SB2019053011 - Information disclosure in Linux kernel
Published: May 30, 2019 Updated: June 1, 2020
Security Bulletin ID
SB2019053011
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2018-12130)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Remediation
Install update from vendor's website.
References
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.43
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2