CVE-2018-12127 – hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

https://notcve.org/view.php?id=CVE-2018-12127

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Load Port Data Sampling (MLPDS): los puertos de carga en algunos microprocesadores que usan ejecución especulativa pueden permitir que un usuario autenticado active potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RH • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •