4.7
CVSSv2

CVE-2019-11091

Published: 30/05/2019 Updated: 11/06/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 418
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

A vulnerability in the Microarchitectural Data Sampling Uncacheable Memory (MDSUM) of Intel microcode could allow a local malicious user to access sensitive information on a targeted system. The vulnerability is due to improper memory operations that could expose a side channel on the affected system. An attacker with local access to a targeted system could exploit this vulnerability to access sensitive information on the targeted system. A successful exploit could be used to conduct further attacks. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. Intel has confirmed the vulnerability and released software updates. A third-party patch is also available.

Vulnerability Trend

Vendor Advisories

Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP S ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: rhvm-setup-plugins security update Type/Severity Security Advisory: Important Topic An update for rhvm-setup-plugins is now available for Red Hat Virtualization 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Impact: Moderate Public Date: 2019-05-14 CWE: CWE-203->CWE-385 Bugzilla: 1705312: CVE-2019-11091 har ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 EUSRed Hat Product Security has ra ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: rhvm-setup-plugins security update Type/Severity Security Advisory: Important Topic An update for rhvm-setup-plugins is now available for Red Hat Virtualization 43Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP S ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Debian Bug report logs - #929994 xen: XSA-288: x86: Inconsistent PV IOMMU discipline Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:10 UTC Severity: important Tags: security, upstre ...
Synopsis Important: Advanced Virtualization security update Type/Severity Security Advisory: Important Topic The updated Advanced Virtualization module is now available for Red HatEnterprise Linux 80 Advanced VirtualizationRed Hat Product Security has rated this update as having a security impact of Impor ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Several security issues were fixed in the Linux kernel ...
The system could be made to expose sensitive information ...
This update ships updated CPU microcode for most types of Intel CPUs It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444 For the stable distribution (stretch), these problems have been fixed i ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Debian Bug report logs - #930001 xen: XSA-287: x86: steal_page violates page_struct access discipline Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:45:07 UTC Severity: important Tags: ...
Debian Bug report logs - #929993 xen: XSA-292: x86: insufficient TLB flushing when using PCID Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:07 UTC Severity: important Tags: securit ...
Debian Bug report logs - #929999 xen: XSA-293: x86: PV kernel context switch corruption Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:45:02 UTC Severity: important Tags: security, ups ...
The system could be made to expose sensitive information ...
Several issues were addressed in libvirt ...
Several security issues were addressed in libvirt ...
Debian Bug report logs - #929129 Xen Hypervisor security update for Intel MDS - XSA 297 Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Wiebe Cazemier <wiebe@ytecnl> Date: Fri, 17 May 2019 15:24:01 UTC Severity: grave Tags: security, upstream Found i ...
Debian Bug report logs - #929992 xen: XSA-294: x86 shadow: Insufficient TLB flushing when using PCID Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:04 UTC Severity: important Tags: ...
The system could be made to expose sensitive information ...
Several security issues were fixed in the Linux kernel ...
Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers) This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other proces ...
Debian Bug report logs - #929995 xen: XSA-291: x86/PV: page type reference counting issue with failed IOMMU update Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:02 UTC Severity: im ...
Debian Bug report logs - #929991 xen: XSA-284: grant table transfer issues on large hosts Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:39:01 UTC Severity: important Tags: security, u ...
Debian Bug report logs - #929998 xen: XSA-285: race with pass-through device hotplug Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:19 UTC Severity: important Tags: security, upstre ...
Debian Bug report logs - #929996 xen: XSA-290: missing preemption in x86 PV page table unvalidation Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Jun 2019 19:42:04 UTC Severity: important Tags: s ...
Several security issues were fixed in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Debian Bug report logs - #927439 qemu: CVE-2019-5008 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Apr 2019 20:42:02 UTC Severity: important Tags: patch, security, upstream Found in version ...
Several security issues were fixed in the Linux kernel ...
Several issues were addressed in QEMU ...
Advisory ID VMSA-2019-0008 Advisory Severity Moderate CVSSv3 Range 38 - 65 Synopsis VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Several security issues were fixed in the Linux kernel ...
Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API Additionally the libvirt's cpu map was updated to make address ...
IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities ...
Potential security vulnerabilities in CPUs may allow information disclosure Intel released Microcode Updates (MCU) updates to mitigate this potential vulnerability IBM Integrated Analytics System has addressed the applicable CVE ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-616472: ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products Publication Date: 2019-07-09 Last Update: 2019-07-09 Current Version: 10 CVSS v30 Base Score: 65 SUMMARY ======= Security researchers published information on vulne ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
Debian Bug report logs - #929353 qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 May 2019 08:03:02 UTC Sever ...
Debian Bug report logs - #901017 qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Jun 2018 03:42:01 UTC ...
In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are ...
Palo Alto Networks has determined that WildFire Appliance (WF-500) and WildFire Cloud are affected by the recent vulnerability disclosures, known as Fallout, RIDL, and Zombieload We are working to validate and implement software updates to address these issues We will provide updates as they become available (PAN-117746/CVE-2018-12126, CVE-2018 ...
On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), collectively referred as "Microarchitectural Data Sampling" (MDS) Attackers can exploit these vulnerabilities to leak information Huawei started investigation immediately after learning about the vulnerabili ...
Intel officially released a group of microarchitecture data sampling (MDS) vulnerabilities An attacker with local access to a targeted system may exploit these vulnerabilities to obtain data on the targeted system, causing some information leakage (Vulnerability ID: HWPSIRT-2019-05136, HWPSIRT-2019-05137, HWPSIRT-2019-05138 and HWPSIRT-2019-05139 ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso May 14, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4447-2 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff Jun 20, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4447-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff May 15, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling (MDS) Category: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 22, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 / XSA-297 Microarchitectural Data Sampling speculative side channel ISSUE DESCRIPTION ================= Microarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities They co ...

Recent Articles

Intel ZombieLoad Side-Channel Attack: 10 Takeaways
Threatpost • Lindsey O'Donnell • 15 May 2019

Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.
The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.
“As a result of the flaw in the architecture of these processors, an attacker ...

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub
The Register • Thomas Claburn in San Francisco • 14 May 2019

Plug pulled on SMT tech as software makers put security ahead of performance

Analysis In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.
Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.
The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary...

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
Threatpost • Tara Seals • 14 May 2019

Apple has rolled out 173 patches across in various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.
The update also includes a patch for the side-channel vulnerabilities in Intel chips disclosed on Tuesday, which open the door to the attack vectors collectively dubbed “ZombieLoad.”
All Mac laptops stretching back to 2011 are affected by the Intel flaws.
Of particular note in the massive...

Intel CPUs Impacted By New Class of Spectre-Like Attacks
Threatpost • Lindsey O'Donnell • 14 May 2019

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU.
Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems.
“First identified by Intel’s internal r...