Rodrigo Branco

**Nome do software vulnerável e versões afetadas** CPUs AMD (versões afetadas não especificadas) CPUs AMD existentes vulneráveis ao problema CPUs AMD baseadas nas microarquiteturas Zen+ e Zen 2 **Descrição** O problema está relacionado à execução especulativa de operações de leitura e gravação, acessando a memória por meio de endereços não canônicos. Isso pode potencialmente resultar em vazamento de dados. A vulnerabilidade pode permitir que um invasor divulgue informações sobre o espaço de endereços do kernel usando um ataque de canal lateral. O problema é semelhante à vulnerabilidade Meltdown. Pesquisadores demonstraram a eficácia do ataque, e estima-se que ele afete várias CPUs, incluindo CPUs AMD existentes e futuras CPUs Intel e Arm. **Recomendações** Para CPUs AMD existentes, considere desativar a execução especulativa como uma solução temporária até que um patch esteja disponível. Para CPUs AMD baseadas nas microarquiteturas Zen+ e Zen 2, restrinja o acesso a áreas sensíveis da memória para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Intel microprocessors (affected versions not specified) vCenter Server (affected versions not specified) ESXi (affected versions not specified) Workstation (affected versions not specified) Fusion (affected versions not specified) **Description** The issue is related to Microarchitectural Data Sampling Uncacheable Memory (MDSUM) on some microprocessors that utilize speculative execution. This may allow an authenticated user with local access to potentially enable information disclosure via a side channel. An attacker with local access to a targeted system may exploit this issue to obtain data on the targeted system, causing some information leakage. **Recommendations** For Intel microprocessors, apply the microcode updates as guided by Intel. For vCenter Server, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For ESXi, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Workstation, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Fusion, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** Intel microprocessors (affected versions not specified) vCenter Server (affected versions not specified) ESXi (affected versions not specified) Workstation (affected versions not specified) Fusion (affected versions not specified) Huawei VRP (affected versions not specified) **Description** The issue is related to Microarchitectural Load Port Data Sampling (MLPDS), which may allow an authenticated user to potentially enable information disclosure via a side channel with local access. This is due to the incorrect implementation of saving outdated operation results in the load port table. The exploitation of this issue can allow an attacker to access confidential information. **Recommendations** For Intel microprocessors, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For vCenter Server, apply Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For ESXi, apply Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Workstation, apply Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Fusion, apply Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Huawei VRP, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Microprocessors (affected versions not specified) vCenter Server (affected versions not specified) ESXi (affected versions not specified) Workstation (affected versions not specified) Fusion (affected versions not specified) **Description** The issue is related to Microarchitectural Fill Buffer Data Sampling (MFBDS), which may allow an authenticated user to potentially enable information disclosure via a side channel with local access. This is due to the speculative execution utilized by some microprocessors. **Recommendations** For Intel Microprocessors, consider applying the microcode updates as guided by Intel to mitigate the risk. For vCenter Server, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For ESXi, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Workstation, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Fusion, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.176 **Description** The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The `ib prctl set` function updates the Thread Information Flags (TIFs) for the task and updates the SPEC CTRL MSR on the function ` speculation ctrl update`, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. **Recommendations** Upgrade past commit a664ec9158eeddd75121d39c9a0758016097fa96 to mitigate the issue. As a temporary workaround, consider disabling the `ib prctl set` function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `ib prctl set` function in the affected API endpoint until the issue is resolved.