PT-2019-2190 · Vmware+8 · Vcenter Server+12

Alyssa Milburn

+17

Published

2019-03-06

Updated

2025-01-14

CVE-2018-12130

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Intel Microprocessors (affected versions not specified) vCenter Server (affected versions not specified) ESXi (affected versions not specified) Workstation (affected versions not specified) Fusion (affected versions not specified)

Description The issue is related to Microarchitectural Fill Buffer Data Sampling (MFBDS), which may allow an authenticated user to potentially enable information disclosure via a side channel with local access. This is due to the speculative execution utilized by some microprocessors.

Recommendations For Intel Microprocessors, consider applying the microcode updates as guided by Intel to mitigate the risk. For vCenter Server, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For ESXi, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Workstation, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. For Fusion, update to a version that includes Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities.

Exploit

Fix

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-385CWE-203

Related Identifiers

ALT-PU-2019-1831

ALT-PU-2019-1832

ALT-PU-2019-1833

ALT-PU-2019-1834

ALT-PU-2019-1863

ALT-PU-2019-1973

ALT-PU-2019-1990

ALT-PU-2019-1991

ALT-PU-2019-1995

ALT-PU-2019-2061

ALT-PU-2019-2063

ALT-PU-2019-2064

ALT-PU-2019-2077

ALT-PU-2019-2665

ALT-PU-2021-3199

ALT-PU-2023-8026

BDU:2019-01959

CESA-2019_1167

CESA-2019_1168

CESA-2019_1169

CESA-2019_1174

CESA-2019_1175

CESA-2019_1177

CESA-2019_1178

CESA-2019_1180

CESA-2019_1181

CVE-2018-12130

DLA-1787-1

DLA-1789-1

DLA-1789-2

DLA-1799-1

DLA-1799-2

DLA-1989-1

DLA-1990-1

DSA-4444-1

DSA-4447-1

DSA-4447-2

DSA-4469-1

DSA-4564-1

DSA-4602-1

MGASA-2019-0171

MGASA-2019-0172

MGASA-2019-0173

MGASA-2019-0174

MGASA-2019-0179

OPENSUSE-SU-2019:1402-1

OPENSUSE-SU-2019:1403-1

OPENSUSE-SU-2019:1404-1

OPENSUSE-SU-2019:1405-1

OPENSUSE-SU-2019:1468-1

OPENSUSE-SU-2019:1505-1

OPENSUSE-SU-2019:1805-1

OPENSUSE-SU-2019:1806-1

OPENSUSE-SU-2019_1402-1

OPENSUSE-SU-2019_1403-1

OPENSUSE-SU-2019_1404-1

OPENSUSE-SU-2019_1405-1

OPENSUSE-SU-2019_1407-1

OPENSUSE-SU-2019_1408-1

OPENSUSE-SU-2019_1419-1

OPENSUSE-SU-2019_1420-1

OPENSUSE-SU-2019_1468-1

OPENSUSE-SU-2019_1505-1

OPENSUSE-SU-2019_1805-1

OPENSUSE-SU-2019_1806-1

OPENSUSE-SU-2024:11287-1

OPENSUSE-SU-2024:11478-1

RHSA-2019:1155

RHSA-2019:1167

RHSA-2019:1168

RHSA-2019:1169

RHSA-2019:1170

RHSA-2019:1171

RHSA-2019:1172

RHSA-2019:1174

RHSA-2019:1175

RHSA-2019:1176

RHSA-2019:1177

RHSA-2019:1178

RHSA-2019:1179

RHSA-2019:1180

RHSA-2019:1181

RHSA-2019:1182

RHSA-2019:1183

RHSA-2019:1184

RHSA-2019:1185

RHSA-2019:1186

RHSA-2019:1187

RHSA-2019:1188

RHSA-2019:1189

RHSA-2019:1190

RHSA-2019:1193

RHSA-2019:1194

RHSA-2019:1195

RHSA-2019:1196

RHSA-2019:1197

RHSA-2019:1198

RHSA-2019:1199

RHSA-2019:1200

RHSA-2019:1201

RHSA-2019:1202

RHSA-2019:1203

RHSA-2019:1204

RHSA-2019:1205

RHSA-2019:1206

RHSA-2019:1207

RHSA-2019:1208

RHSA-2019:1209

RHSA-2019:1455

RHSA-2019:2553

RHSA-2019_1167

RHSA-2019_1168

RHSA-2019_1169

RHSA-2019_1174

RHSA-2019_1175

RHSA-2019_1176

RHSA-2019_1177

RHSA-2019_1178

RHSA-2019_1180

RHSA-2019_1181

SUSE-RU-2019:2715-1

SUSE-RU-2019:2767-1

SUSE-SU-2019:1235-1

SUSE-SU-2019:1236-1

SUSE-SU-2019:1238-1

SUSE-SU-2019:1239-1

SUSE-SU-2019:1240-1

SUSE-SU-2019:1241-1

SUSE-SU-2019:1242-1

SUSE-SU-2019:1243-1

SUSE-SU-2019:1244-1

SUSE-SU-2019:1245-1

SUSE-SU-2019:1248-1

SUSE-SU-2019:1268-1

SUSE-SU-2019:1269-1

SUSE-SU-2019:1272-1

SUSE-SU-2019:1287-1

SUSE-SU-2019:1289-1

SUSE-SU-2019:1296-1

SUSE-SU-2019:1313-1

SUSE-SU-2019:1347-1

SUSE-SU-2019:1348-1

SUSE-SU-2019:1349-1

SUSE-SU-2019:1356-1

SUSE-SU-2019:1371-1

SUSE-SU-2019:14048-1

SUSE-SU-2019:14051-1

SUSE-SU-2019:14052-1

SUSE-SU-2019:14053-1

SUSE-SU-2019:14063-1

SUSE-SU-2019:14133-1

SUSE-SU-2019:1423-1

SUSE-SU-2019:1438-1

SUSE-SU-2019:1452-1

SUSE-SU-2019:1490-1

SUSE-SU-2019:1547-1

SUSE-SU-2019:1550-1

SUSE-SU-2019:1909-1

SUSE-SU-2019:1910-1

SUSE-SU-2019:1954-1

SUSE-SU-2019:2430-1

SUSE-SU-2019:2753-1

SUSE-SU-2019:2769-1

SUSE-SU-2019_14048-1

SUSE-SU-2019_14051-1

SUSE-SU-2019_14052-1

SUSE-SU-2019_14063-1

SUSE-SU-2019_14133-1

SUSE-SU-2019_1423-1

SUSE-SU-2019_1438-1

SUSE-SU-2019_1452-1

SUSE-SU-2020:1255-1

SUSE-SU-2020:1275-1

USN-3977-1

USN-3977-2

USN-3977-3

USN-3978-1

USN-3979-1

USN-3980-1

USN-3980-2

USN-3981-1

USN-3981-2

USN-3982-1

USN-3982-2

USN-3983-1

USN-3983-2

USN-3984-1

USN-3985-1

USN-3985-2

Affected Products

Alt Linux

Centos

Esxi

Freebsd

Fusion

Huawei Vrp

Intel Microprocessors

Red Hat

Suse

Ubuntu

Vmware Vcenter

Workstation

Vcenter Server

PT-2019-2190 · Vmware+8 · Vcenter Server+12

CVE-2018-12130

Weakness Enumeration

Related Identifiers

Affected Products

References · 1479