CVE-2019-11091 - Vulnerability Details

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01777.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Intel Corporation

Central Processing Units (CPUs)

affected

Version	Status	Constraints
`A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.14.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1169	2019-05-14T00:00:00Z
libvirt-0:0.10.2-64.el6_10.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1180	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.506.el6_10.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1181	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.94.2.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1196	2019-05-14T00:00:00Z
libvirt-0:0.10.2-29.el6_5.18	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1197	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.415.el6_5.20	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1198	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.78.2.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1193	2019-05-14T00:00:00Z
libvirt-0:0.10.2-46.el6_6.10	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1194	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.448.el6_6.8	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1195	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.12.2.rt56.929.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2019:1176	2019-05-14T00:00:00Z
kernel-0:3.10.0-957.12.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1168	2019-05-14T00:00:00Z
libvirt-0:4.5.0-10.el7_6.9	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1177	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-160.el7_6.2	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1178	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.47.2.el7	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1170	2019-05-14T00:00:00Z
libvirt-0:3.2.0-14.el7_4.13	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1184	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-141.el7_4.10	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1185	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.32.2.el7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1155	2019-05-14T00:00:00Z
libvirt-0:3.9.0-14.el7_5.9	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1182	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-156.el7_5.7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1183	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8
virt:rhel-8000020190510171727.55190bc5	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1175	2019-05-14T00:00:00Z
kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2019:1174	2019-05-14T00:00:00Z
kernel-0:4.18.0-80.1.2.el8_0	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:1167	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8 Advanced Virtualization
virt:8.0.0-8000020190530233731.55190bc5	cpe:/a:redhat:advanced_virtualization:8::el8	RHSA-2019:1455	2019-06-11T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2019:1190	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:10::el7	RHSA-2019:1200	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:13::el7	RHSA-2019:1201	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 14.0 (Rocky)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:14::el7	RHSA-2019:1202	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 9.0 (Mitaka)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:9::el7	RHSA-2019:1199	2019-05-14T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
vdsm-0:4.20.49-1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1204	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.2-8.6.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.2-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1179	2019-05-14T00:00:00Z
vdsm-0:4.30.13-4.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1203	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.3-0.7.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.3-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
rhvm-appliance-0:4.3-20190506.0.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1208	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2553	2019-08-22T00:00:00Z
Red Hat Virtualization Engine 4.2
rhvm-setup-plugins-0:4.2.14-1.el7ev	cpe:/a:redhat:rhev_manager:4.2	RHSA-2019:1206	2019-05-14T00:00:00Z
Red Hat Virtualization Engine 4.3
rhvm-setup-plugins-0:4.3.1-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:1205	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:2553	2019-08-22T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Fedoraproject Subscribe	Fedora Subscribe
Intel Subscribe	Microarchitectural Data Sampling Uncacheable Memory Subscribe Microarchitectural Data Sampling Uncacheable Memory Firmware Subscribe
Redhat Subscribe	Advanced Virtualization Subscribe Enterprise Linux Subscribe Enterprise Mrg Subscribe Openstack Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Eus Subscribe Rhel Extras Rt Subscribe Rhel Tus Subscribe Rhev Manager Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-1787-1	linux-4.9 security update
Debian DLA	DLA-1789-1	intel-microcode security update
Debian DLA	DLA-1789-2	intel-microcode security update
Debian DLA	DLA-1799-1	linux security update
Debian DLA	DLA-1799-2	linux security update
Debian DLA	DLA-1989-1	linux security update
Debian DLA	DLA-1990-1	linux-4.9 security update
Debian DSA	DSA-4444-1	linux security update
Debian DSA	DSA-4447-1	intel-microcode security update
Debian DSA	DSA-4447-2	intel-microcode security update
Debian DSA	DSA-4469-1	libvirt security update
Debian DSA	DSA-4564-1	linux security update
Debian DSA	DSA-4602-1	xen security update
EUVD	EUVD-2019-2795	Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Ubuntu USN	USN-3977-1	Intel Microcode update
Ubuntu USN	USN-3977-2	Intel Microcode update
Ubuntu USN	USN-3977-3	Intel Microcode update
Ubuntu USN	USN-3978-1	QEMU update
Ubuntu USN	USN-3979-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3980-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3980-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-3981-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3981-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-3982-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3982-2	Linux kernel (Xenial HWE) vulnerabilities
Ubuntu USN	USN-3983-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3983-2	Linux kernel (Trusty HWE) vulnerabilities
Ubuntu USN	USN-3984-1	Linux kernel vulnerabilities
Ubuntu USN	USN-3985-1	libvirt update
Ubuntu USN	USN-3985-2	libvirt update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
https://access.redhat.com/errata/RHSA-2019:1455
https://access.redhat.com/errata/RHSA-2019:2553
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10292
https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://nvd.nist.gov/vuln/detail/CVE-2019-11091
https://seclists.org/bugtraq/2019/Jun/28
https://seclists.org/bugtraq/2019/Jun/36
https://seclists.org/bugtraq/2019/Nov/15
https://seclists.org/bugtraq/2020/Jan/21
https://security.gentoo.org/glsa/202003-56
https://usn.ubuntu.com/3977-3/
https://www.cve.org/CVERecord?id=CVE-2019-11091
https://www.debian.org/security/2020/dsa-4602
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
https://www.synology.com/security/advisory/Synology_SA_19_24

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2019-05-30T15:28:28

Updated: 2024-08-04T22:40:16.292Z

Reserved: 2019-04-11T00:00:00

Link: CVE-2019-11091

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-30T16:29:01.417

Modified: 2024-11-21T04:20:31.233

Link: CVE-2019-11091

Redhat

Severity : Moderate

Publid Date: 2019-05-14T17:00:00Z

Links: CVE-2019-11091 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object