CVE-2019-11091 - OpenCVE

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Intel	Microarchitectural Data Sampling Uncacheable Memory Microarchitectural Data Sampling Uncacheable Memory Firmware
Redhat	Advanced Virtualization Enterprise Linux Enterprise Mrg Openstack Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus Rhev Manager

Configuration 1 [-]

AND

cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.14.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1169	2019-05-14T00:00:00Z
libvirt-0:0.10.2-64.el6_10.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1180	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.506.el6_10.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1181	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.94.2.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1196	2019-05-14T00:00:00Z
libvirt-0:0.10.2-29.el6_5.18	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1197	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.415.el6_5.20	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1198	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.78.2.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1193	2019-05-14T00:00:00Z
libvirt-0:0.10.2-46.el6_6.10	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1194	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.448.el6_6.8	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1195	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.12.2.rt56.929.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2019:1176	2019-05-14T00:00:00Z
kernel-0:3.10.0-957.12.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1168	2019-05-14T00:00:00Z
libvirt-0:4.5.0-10.el7_6.9	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1177	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-160.el7_6.2	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1178	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.47.2.el7	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1170	2019-05-14T00:00:00Z
libvirt-0:3.2.0-14.el7_4.13	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1184	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-141.el7_4.10	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1185	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.32.2.el7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1155	2019-05-14T00:00:00Z
libvirt-0:3.9.0-14.el7_5.9	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1182	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-156.el7_5.7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1183	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8
virt:rhel-8000020190510171727.55190bc5	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1175	2019-05-14T00:00:00Z
kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2019:1174	2019-05-14T00:00:00Z
kernel-0:4.18.0-80.1.2.el8_0	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:1167	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8 Advanced Virtualization
virt:8.0.0-8000020190530233731.55190bc5	cpe:/a:redhat:advanced_virtualization:8::el8	RHSA-2019:1455	2019-06-11T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2019:1190	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:10::el7	RHSA-2019:1200	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:13::el7	RHSA-2019:1201	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 14.0 (Rocky)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:14::el7	RHSA-2019:1202	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 9.0 (Mitaka)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:9::el7	RHSA-2019:1199	2019-05-14T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
vdsm-0:4.20.49-1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1204	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.2-8.6.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.2-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1179	2019-05-14T00:00:00Z
vdsm-0:4.30.13-4.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1203	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.3-0.7.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.3-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
rhvm-appliance-0:4.3-20190506.0.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1208	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2553	2019-08-22T00:00:00Z
Red Hat Virtualization Engine 4.2
rhvm-setup-plugins-0:4.2.14-1.el7ev	cpe:/a:redhat:rhev_manager:4.2	RHSA-2019:1206	2019-05-14T00:00:00Z
Red Hat Virtualization Engine 4.3
rhvm-setup-plugins-0:4.3.1-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:1205	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:2553	2019-08-22T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
https://access.redhat.com/errata/RHSA-2019:1455
https://access.redhat.com/errata/RHSA-2019:2553
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10292
https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://nvd.nist.gov/vuln/detail/CVE-2019-11091
https://seclists.org/bugtraq/2019/Jun/28
https://seclists.org/bugtraq/2019/Jun/36
https://seclists.org/bugtraq/2019/Nov/15
https://seclists.org/bugtraq/2020/Jan/21
https://security.gentoo.org/glsa/202003-56
https://usn.ubuntu.com/3977-3/
https://www.cve.org/CVERecord?id=CVE-2019-11091
https://www.debian.org/security/2020/dsa-4602
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
https://www.synology.com/security/advisory/Synology_SA_19_24

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2019-05-30T15:28:28

Updated: 2024-08-04T22:40:16.292Z

Reserved: 2019-04-11T00:00:00

Link: CVE-2019-11091

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-30T16:29:01.417

Modified: 2023-11-07T03:02:39.527

Link: CVE-2019-11091

Redhat

Severity : Moderate

Publid Date: 2019-05-14T17:00:00Z

Links: CVE-2019-11091 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object