CVE-2018-12126Sensitive Information Exposure in Corporation Central Proccve-2018-12126essing Units

CWE-200Sensitive Information ExposureCWE-515Covert Storage Channel33 documents14 sources
Severity
5.6MEDIUMNVD
EPSS
0.5%
top 34.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelXENIntel Corporation Central Proccve-2018-12126essing Units+3 more
Timeline
PublishedMay 30
Latest updateMay 24

Description

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages5 packages

CVEListV5intel_corporation/central_proccve-2018-12126essing_unitsA list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Debianxen/xen< 4.11.1+92-g6c33308a8d-1+3
Debianlinux/linux_kernel< 4.19.37-2+3
Palo Altopaloalto/pan-os
Palo Altopaloalto/panorama

Also affects: Fedora 29

🔴Vulnerability Details

5
GHSA
GHSA-443r-v97h-37x3: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticate2022-05-24
CVEList
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticate2019-05-30
OSV
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticate2019-05-30
Kernel
Merge branch 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip2019-05-14
Kernel
x86/speculation/mds: Add basic bug infrastructure for MDS2019-01-18

📋Vendor Advisories

22
BSD
FreeBSD-SA-19:26.mcu: Intel CPU Microcode Update2019-11-12
Ubuntu
Intel Microcode update2019-06-20
Palo Alto
PAN-SA-2019-0012 Information about Recent Intel Side Channel Vulnerabilities2019-05-29
Ubuntu
Intel Microcode update2019-05-22
Ubuntu
libvirt update2019-05-16

💬Community

4
Bugzilla
CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12126 kernel: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)2018-11-06
CVE-2018-12126 — Sensitive Information Exposure | cvebase