Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Mageia 6: 2019-0179 Critical: VirtualBox MDS Attack Mitigation

mageia
Calendar Grey May 18, 2019
Dist Mageia Esm H88
The update for VirtualBox version 6.0.8 tackles MDS vulnerabilities, safeguarding Intel processors against potential data breaches.
This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attacke...

Summary

This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.
The fixed / mitigated issues are:
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load oper...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24831

- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html

-

- https://www.cve.org/CVERecord?id=CVE-2018-12126

- https://www.cve.org/CVERecord?id=CVE-2018-12127

- https://www.cve.org/CVERecord?id=CVE-2018-12130

- https://www.cve.org/CVERecord?id=CVE-2019-11091

Topics%20covered

Topics Covered

security advisory critical CPU virtualbox mageia data sampling microarchitectural

Resolution

SRPMS

- 6/core/virtualbox-6.0.8-1.mga6

- 6/core/kmod-vboxadditions-6.0.8-1.mga6

- 6/core/kmod-virtualbox-6.0.8-1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 18 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0179.html
Type: security
CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Topics%20covered

Topics Covered

security advisory critical CPU virtualbox mageia data sampling microarchitectural

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here