CVE-2018-12130 – hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

https://notcve.org/view.php?id=CVE-2018-12130

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Fill Buffer Data Sampling (MFBDS): El llenado de los búfer en algunos microprocesadores que utilizan ejecución especulativa pueden permitir que un usuario autenticado active potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf. A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RH • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-226: Sensitive Information in Resource Not Removed Before Reuse •