-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0138
              Intel announces new "MDS" side-channel attacks
                                15 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel CPU Microcode
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
                      Virtualisation
                      Network Appliance
Impact/Access:        Access Privileged Data -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
                      CVE-2018-12126  
Member content until: Friday, June 14 2019
Reference:            ASB-2018.0002.4

OVERVIEW

        Intel has published a security advisory disclosing RIDL and Fallout,
        new speculative-execution side-channel vulnerabilities in the vein of
        Spectre and Meltdown. [1] [2] Microcode updates are already available
        for most platforms to mitigate this and more will be released. [3]
        
        A "deep dive" guide is available. [4]


IMPACT

        Intel has provided the following information:
        
        "CVEID: CVE-2018-12126
        
        Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some
        microprocessors utilizing speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side channel with local
        access.
        CVSS Base Score: 6.5 Medium
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        CVEID: CVE-2018-12127
        Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some
        microprocessors utilizing speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side channel with local
        access.
        CVSS Base Score: 6.5 Medium
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        CVEID: CVE-2018-12130
        Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some
        microprocessors utilizing speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side channel with local
        access.
        CVSS Base Score: 6.5 Medium
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        CVEID: CVE-2019-11091
        Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory
        on some microprocessors utilizing speculative execution may allow an
        authenticated user to potentially enable information disclosure via a side
        channel with local access.
        CVSS Base Score: 3.8 Low
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" [1]


MITIGATION

        Intel advises:
        "Intel has worked with operating system vendors, equipment
        manufacturers, and other ecosystem partners to develop platform
        firmware and software updates that can help protect systems from
        these methods. This includes the release of updated Intel
        microprocessor microcode to our customers and partners. 
        
        End users and systems administrators should check with their system
        manufacturers and system software vendors and apply any available
        updates as soon as practical." [1]


REFERENCES

        [1] Intel: Microarchitectural Data Sampling Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

        [2] RIDL and Fallout: MDS Attacks
            https://mdsattacks.com/

        [3] Intel: Microcode revision guidance
            https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

        [4] Deep Dive: Intel Analysis of Microarchitectural Data Sampling
            https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXNtSX2aOgq3Tt24GAQjWjBAAlRlwNV+uKQ8hhRSfF+VQH1gUw6tCLhxx
bf88pQqhHlpxLyjvNsu/NMnPnr+3bk+Ntv+qmDyLbjGB2SK4W9nekpXbo9PdS5x9
Ev9heEu6+nrHeKptzPcdXa1a146Mcx1PzoVEaB2aXXyMw2CHcpewTfQrASt4bz5P
H2H1mUGtOOvdNl4Qx2rCnjVBrsfqpWcY1jWYLDPPCKNW8yN3HZaSf45fjSFth7Ji
5BqRF72G1qx5bmTJh9LXvVq0L60t6yH3FEj0HwzxWP+R3b8L1dgtRro6AOsamAFj
biYE1XBhpEqZJPshYDrHvyJqlIeCsowjbVQXBMUe2d7Q2BFg5HmhFp1mhLNYLFqi
rszBwvuwvOyyFsQB3DICL4ABMMSJv9jJXLc20eDut9XVnjw9XXn5jjk0SsPRL7cl
y1mzB2y6MDrA3VO3UgjHGb9WGBaYVtwRtbZvXOQFJCzNl1IK3cBPF5JECuY9AfPc
cyGyBgqPh9xxpAZwWXDnGaYJHVh0moNiu8E3jTu3+xfUhQrZfBEleacdZLrDquVn
ojcFMfRLsQmBYOEgiKpXUvooFwzPdoLAqhU2Kq8kTHWjExrVBxmwVpr6jl9dhNpG
QF1Jr6lm0XraWUetdFvdSkENFA/tkchf7bgDo/IyMic3iwVT8jn4z8jYJRvynfMq
6KRDjwcoP2c=
=OUBe
-----END PGP SIGNATURE-----