PT-2019-2190 · Vmware+8 · Vcenter Server+12

Alyssa Milburn

+17

·

Publicado

2019-03-06

·

Atualizado

2025-01-14

·

CVE-2018-12130

CVSS v3.1

5.9

Média

VetorAV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Intel Microprocessors (affected versions not specified) vCenter Server (affected versions not specified) ESXi (affected versions not specified) Workstation (affected versions not specified) Fusion (affected versions not specified)
Description The issue is related to Microarchitectural Fill Buffer Data Sampling (MFBDS), which may allow an authenticated user to potentially enable information disclosure via a side channel with local access. This is due to the speculative execution utilized by some microprocessors.
Recommendations For Intel Microprocessors, consider applying the microcode updates as guided by Intel to mitigate the risk. For vCenter Server, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For ESXi, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Workstation, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Fusion, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities.

Exploit

Correção

Information Disclosure

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-385CWE-203

Identificadores relacionados

ALT-PU-2019-1831
ALT-PU-2019-1832
ALT-PU-2019-1833
ALT-PU-2019-1834
ALT-PU-2019-1863
ALT-PU-2019-1973
ALT-PU-2019-1990
ALT-PU-2019-1991
ALT-PU-2019-1995
ALT-PU-2019-2061
ALT-PU-2019-2063
ALT-PU-2019-2064
ALT-PU-2019-2077
ALT-PU-2019-2665
ALT-PU-2021-3199
ALT-PU-2023-8026
BDU:2019-01959
CESA-2019_1167
CESA-2019_1168
CESA-2019_1169
CESA-2019_1174
CESA-2019_1175
CESA-2019_1177
CESA-2019_1178
CESA-2019_1180
CESA-2019_1181
CVE-2018-12130
DLA-1787-1
DLA-1789-1
DLA-1789-2
DLA-1799-1
DLA-1799-2
DLA-1989-1
DLA-1990-1
DSA-4444-1
DSA-4447-1
DSA-4447-2
DSA-4469-1
DSA-4564-1
DSA-4602-1
MGASA-2019-0171
MGASA-2019-0172
MGASA-2019-0173
MGASA-2019-0174
MGASA-2019-0179
OPENSUSE-SU-2019:1402-1
OPENSUSE-SU-2019:1403-1
OPENSUSE-SU-2019:1404-1
OPENSUSE-SU-2019:1405-1
OPENSUSE-SU-2019:1468-1
OPENSUSE-SU-2019:1505-1
OPENSUSE-SU-2019:1805-1
OPENSUSE-SU-2019:1806-1
OPENSUSE-SU-2019_1402-1
OPENSUSE-SU-2019_1403-1
OPENSUSE-SU-2019_1404-1
OPENSUSE-SU-2019_1405-1
OPENSUSE-SU-2019_1407-1
OPENSUSE-SU-2019_1408-1
OPENSUSE-SU-2019_1419-1
OPENSUSE-SU-2019_1420-1
OPENSUSE-SU-2019_1468-1
OPENSUSE-SU-2019_1505-1
OPENSUSE-SU-2019_1805-1
OPENSUSE-SU-2019_1806-1
OPENSUSE-SU-2024:11287-1
OPENSUSE-SU-2024:11478-1
RHSA-2019:1155
RHSA-2019:1167
RHSA-2019:1168
RHSA-2019:1169
RHSA-2019:1170
RHSA-2019:1171
RHSA-2019:1172
RHSA-2019:1174
RHSA-2019:1175
RHSA-2019:1176
RHSA-2019:1177
RHSA-2019:1178
RHSA-2019:1179
RHSA-2019:1180
RHSA-2019:1181
RHSA-2019:1182
RHSA-2019:1183
RHSA-2019:1184
RHSA-2019:1185
RHSA-2019:1186
RHSA-2019:1187
RHSA-2019:1188
RHSA-2019:1189
RHSA-2019:1190
RHSA-2019:1193
RHSA-2019:1194
RHSA-2019:1195
RHSA-2019:1196
RHSA-2019:1197
RHSA-2019:1198
RHSA-2019:1199
RHSA-2019:1200
RHSA-2019:1201
RHSA-2019:1202
RHSA-2019:1203
RHSA-2019:1204
RHSA-2019:1205
RHSA-2019:1206
RHSA-2019:1207
RHSA-2019:1208
RHSA-2019:1209
RHSA-2019:1455
RHSA-2019:2553
RHSA-2019_1167
RHSA-2019_1168
RHSA-2019_1169
RHSA-2019_1174
RHSA-2019_1175
RHSA-2019_1176
RHSA-2019_1177
RHSA-2019_1178
RHSA-2019_1180
RHSA-2019_1181
SUSE-RU-2019:2715-1
SUSE-RU-2019:2767-1
SUSE-SU-2019:1235-1
SUSE-SU-2019:1236-1
SUSE-SU-2019:1238-1
SUSE-SU-2019:1239-1
SUSE-SU-2019:1240-1
SUSE-SU-2019:1241-1
SUSE-SU-2019:1242-1
SUSE-SU-2019:1243-1
SUSE-SU-2019:1244-1
SUSE-SU-2019:1245-1
SUSE-SU-2019:1248-1
SUSE-SU-2019:1268-1
SUSE-SU-2019:1269-1
SUSE-SU-2019:1272-1
SUSE-SU-2019:1287-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:1296-1
SUSE-SU-2019:1313-1
SUSE-SU-2019:1347-1
SUSE-SU-2019:1348-1
SUSE-SU-2019:1349-1
SUSE-SU-2019:1356-1
SUSE-SU-2019:1371-1
SUSE-SU-2019:14048-1
SUSE-SU-2019:14051-1
SUSE-SU-2019:14052-1
SUSE-SU-2019:14053-1
SUSE-SU-2019:14063-1
SUSE-SU-2019:14133-1
SUSE-SU-2019:1423-1
SUSE-SU-2019:1438-1
SUSE-SU-2019:1452-1
SUSE-SU-2019:1490-1
SUSE-SU-2019:1547-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:1909-1
SUSE-SU-2019:1910-1
SUSE-SU-2019:1954-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2753-1
SUSE-SU-2019:2769-1
SUSE-SU-2019_14048-1
SUSE-SU-2019_14051-1
SUSE-SU-2019_14052-1
SUSE-SU-2019_14063-1
SUSE-SU-2019_14133-1
SUSE-SU-2019_1423-1
SUSE-SU-2019_1438-1
SUSE-SU-2019_1452-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
USN-3977-1
USN-3977-2
USN-3977-3
USN-3978-1
USN-3979-1
USN-3980-1
USN-3980-2
USN-3981-1
USN-3981-2
USN-3982-1
USN-3982-2
USN-3983-1
USN-3983-2
USN-3984-1
USN-3985-1
USN-3985-2

Produtos afetados

Alt Linux
Centos
Esxi
Freebsd
Fusion
Huawei Vrp
Intel Microprocessors
Red Hat
Suse
Ubuntu
Vmware Vcenter
Workstation
Vcenter Server