IntelXeon 5060 Firmware-
IntelXeon 5063 Firmware-
IntelXeon 5070 Firmware-
IntelXeon 5080 Firmware-
IntelXeon 5110 Firmware-
IntelXeon 5120 Firmware-
IntelXeon 5130 Firmware-
IntelXeon 5140 Firmware-
IntelXeon 5150 Firmware-
IntelXeon 5160 Firmware-
IntelXeon 7020 Firmware-
IntelXeon 7030 Firmware-
IntelXeon 7040 Firmware-
IntelXeon 7041 Firmware-
IntelXeon 7110m Firmware-
IntelXeon 7110n Firmware-
IntelXeon 7120m Firmware-
IntelXeon 7120n Firmware-
IntelXeon 7130m Firmware-
IntelXeon 7130n Firmware-
IntelXeon 7140m Firmware-
IntelXeon 7140n Firmware-
IntelXeon 7150n Firmware-
IntelXeon Bronze 3204 Firmware-
IntelXeon D-1513n Firmware-
IntelXeon D-1518 Firmware-
IntelXeon D-1520 Firmware-
IntelXeon D-1521 Firmware-
IntelXeon D-1523n Firmware-
IntelXeon D-1527 Firmware-
IntelXeon D-1528 Firmware-
IntelXeon D-1529 Firmware-
IntelXeon D-1531 Firmware-
IntelXeon D-1533n Firmware-
IntelXeon D-1537 Firmware-
IntelXeon D-1539 Firmware-
IntelXeon D-1540 Firmware-
IntelXeon D-1541 Firmware-
IntelXeon D-1543n Firmware-
IntelXeon D-1548 Firmware-
IntelXeon D-1553n Firmware-
IntelXeon D-1557 Firmware-
IntelXeon D-1559 Firmware-
IntelXeon D-1567 Firmware-
IntelXeon D-1571 Firmware-
IntelXeon D-1577 Firmware-
IntelXeon D-1602 Firmware-
IntelXeon D-1622 Firmware-
IntelXeon D-1623n Firmware-
IntelXeon D-1627 Firmware-
IntelXeon D-1633n Firmware-
IntelXeon D-1637 Firmware-
IntelXeon D-1649n Firmware-
IntelXeon D-1653n Firmware-
IntelXeon D-2123it Firmware-
IntelXeon D-2141i Firmware-
IntelXeon D-2142it Firmware-
IntelXeon D-2143it Firmware-
IntelXeon D-2145nt Firmware-
IntelXeon D-2146nt Firmware-
IntelXeon D-2161i Firmware-
IntelXeon D-2163it Firmware-
IntelXeon D-2166nt Firmware-
IntelXeon D-2173it Firmware-
IntelXeon D-2177nt Firmware-
IntelXeon D-2183it Firmware-
IntelXeon D-2187nt Firmware-
IntelXeon D-2191 Firmware-
IntelXeon E-2104g Firmware-
IntelXeon E-2124 Firmware-
IntelXeon E-2124g Firmware-
IntelXeon E-2126g Firmware-
IntelXeon E-2134 Firmware-
IntelXeon E-2136 Firmware-
IntelXeon E-2144g Firmware-
IntelXeon E-2146g Firmware-
IntelXeon E-2174g Firmware-
IntelXeon E-2176g Firmware-
IntelXeon E-2186g Firmware-
IntelXeon E-2224 Firmware-
IntelXeon E-2224g Firmware-
IntelXeon E-2226g Firmware-
IntelXeon E-2234 Firmware-
IntelXeon E-2236 Firmware-
IntelXeon E-2244g Firmware-
IntelXeon E-2246g Firmware-
IntelXeon E-2274g Firmware-
IntelXeon E-2276g Firmware-
IntelXeon E-2278g Firmware-
IntelXeon E-2286g Firmware-
IntelXeon E-2288g Firmware-
IntelXeon E3-1220 V3 Firmware-
IntelXeon E3-1220 V5 Firmware-
IntelXeon E3-1220 V6 Firmware-
IntelXeon E3-1220l V3 Firmware-
IntelXeon E3-1225 V3 Firmware-
IntelXeon E3-1225 V5 Firmware-
IntelXeon E3-1225 V6 Firmware-
IntelXeon E3-1226 V3 Firmware-
IntelXeon E3-1230 V5 Firmware-
IntelXeon E3-1230 V6 Firmware-
IntelXeon E3-1230l V3 Firmware-
IntelXeon E3-1231 V3 Firmware-
IntelXeon E3-1235l V5 Firmware-
IntelXeon E3-1240 V5 Firmware-
IntelXeon E3-1240 V6 Firmware-
IntelXeon E3-1240l V3 Firmware-
IntelXeon E3-1240l V5 Firmware-
IntelXeon E3-1241 V3 Firmware-
IntelXeon E3-1245 V5 Firmware-
IntelXeon E3-1245 V6 Firmware-
IntelXeon E3-1246 V3 Firmware-
IntelXeon E3-1260l V5 Firmware-
IntelXeon E3-1265l V3 Firmware-
IntelXeon E3-1265l V4 Firmware-
IntelXeon E3-1268l V5 Firmware-
IntelXeon E3-1270 V5 Firmware-
IntelXeon E3-1270 V6 Firmware-
IntelXeon E3-1271 V3 Firmware-
IntelXeon E3-1275 V3 Firmware-
IntelXeon E3-1275 V5 Firmware-
IntelXeon E3-1275 V6 Firmware-
IntelXeon E3-1276 V3 Firmware-
IntelXeon E3-1280 V5 Firmware-
IntelXeon E3-1280 V6 Firmware-
IntelXeon E3-1281 V3 Firmware-
IntelXeon E3-1285 V4 Firmware-
IntelXeon E3-1285l V4 Firmware-
IntelXeon E3-1505m V5 Firmware-
IntelXeon E3-1505m V6 Firmware-
IntelXeon E3-1515m V5 Firmware-
IntelXeon E3-1535m V5 Firmware-
IntelXeon E3-1535m V6 Firmware-
IntelXeon E3-1545m V5 Firmware-
IntelXeon E3-1558l V5 Firmware-
IntelXeon E3-1565l V5 Firmware-
IntelXeon E3-1575m V5 Firmware-
IntelXeon E3-1585 V5 Firmware-
IntelXeon E3-1585l V5 Firmware-
IntelXeon E3110 Firmware-
IntelXeon E3120 Firmware-
IntelXeon E5-1620 V2 Firmware-
IntelXeon E5-1620 V3 Firmware-
IntelXeon E5-1620 V4 Firmware-
IntelXeon E5-1630 V3 Firmware-
IntelXeon E5-1630 V4 Firmware-
IntelXeon E5-1650 V2 Firmware-
IntelXeon E5-1650 V3 Firmware-
IntelXeon E5-1650 V4 Firmware-
IntelXeon E5-1660 V2 Firmware-
IntelXeon E5-1660 V3 Firmware-
IntelXeon E5-1660 V4 Firmware-
IntelXeon E5-1680 V3 Firmware-
IntelXeon E5-1680 V4 Firmware-
IntelXeon E5-2403 V2 Firmware-
IntelXeon E5-2407 V2 Firmware-
IntelXeon E5-2420 V2 Firmware-
IntelXeon E5-2430 V2 Firmware-
IntelXeon E5-2430l V2 Firmware-
IntelXeon E5-2440 V2 Firmware-
IntelXeon E5-2450 V2 Firmware-
IntelXeon E5-2450l V2 Firmware-
IntelXeon E5-2470 V2 Firmware-
IntelXeon E5-2603 V2 Firmware-
IntelXeon E5-2603 V3 Firmware-
IntelXeon E5-2603 V4 Firmware-
IntelXeon E5-2608l V4 Firmware-
IntelXeon E5-2609 V2 Firmware-
IntelXeon E5-2609 V4 Firmware-
IntelXeon E5-2618l V4 Firmware-
IntelXeon E5-2620 V2 Firmware-
IntelXeon E5-2620 V3 Firmware-
IntelXeon E5-2620 V4 Firmware-
IntelXeon E5-2623 V3 Firmware-
IntelXeon E5-2623 V4 Firmware-
IntelXeon E5-2628l V4 Firmware-
IntelXeon E5-2630 V2 Firmware-
IntelXeon E5-2630 V3 Firmware-
IntelXeon E5-2630 V4 Firmware-
IntelXeon E5-2630l V2 Firmware-
IntelXeon E5-2630l V3 Firmware-
IntelXeon E5-2630l V4 Firmware-
IntelXeon E5-2637 V2 Firmware-
IntelXeon E5-2637 V3 Firmware-
IntelXeon E5-2637 V4 Firmware-
IntelXeon E5-2640 V2 Firmware-
IntelXeon E5-2640 V3 Firmware-
IntelXeon E5-2640 V4 Firmware-
IntelXeon E5-2643 V2 Firmware-
IntelXeon E5-2643 V3 Firmware-
IntelXeon E5-2643 V4 Firmware-
IntelXeon E5-2648l V4 Firmware-
IntelXeon E5-2650 V2 Firmware-
IntelXeon E5-2650 V3 Firmware-
IntelXeon E5-2650 V4 Firmware-
IntelXeon E5-2650l V2 Firmware-
IntelXeon E5-2650l V3 Firmware-
IntelXeon E5-2650l V4 Firmware-
IntelXeon E5-2658 V4 Firmware-
IntelXeon E5-2660 V2 Firmware-
IntelXeon E5-2660 V3 Firmware-
IntelXeon E5-2660 V4 Firmware-
IntelXeon E5-2667 V2 Firmware-
IntelXeon E5-2667 V3 Firmware-
IntelXeon E5-2667 V4 Firmware-
IntelXeon E5-2670 V2 Firmware-
IntelXeon E5-2670 V3 Firmware-
IntelXeon E5-2680 V2 Firmware-
IntelXeon E5-2680 V3 Firmware-
IntelXeon E5-2680 V4 Firmware-
IntelXeon E5-2683 V3 Firmware-
IntelXeon E5-2683 V4 Firmware-
IntelXeon E5-2687w V2 Firmware-
IntelXeon E5-2687w V3 Firmware-
IntelXeon E5-2687w V4 Firmware-
IntelXeon E5-2690 V2 Firmware-
IntelXeon E5-2690 V3 Firmware-
IntelXeon E5-2690 V4 Firmware-
IntelXeon E5-2695 V2 Firmware-
IntelXeon E5-2695 V3 Firmware-
IntelXeon E5-2695 V4 Firmware-
IntelXeon E5-2697 V2 Firmware-
IntelXeon E5-2697 V3 Firmware-
IntelXeon E5-2697 V4 Firmware-
IntelXeon E5-2697a V4 Firmware-
IntelXeon E5-2698 V3 Firmware-
IntelXeon E5-2698 V4 Firmware-
IntelXeon E5-2699 V3 Firmware-
IntelXeon E5-2699 V4 Firmware-
IntelXeon E5-2699a V4 Firmware-
IntelXeon E5-4603 V2 Firmware-
IntelXeon E5-4607 V2 Firmware-
IntelXeon E5-4610 V2 Firmware-
IntelXeon E5-4610 V3 Firmware-
IntelXeon E5-4610a V4 Firmware-
IntelXeon E5-4620 V2 Firmware-
IntelXeon E5-4620 V3 Firmware-
IntelXeon E5-4620 V4 Firmware-
IntelXeon E5-4627 V2 Firmware-
IntelXeon E5-4627 V3 Firmware-
IntelXeon E5-4627 V4 Firmware-
IntelXeon E5-4628l V4 Firmware-
IntelXeon E5-4640 V2 Firmware-
IntelXeon E5-4640 V3 Firmware-
IntelXeon E5-4640 V4 Firmware-
IntelXeon E5-4650 V2 Firmware-
IntelXeon E5-4650 V3 Firmware-
IntelXeon E5-4650 V4 Firmware-
IntelXeon E5-4655 V3 Firmware-
IntelXeon E5-4655 V4 Firmware-
IntelXeon E5-4657l V2 Firmware-
IntelXeon E5-4660 V3 Firmware-
IntelXeon E5-4660 V4 Firmware-
IntelXeon E5-4667 V3 Firmware-
IntelXeon E5-4667 V4 Firmware-
IntelXeon E5-4669 V3 Firmware-
IntelXeon E5-4669 V4 Firmware-
IntelXeon E5205 Firmware-
IntelXeon E5220 Firmware-
IntelXeon E5240 Firmware-
IntelXeon E5310 Firmware-
IntelXeon E5320 Firmware-
IntelXeon E5335 Firmware-
IntelXeon E5345 Firmware-
IntelXeon E5405 Firmware-
IntelXeon E5410 Firmware-
IntelXeon E5420 Firmware-
IntelXeon E5430 Firmware-
IntelXeon E5440 Firmware-
IntelXeon E5450 Firmware-
IntelXeon E5462 Firmware-
IntelXeon E5472 Firmware-
IntelXeon E5502 Firmware-
IntelXeon E5503 Firmware-
IntelXeon E5504 Firmware-
IntelXeon E5506 Firmware-
IntelXeon E5507 Firmware-
IntelXeon E5520 Firmware-
IntelXeon E5530 Firmware-
IntelXeon E5540 Firmware-
IntelXeon E5603 Firmware-
IntelXeon E5606 Firmware-
IntelXeon E5607 Firmware-
IntelXeon E5620 Firmware-
IntelXeon E5630 Firmware-
IntelXeon E5640 Firmware-
IntelXeon E5645 Firmware-
IntelXeon E5649 Firmware-
IntelXeon E6510 Firmware-
IntelXeon E6540 Firmware-
IntelXeon E7-2850 V2 Firmware-
IntelXeon E7-2870 V2 Firmware-
IntelXeon E7-2880 V2 Firmware-
IntelXeon E7-2890 V2 Firmware-
IntelXeon E7-4809 V2 Firmware-
IntelXeon E7-4809 V3 Firmware-
IntelXeon E7-4809 V4 Firmware-
IntelXeon E7-4820 V2 Firmware-
IntelXeon E7-4820 V3 Firmware-
IntelXeon E7-4820 V4 Firmware-
IntelXeon E7-4830 V2 Firmware-
IntelXeon E7-4830 V3 Firmware-
IntelXeon E7-4830 V4 Firmware-
IntelXeon E7-4850 V2 Firmware-
IntelXeon E7-4850 V3 Firmware-
IntelXeon E7-4850 V4 Firmware-
IntelXeon E7-4860 V2 Firmware-
IntelXeon E7-4870 V2 Firmware-
IntelXeon E7-4880 V2 Firmware-
IntelXeon E7-4890 V2 Firmware-
IntelXeon E7-8850 V2 Firmware-
IntelXeon E7-8855 V4 Firmware-
IntelXeon E7-8857 V2 Firmware-
IntelXeon E7-8860 V3 Firmware-
IntelXeon E7-8860 V4 Firmware-
IntelXeon E7-8867 V3 Firmware-
IntelXeon E7-8867 V4 Firmware-
IntelXeon E7-8870 V2 Firmware-
IntelXeon E7-8870 V3 Firmware-
IntelXeon E7-8870 V4 Firmware-
IntelXeon E7-8880 V2 Firmware-
IntelXeon E7-8880 V3 Firmware-
IntelXeon E7-8880 V4 Firmware-
IntelXeon E7-8880l V2 Firmware-
IntelXeon E7-8880l V3 Firmware-
IntelXeon E7-8890 V2 Firmware-
IntelXeon E7-8890 V3 Firmware-
IntelXeon E7-8890 V4 Firmware-
IntelXeon E7-8891 V2 Firmware-
IntelXeon E7-8891 V3 Firmware-
IntelXeon E7-8891 V4 Firmware-
IntelXeon E7-8893 V2 Firmware-
IntelXeon E7-8893 V3 Firmware-
IntelXeon E7-8893 V4 Firmware-
IntelXeon E7-8895 V2 Firmware-
IntelXeon E7210 Firmware-
IntelXeon E7220 Firmware-
IntelXeon E7310 Firmware-
IntelXeon E7320 Firmware-
IntelXeon E7330 Firmware-
IntelXeon E7340 Firmware-
IntelXeon E7420 Firmware-
IntelXeon E7430 Firmware-
IntelXeon E7440 Firmware-
IntelXeon E7450 Firmware-
IntelXeon E7520 Firmware-
IntelXeon E7530 Firmware-
IntelXeon E7540 Firmware-
IntelXeon Ec3539 Firmware-
IntelXeon Ec5509 Firmware-
IntelXeon Ec5539 Firmware-
IntelXeon Ec5549 Firmware-
IntelXeon Gold 5215 Firmware-
IntelXeon Gold 5215l Firmware-
IntelXeon Gold 5215m Firmware-
IntelXeon Gold 5217 Firmware-
IntelXeon Gold 5218 Firmware-
IntelXeon Gold 5218b Firmware-
IntelXeon Gold 5218n Firmware-
IntelXeon Gold 5218t Firmware-
IntelXeon Gold 5220 Firmware-
IntelXeon Gold 5220s Firmware-
IntelXeon Gold 5220t Firmware-
IntelXeon Gold 5222 Firmware-
IntelXeon Gold 6222v Firmware-
IntelXeon Gold 6226 Firmware-
IntelXeon Gold 6230 Firmware-
IntelXeon Gold 6230n Firmware-
IntelXeon Gold 6230t Firmware-
IntelXeon Gold 6234 Firmware-
IntelXeon Gold 6238 Firmware-
IntelXeon Gold 6238l Firmware-
IntelXeon Gold 6238m Firmware-
IntelXeon Gold 6238t Firmware-
IntelXeon Gold 6240 Firmware-
IntelXeon Gold 6240l Firmware-
IntelXeon Gold 6240m Firmware-
IntelXeon Gold 6240y Firmware-
IntelXeon Gold 6242 Firmware-
IntelXeon Gold 6244 Firmware-
IntelXeon Gold 6246 Firmware-
IntelXeon Gold 6248 Firmware-
IntelXeon Gold 6252 Firmware-
IntelXeon Gold 6252n Firmware-
IntelXeon Gold 6254 Firmware-
IntelXeon Gold 6262v Firmware-
IntelXeon L3014 Firmware-
IntelXeon L3110 Firmware-
IntelXeon L3360 Firmware-
IntelXeon L3406 Firmware-
IntelXeon L3426 Firmware-
IntelXeon L5215 Firmware-
IntelXeon L5238 Firmware-
IntelXeon L5240 Firmware-
IntelXeon L5310 Firmware-
IntelXeon L5318 Firmware-
IntelXeon L5320 Firmware-
IntelXeon L5335 Firmware-
IntelXeon L5408 Firmware-
IntelXeon L5410 Firmware-
IntelXeon L5420 Firmware-
IntelXeon L5430 Firmware-
IntelXeon L5506 Firmware-
IntelXeon L5508 Firmware-
IntelXeon L5518 Firmware-
IntelXeon L5520 Firmware-
IntelXeon L5530 Firmware-
IntelXeon L5609 Firmware-
IntelXeon L5618 Firmware-
IntelXeon L5630 Firmware-
IntelXeon L5638 Firmware-
IntelXeon L5640 Firmware-
IntelXeon L7345 Firmware-
IntelXeon L7445 Firmware-
IntelXeon L7455 Firmware-
IntelXeon L7545 Firmware-
IntelXeon L7555 Firmware-
IntelXeon Lc3518 Firmware-
IntelXeon Lc3528 Firmware-
IntelXeon Lc5518 Firmware-
IntelXeon Lc5528 Firmware-
IntelXeon Lv 5113 Firmware-
IntelXeon Lv 5128 Firmware-
IntelXeon Lv 5133 Firmware-
IntelXeon Lv 5138 Firmware-
IntelXeon Lv 5148 Firmware-
IntelXeon Platinum 8253 Firmware-
IntelXeon Platinum 8256 Firmware-
IntelXeon Platinum 8260 Firmware-
IntelXeon Platinum 8260l Firmware-
IntelXeon Platinum 8260m Firmware-
IntelXeon Platinum 8260y Firmware-
IntelXeon Platinum 8268 Firmware-
IntelXeon Platinum 8270 Firmware-
IntelXeon Platinum 8276 Firmware-
IntelXeon Platinum 8276l Firmware-
IntelXeon Platinum 8276m Firmware-
IntelXeon Platinum 8280 Firmware-
IntelXeon Platinum 8280l Firmware-
IntelXeon Platinum 8280m Firmware-
IntelXeon Platinum 9221 Firmware-
IntelXeon Platinum 9222 Firmware-
IntelXeon Platinum 9242 Firmware-
IntelXeon Platinum 9282 Firmware-
IntelXeon Silver 4208 Firmware-
IntelXeon Silver 4209t Firmware-
IntelXeon Silver 4210 Firmware-
IntelXeon Silver 4214 Firmware-
IntelXeon Silver 4214y Firmware-
IntelXeon Silver 4215 Firmware-
IntelXeon Silver 4216 Firmware-
IntelXeon W-2123 Firmware-
IntelXeon W-2125 Firmware-
IntelXeon W-2133 Firmware-
IntelXeon W-2135 Firmware-
IntelXeon W-2145 Firmware-
IntelXeon W-2155 Firmware-
IntelXeon W-2175 Firmware-
IntelXeon W-2195 Firmware-
IntelXeon W-2223 Firmware-
IntelXeon W-2225 Firmware-
IntelXeon W-2235 Firmware-
IntelXeon W-2245 Firmware-
IntelXeon W-2255 Firmware-
IntelXeon W-2265 Firmware-
IntelXeon W-2275 Firmware-
IntelXeon W-2295 Firmware-
IntelXeon W-3175x Firmware-
IntelXeon W-3223 Firmware-
IntelXeon W-3225 Firmware-
IntelXeon W-3245 Firmware-
IntelXeon W-3245m Firmware-
IntelXeon W-3265 Firmware-
IntelXeon W-3265m Firmware-
IntelXeon W-3275 Firmware-
IntelXeon W-3275m Firmware-
IntelXeon W3520 Firmware-
IntelXeon W3530 Firmware-
IntelXeon W3540 Firmware-
IntelXeon W3550 Firmware-
IntelXeon W3565 Firmware-
IntelXeon W3570 Firmware-
IntelXeon W3580 Firmware-
IntelXeon W3670 Firmware-
IntelXeon W3680 Firmware-
IntelXeon W3690 Firmware-
IntelXeon W5580 Firmware-
IntelXeon W5590 Firmware-
IntelXeon X3210 Firmware-
IntelXeon X3220 Firmware-
IntelXeon X3230 Firmware-
IntelXeon X3320 Firmware-
IntelXeon X3330 Firmware-
IntelXeon X3350 Firmware-
IntelXeon X3360 Firmware-
IntelXeon X3370 Firmware-
IntelXeon X3380 Firmware-
IntelXeon X3430 Firmware-
IntelXeon X3440 Firmware-
IntelXeon X3450 Firmware-
IntelXeon X3460 Firmware-
IntelXeon X3470 Firmware-
IntelXeon X3480 Firmware-
IntelXeon X5260 Firmware-
IntelXeon X5270 Firmware-
IntelXeon X5272 Firmware-
IntelXeon X5355 Firmware-
IntelXeon X5365 Firmware-
IntelXeon X5450 Firmware-
IntelXeon X5460 Firmware-
IntelXeon X5470 Firmware-
IntelXeon X5472 Firmware-
IntelXeon X5482 Firmware-
IntelXeon X5492 Firmware-
IntelXeon X5550 Firmware-
IntelXeon X5560 Firmware-
IntelXeon X5570 Firmware-
IntelXeon X5647 Firmware-
IntelXeon X5650 Firmware-
IntelXeon X5660 Firmware-
IntelXeon X5667 Firmware-
IntelXeon X5670 Firmware-
IntelXeon X5672 Firmware-
IntelXeon X5675 Firmware-
IntelXeon X5677 Firmware-
IntelXeon X5680 Firmware-
IntelXeon X5687 Firmware-
IntelXeon X5690 Firmware-
IntelXeon X6550 Firmware-
IntelXeon X7350 Firmware-
IntelXeon X7460 Firmware-
IntelXeon X7542 Firmware-
IntelXeon X7550 Firmware-
IntelXeon X7560 Firmware-

Vendor Advisories

Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: redhat-release-virtualization-host and redhat-virtualization-host update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red H ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Sol ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Sol ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: OpenShift Container Platform 425 machine-os-content-container security update Type/Severity Security Advisory: Important Topic An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as havi ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processo ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: OpenShift Container Platform 4124 machine-os-content-container security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4124 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Pr ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
IBM is aware of a reported security Intel vulnerability, CVE-2018-12207, which is addressed by Citrix in the XSA-304 and XSA-305 security advisories The vulnerability could enable a denial of service attack There are no known malicious exploits of this vulnerability, which potentially impacts the hypervisor ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core This issue has the following identifier: ...
A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processo ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Mac ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Debian Bug report logs - #947944 xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583) Package: src:xen; Maintainer for src:xen is De ...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks In addition this update provides mitigations for the TSX Asynchronous Abort speculative side channel attack For additional information please refer to xenbitsxenorg/xsa/adv ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-12207 / XSA-304 x86: Machine Check Error on Page Size Change DoS ISSUE DESCRIPTION ================= An erratum exists across some CPUs whereby an instruction fetch may cause a machine check error if the pagetables have been updated in a speci ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:25mcepsc Security Advisory The FreeBSD Project Topic: Machine Check Exception on Page Size Change Categ ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 security () debian org wwwdebianorg/security/ Ben Hutchings November 12, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4602-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff January 13, 2020 wwwdebianorg/security/faq ...

Github Repositories

Recent Articles

Microsoft Patch Tuesday – November 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 15 Nov 2020

This month the vendor has patched 75 vulnerabilities, 14 of which are rated Critical.

Posted: 15 Nov, 201922 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – November 2019This month the vendor has patched 75 vulnerabilities, 14 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handl...

T-Mobile US hacked, Monero wallet app infected, public info records on 1.2bn people leak from database...
The Register • Shaun Nichols in San Francisco • 23 Nov 2019

...OnePlus also compromised, and much more

Roundup Time for another roundup of all the security news that's fit to print and that we haven't covered yet.
T-Mobile US prepaid account holders got some unwelcome news this week when their wireless carrier admitted on Friday it was compromised by miscreants who would have been able to ogle customers' personal information.
Exposed details include name, billing address, account number, and mobile plan types. T-Mobile notes that, at least, no bank card info was exposed.
"Our cy...

Microsoft Issues Guidance for Intel CPU Driver Security Flaws
BleepingComputer • Sergiu Gatlan • 14 Nov 2019

Microsoft issued guidance to help users protect their systems against denial of service (DoS) and information disclosure security flaws affecting Intel CPUs, disclosed during this week's Patch Tuesday.
The DoS vulnerability tracked as CVE-2018-12207 impacts client and server Intel Core processors up to and including 8th generation, while the speculative vulnerability flaw tracked as CVE-2019-11135 and found in the Intel Transactional Synchronization Extensions (TSX) capability affe...