May 16, 2019
Intel CPU vulnerabilities
On May 14th, 2019, Intel disclosed four new speculative execution side-channel vulnerabilities affecting Intel processors. These vulnerabilities have received the following CVE identifiers:
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)
Also know as MDS, RIDL, Zombieload or Fallout. The CVSS score of these vulnerabilities is 6.4 meaning that the exploitability of the vulnerability is not straightforward but can have significant impact when the vulnerability is properly exploited.
Patches are available for supported systems. The application of the patches involve downtime since a server reboot is required. You will be contacted by MCX to mitigate these vulnerabilities as soon as possible.