This update ships updated CPU microcode for most types of Intel CPUs It
provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware
vulnerabilities
To fully resolve these vulnerabilities it is also necessary to update
the Linux kernel packages as released in DSA 4444
For the stable distribution (stretch), these problems have been fixed i ...
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, or information
leak
CVE-2018-12207
It was discovered that on Intel CPUs supporting hardware
virtualisation with Extended Page Tables (EPT), a guest VM may
manipulate the memory management hardware to cause a Mac ...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, guest-to-host privilege escalation or
information leaks
In addition this update provides mitigations for the TSX Asynchronous Abort
speculative side channel attack For additional information please refer to
xenbitsxenorg/xsa/adv ...
Multiple researchers have discovered vulnerabilities in the way the
Intel processor designs have implemented speculative forwarding of data
filled into temporary microarchitectural structures (buffers) This
flaw could allow an attacker controlling an unprivileged process to
read sensitive information, including from the kernel and all other
proces ...
Two vulnerabilities were discovered in Libvirt, a virtualisation
abstraction library, allowing an API client with read-only permissions
to execute arbitrary commands via the virConnectGetDomainCapabilities
API, or read or execute arbitrary files via the
virDomainSaveImageGetXMLDesc API
Additionally the libvirt's cpu map was updated to make address ...
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091) MSBDS leaks Store Buffer Entries which can be speculativ ...
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access (CVE-2019-11091)
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches The wr ...
Impact:
Moderate
Public Date:
2019-05-14
CWE:
CWE-203->CWE-385
Bugzilla:
1705312:
CVE-2019-11091 har ...
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091) MSBDS leaks Store Buffer Entries which can be specul ...
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches The write operation is split into STA (STore Address) and STD (STore Data) sub-operations These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writ ...
Debian Bug report logs -
#927439
qemu: CVE-2019-5008
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 19 Apr 2019 20:42:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version ...
Debian Bug report logs -
#929994
xen: XSA-288: x86: Inconsistent PV IOMMU discipline
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:39:10 UTC
Severity: important
Tags: security, upstre ...
Debian Bug report logs -
#929999
xen: XSA-293: x86: PV kernel context switch corruption
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:45:02 UTC
Severity: important
Tags: security, ups ...
Debian Bug report logs -
#929998
xen: XSA-285: race with pass-through device hotplug
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:42:19 UTC
Severity: important
Tags: security, upstre ...
Debian Bug report logs -
#929993
xen: XSA-292: x86: insufficient TLB flushing when using PCID
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:39:07 UTC
Severity: important
Tags: securit ...
Debian Bug report logs -
#929129
Xen Hypervisor security update for Intel MDS - XSA 297
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Wiebe Cazemier <wiebe@ytecnl>
Date: Fri, 17 May 2019 15:24:01 UTC
Severity: grave
Tags: security, upstream
Found i ...
Debian Bug report logs -
#901017
qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 8 Jun 2018 03:42:01 UTC
...
Debian Bug report logs -
#929996
xen: XSA-290: missing preemption in x86 PV page table unvalidation
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:42:04 UTC
Severity: important
Tags: s ...
Debian Bug report logs -
#929991
xen: XSA-284: grant table transfer issues on large hosts
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:39:01 UTC
Severity: important
Tags: security, u ...
Debian Bug report logs -
#929353
qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 22 May 2019 08:03:02 UTC
Sever ...
Debian Bug report logs -
#930001
xen: XSA-287: x86: steal_page violates page_struct access discipline
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:45:07 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#929992
xen: XSA-294: x86 shadow: Insufficient TLB flushing when using PCID
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:39:04 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#929995
xen: XSA-291: x86/PV: page type reference counting issue with failed IOMMU update
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Jun 2019 19:42:02 UTC
Severity: im ...
Synopsis
Important: redhat-virtualization-host security update
Type/Severity
Security Advisory: Important
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 EUSRed Hat Product Security has ra ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: Advanced Virtualization security update
Type/Severity
Security Advisory: Important
Topic
The updated Advanced Virtualization module is now available for Red HatEnterprise Linux 80 Advanced VirtualizationRed Hat Product Security has rated this update as having a security impact of Impor ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: kernel-rt security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: vdsm security update
Type/Severity
Security Advisory: Important
Topic
An update for vdsm is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Synopsis
Important: virt:rhel security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: rhvm-appliance security update
Type/Severity
Security Advisory: Important
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP S ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: rhvm-setup-plugins security update
Type/Severity
Security Advisory: Important
Topic
An update for rhvm-setup-plugins is now available for Red Hat Virtualization 43Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP ...
Synopsis
Important: rhvm-setup-plugins security update
Type/Severity
Security Advisory: Important
Topic
An update for rhvm-setup-plugins is now available for Red Hat Virtualization 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: kernel-rt security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP S ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: redhat-virtualization-host security update
Type/Severity
Security Advisory: Important
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis
Important: vdsm security update
Type/Severity
Security Advisory: Important
Topic
An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: libvirt security update
Type/Severity
Security Advisory: Important
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm-rhev security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 43Red Hat Product Security has rated this ...
Several security issues were fixed in the Linux kernel ...
The system could be made to expose sensitive information ...
The system could be made to expose sensitive information ...
Several security issues were fixed in the Linux kernel ...
Several issues were addressed in QEMU ...
Several security issues were fixed in the Linux kernel ...
The system could be made to expose sensitive information ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were addressed in libvirt ...
Several issues were addressed in libvirt ...
Potential security vulnerabilities in Intel CPUs may allow information disclosure Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout See table below for further details
Vulnerability
Description
CVE
Fallout, RIDL
Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12126
RIDL
Mic ...
Potential security vulnerabilities in Intel CPUs may allow information disclosure Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout See table below for further details
Vulnerability
Description
CVE
Fallout, RIDL
Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12126
RIDL
Mic ...
PAN-SA-2019-0012 Information about Recent Intel Side Channel Vulnerabilities ...
On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), collectively referred as "Microarchitectural Data Sampling" (MDS) Attackers can exploit these vulnerabilities to leak information
Huawei has released a Security Advisory (SA) at wwwhuaweicom/en ...
Intel officially released a group of microarchitecture data sampling (MDS) vulnerabilities An attacker with local access to a targeted system may exploit these vulnerabilities to obtain data on the targeted system, causing some information leakage (Vulnerability ID: HWPSIRT-2019-05136, HWPSIRT-2019-05137, HWPSIRT-2019-05138 and HWPSIRT-2019-05139 ...