Operating System:

[Linux]

Published:

15 November 2019

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4321
Security Bulletin: IBM OS Images for RedHat Enterprise System is vulnerable
      to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites
     (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
                             15 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM OS Images for RedHat Enterprise System
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
                   CVE-2018-12126  

Reference:         ASB-2019.0138
                   ESB-2019.4282
                   ESB-2019.4280
                   ESB-2019.4101
                   ESB-2019.3590

Original Bulletin: 
   https://www.ibm.com/support/pages/node/1107009

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM OS Images for RedHat Enterprise System is vulnerable to Intel
Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Security Bulletin

Summary

Intel Microarchitectural Data Sampling (MDS) vulnerabilities identified in
RedHat Linux used in OS Images for RedHat Enterprise System for Cloud Pak
System formerly known as PureApplication System.

Vulnerability Details

CVEID: CVE-2019-11091
DESCRIPTION: Microarchitectural Data Sampling Uncacheable Memory (MDSUM):
Uncacheable memory on some microprocessors utilizing speculative execution may
allow an authenticated user to potentially enable information disclosure via a
side channel with local access. A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVSS Base score: 3.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160993 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

CVEID: CVE-2018-12130
DESCRIPTION: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers
on some microprocessors utilizing speculative execution may allow an
authenticated user to potentially enable information disclosure via a side
channel with local access. A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160992 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2018-12127
DESCRIPTION: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on
some microprocessors utilizing speculative execution may allow an authenticated
user to potentially enable information disclosure via a side channel with local
access. A list of impacted products can be found here: https://www.intel.com/
content/dam/www/public/us/en/documents/corporate-information/
SA00233-microcode-update-guidance_05132019.pdf
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160991 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2018-12126
DESCRIPTION: Microarchitectural Store Buffer Data Sampling (MSBDS): Store
buffers on some microprocessors utilizing speculative execution may allow an
authenticated user to potentially enable information disclosure via a side
channel with local access. A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160990 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

+--------------------------------------+----------+
|Affected Product(s)                   |Version(s)|
+--------------------------------------+----------+
|IBM OS Image for Red Hat Linux Systems|3.0.0.0   |
+--------------------------------------+----------+
+--------------------------------------+----------+
+--------------------------------------+----------+

Remediation/Fixes

For OS Image for RedHat Enterprise System deployed on IBM Cloud Pak System
V2.2.5.0-V2.2.5.3, update OS Image by using "yum kernel update".

Recommendation is to apply fix in test stage environment prior to production.

For unsupported version/release/platformIBM recommends upgrading to a fixed,
supported version of the product. Contact IBM Cloud Pak System support for
assistance.

For OS Image for RedHat Enterprise System deployed on IBM Cloud Pak System
V2.3.0, upgrade to V2.3.0.1.

Information on upgrading can be found here: http://www.ibm.com/support/
docview.wssuid=ibm10887959.

Workarounds and Mitigations

For OS Image for RedHat Enterprise System deployed on IBM Cloud Pak System
V2.2.5.0-V2.2.5.3, update OS Image by using "yum kernel update".

Recommendation is to apply fix in test stage environment prior to production.

For unsupported version/release/platformIBM recommends upgrading to a fixed,
supported version of the product. Contact IBM Cloud Pak System support for
assistance.

For OS Image for RedHat Enterprise System deployed on IBM Cloud Pak System
V2.3.0, upgrade to V2.3.0.1.

Information on upgrading can be found here: http://www.ibm.com/support/
docview.wssuid=ibm10887959.

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXc4dQ2aOgq3Tt24GAQjAHw/+NDKI+KskIyNj9F4AtdGDENEdBuBinMDP
zrouFzdjsKxDxhXf3D9S/VHU1snQzx7qLF2a8qrzZnaot+zOr+zf8dlg4IFc2kRk
7/MMxsEnhlD7WK/sVuxVqiFZYOI7XQYkrwz+ms9GeD1l7789h1Keu7RrsLGVtfRX
WCKEHgP2Mq9Ce82h/KXTclmA28xU92327+HyNXxGmJBwSPRARC0vlsnF/BkNDBiU
mt5/G0qJ4t4oC3+YawRFLmNaS6fB6MtRe87vhJFhwWAcxD1mSuVmCc+wg8l+k3gd
PAi7pokbfD/ifBKOoNSSANoIq80ILglOuTmVtDGkxWeHJShf6Tqu7HitPX6OPThL
lW3+x8kwdhwF7R7sQST3T9ZpEWeV19zcf4IK6HlAxk0bDvWDsspe98bkefmOTngH
/tAw6dh3n5fe8CEyCAWx3ii/iAXK69D51eMFV/g1oHhmaG3WCVuc0WsNDgouMrOM
v7OOBduD7CrFnYmFuv6Kbul+nqA01tM86SkWnfgJ0xvws+P0OC/Aoc//tuMHAk2C
51s871ccDekIpdXNotadmadMLZfVwh2vGdUJpDkeDjZSf8fecjPnYSOPgUfr0t0R
t+a2oKMk3U7WFmbTFGQ5oBh3NedwNtrVhQKr5Zphq4q4Z15zPI41P9/ExaDOGnEx
LUR3WxHjr/k=
=8Qws
-----END PGP SIGNATURE-----