CVE-2018-12130Sensitive Information Exposure in Intel-microcode

CWE-200Sensitive Information ExposureCWE-208Observable Timing Discrepancy61 documents17 sources
Severity
5.6MEDIUMNVD
EPSS
0.5%
top 32.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linux KernelXENQemu+9 more
Timeline
PublishedMay 30
Latest updateFeb 24

Description

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages12 packages

debiandebian/intel-microcode< intel-microcode 3.20190514.1 (bookworm)
CVEListV5intel_corporation/central_processing_unitsA list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
debiandebian/xen< intel-microcode 3.20190514.1 (bookworm)
debiandebian/linux< intel-microcode 3.20190514.1 (bookworm)

Also affects: Fedora 29

🔴Vulnerability Details

15
GHSA
GHSA-j579-gjpv-mwhp: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated2022-05-24
OSV
intel-microcode update2019-06-20
OSV
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated2019-05-30
OSV
intel-microcode update2019-05-22
OSV
linux-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities2019-05-15

📋Vendor Advisories

23
CISA ICS
Schneider Electric EcoStruxure Foxboro DCS (Update A)2026-02-24
BSD
FreeBSD-SA-19:26.mcu: Intel CPU Microcode Update2019-11-12
Ubuntu
Intel Microcode update2019-06-20
Palo Alto
PAN-SA-2019-0012 Information about Recent Intel Side Channel Vulnerabilities2019-05-29
Ubuntu
Intel Microcode update2019-05-22

🕵️Threat Intelligence

14
Tenable
How VPR Helped Prioritize the Most Dangerous CVEs in 20192020-04-30
Qualys
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking2019-12-27
Qualys
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking | Qualys2019-12-27
Tenable
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 20192019-12-16
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day2019-05-15

📄Research Papers

1
arXiv
ZombieLoad: Cross-Privilege-Boundary Data Sampling2019-05-14

💬Community

7
Bugzilla
CVE-2018-12130 kernel: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12130 kernel: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]2019-05-14
Bugzilla
CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]2019-05-14