Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to intel - microarchitectural_store_buffer_data_sampling

Vulnerability from fkie_nvd

Published

2019-05-30 16:29

Modified

2024-11-21 03:44

Severity ?

5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

References

URL	Tags
secure@intel.com	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
secure@intel.com	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
secure@intel.com	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
secure@intel.com	http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
secure@intel.com	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
secure@intel.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
secure@intel.com	https://access.redhat.com/errata/RHSA-2019:1455
secure@intel.com	https://access.redhat.com/errata/RHSA-2019:2553
secure@intel.com	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
secure@intel.com	https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
secure@intel.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10292
secure@intel.com	https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
secure@intel.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
secure@intel.com	https://seclists.org/bugtraq/2019/Jun/28
secure@intel.com	https://seclists.org/bugtraq/2019/Jun/36
secure@intel.com	https://seclists.org/bugtraq/2019/Nov/15
secure@intel.com	https://seclists.org/bugtraq/2019/Nov/16
secure@intel.com	https://seclists.org/bugtraq/2020/Jan/21
secure@intel.com	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
secure@intel.com	https://security.gentoo.org/glsa/202003-56
secure@intel.com	https://usn.ubuntu.com/3977-3/
secure@intel.com	https://www.debian.org/security/2020/dsa-4602
secure@intel.com	https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
secure@intel.com	https://www.synology.com/security/advisory/Synology_SA_19_24
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1455
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2553
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10292
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/28
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/36
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Nov/15
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Nov/16
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/21
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-56
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3977-3/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4602
af854a3a-2127-422b-91ae-364da2661108	https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_24

Impacted products

Vendor	Product	Version
intel	microarchitectural_store_buffer_data_sampling_firmware	-
intel	microarchitectural_store_buffer_data_sampling	-
fedoraproject	fedora	29

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8118C0B-EBAE-43BF-8F2B-19E16BF6BAA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:microarchitectural_store_buffer_data_sampling:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E47DEBF-9DD8-4D69-BB15-04AB1448C150",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
    },
    {
      "lang": "es",
      "value": "En Microarchitectural Store Buffer Data Sampling (MSBDS): los b\u00faferes de almacenamiento en algunos microprocesadores que usan ejecuci\u00f3n especulativa pueden permitir que un usuario autenticado active potencialmente la divulgaci\u00f3n de informaci\u00f3n por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aqu\u00ed: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf."
    }
  ],
  "id": "CVE-2018-12126",
  "lastModified": "2024-11-21T03:44:38.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-30T16:29:00.870",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
    },
    {
      "source": "secure@intel.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
    },
    {
      "source": "secure@intel.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
    },
    {
      "source": "secure@intel.com",
      "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
    },
    {
      "source": "secure@intel.com",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
    },
    {
      "source": "secure@intel.com",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
    },
    {
      "source": "secure@intel.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1455"
    },
    {
      "source": "secure@intel.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:2553"
    },
    {
      "source": "secure@intel.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "secure@intel.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
    },
    {
      "source": "secure@intel.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
    },
    {
      "source": "secure@intel.com",
      "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
    },
    {
      "source": "secure@intel.com",
      "url": "https://seclists.org/bugtraq/2019/Jun/28"
    },
    {
      "source": "secure@intel.com",
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "secure@intel.com",
      "url": "https://seclists.org/bugtraq/2019/Nov/15"
    },
    {
      "source": "secure@intel.com",
      "url": "https://seclists.org/bugtraq/2019/Nov/16"
    },
    {
      "source": "secure@intel.com",
      "url": "https://seclists.org/bugtraq/2020/Jan/21"
    },
    {
      "source": "secure@intel.com",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
    },
    {
      "source": "secure@intel.com",
      "url": "https://security.gentoo.org/glsa/202003-56"
    },
    {
      "source": "secure@intel.com",
      "url": "https://usn.ubuntu.com/3977-3/"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.debian.org/security/2020/dsa-4602"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jun/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Nov/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Nov/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2020/Jan/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202003-56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3977-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2020/dsa-4602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2018-12126

Vulnerability from cvelistv5