{"containers": {"cna": {"affected": [{"product": "Central Processing Units (CPUs)", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}], "datePublic": "2019-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-26T14:06:10", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-56"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-11091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Central Processing Units (CPUs)", "version": {"version_data": [{"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-56"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-11091", "datePublished": "2019-05-30T15:28:28", "dateReserved": "2019-04-11T00:00:00", "dateUpdated": "2024-08-04T22:40:16.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B28D458-E322-4CCE-9E5C-D56E9FF70198", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*", "matchCriteriaId": "74BFF53A-9A81-48DD-B69D-ADF88EBD9835", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}, {"lang": "es", "value": "En Microarchitectural Data Sampling Uncacheable Memory (MDSUM): La memoria no almacenable en algunos microprocesadores que utilizan ejecuci\u00f3n especulativa puede permitir a un usuario autenticado activar potencialmente la divulgaci\u00f3n de informaci\u00f3n por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aqu\u00ed: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}], "id": "CVE-2019-11091", "lastModified": "2024-11-21T04:20:31.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-30T16:29:01.417", "references": [{"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"source": "secure@intel.com", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"source": "secure@intel.com", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"source": "secure@intel.com", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"source": "secure@intel.com", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"source": "secure@intel.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"source": "secure@intel.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"source": "secure@intel.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"source": "secure@intel.com", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"source": "secure@intel.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"source": "secure@intel.com", "url": "https://security.gentoo.org/glsa/202003-56"}, {"source": "secure@intel.com", "url": "https://usn.ubuntu.com/3977-3/"}, {"source": "secure@intel.com", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"source": "secure@intel.com", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"source": "secure@intel.com", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202003-56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3977-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1169", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.14.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1180", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.10.2-64.el6_10.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1181", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.506.el6_10.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1196", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.94.2.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1197", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "libvirt-0:0.10.2-29.el6_5.18", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1198", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "qemu-kvm-2:0.12.1.2-2.415.el6_5.20", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1193", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "kernel-0:2.6.32-504.78.2.el6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1194", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "libvirt-0:0.10.2-46.el6_6.10", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1195", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "qemu-kvm-2:0.12.1.2-2.448.el6_6.8", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1176", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-957.12.2.rt56.929.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1168", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-957.12.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1177", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvirt-0:4.5.0-10.el7_6.9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1178", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-160.el7_6.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1170", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.47.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1184", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "libvirt-0:3.2.0-14.el7_4.13", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1185", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "qemu-kvm-10:1.5.3-141.el7_4.10", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1155", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "kernel-0:3.10.0-862.32.2.el7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1182", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "libvirt-0:3.9.0-14.el7_5.9", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1183", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "qemu-kvm-10:1.5.3-156.el7_5.7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1175", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8000020190510171727.55190bc5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1174", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1167", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-80.1.2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1455", "cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "package": "virt:8.0.0-8000020190530233731.55190bc5", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", "release_date": "2019-06-11T00:00:00Z"}, {"advisory": "RHSA-2019:1190", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1200", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1201", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1202", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1199", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1204", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "vdsm-0:4.20.49-1.el7ev", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1209", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.2-8.6.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1209", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.2-20190512.0.el7_6", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1179", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1203", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "vdsm-0:4.30.13-4.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1207", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.3-0.7.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1207", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3-20190512.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1208", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "rhvm-appliance-0:4.3-20190506.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:2553", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-22T00:00:00Z"}, {"advisory": "RHSA-2019:1206", "cpe": "cpe:/a:redhat:rhev_manager:4.2", "package": "rhvm-setup-plugins-0:4.2.14-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1205", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "rhvm-setup-plugins-0:4.3.1-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:2553", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-08-22T00:00:00Z"}], "bugzilla": {"description": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)", "id": "1705312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"}, "csaw": true, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-226->CWE-203->CWE-385", "details": ["Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access."], "name": "CVE-2019-11091", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "ovirt-guest-agent", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-05-14T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11091\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11091"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "threat_severity": "Moderate"}

{}