CVE-2019-11091Sensitive Information Exposure in Intel-microcode

CWE-200Sensitive Information ExposureCWE-515Covert Storage Channel47 documents15 sources
Severity
5.6MEDIUMNVD
EPSS
1.7%
top 17.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linux KernelXENQemu+9 more
Timeline
PublishedMay 30
Latest updateMay 24

Description

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages12 packages

debiandebian/intel-microcode< intel-microcode 3.20190514.1 (bookworm)
CVEListV5intel_corporation/central_processing_unitsA list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
debiandebian/xen< intel-microcode 3.20190514.1 (bookworm)
debiandebian/linux< intel-microcode 3.20190514.1 (bookworm)

Also affects: Fedora 29

🔴Vulnerability Details

15
GHSA
GHSA-25x5-mfj4-w63g: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an a2022-05-24
OSV
intel-microcode update2019-06-20
OSV
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an a2019-05-30
OSV
intel-microcode update2019-05-22
OSV
linux-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities2019-05-15

📋Vendor Advisories

21
Ubuntu
Intel Microcode update2019-06-20
Palo Alto
PAN-SA-2019-0012 Information about Recent Intel Side Channel Vulnerabilities2019-05-29
Ubuntu
Intel Microcode update2019-05-22
Ubuntu
libvirt update2019-05-16
Ubuntu
libvirt update2019-05-15

🕵️Threat Intelligence

4
Tenable
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 20192019-12-16
Tenable
Microarchitectural Data Sampling: Speculative Execution Side-Channel Vulnerabilities Found in Intel CPUs2019-05-15
Qualys
May 2019 Patch Tuesday - 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns | Qualys2019-05-14
Qualys
May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns2019-05-14

📄Research Papers

1
arXiv
ZombieLoad: Cross-Privilege-Boundary Data Sampling2019-05-14

💬Community

4
Bugzilla
CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]2019-05-14
Bugzilla
CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]2019-05-14
Bugzilla
CVE-2019-11091 kernel: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]2019-05-14
Bugzilla
CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)2019-05-02