CVEs by modern implementation of the "fill buffer" mechanism

Bug #1830487 reported by Victor Manuel Rodriguez Bahena on 2019-05-25
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
High
zhao.shuai

Bug Description

New set of CVEs was reported against Intel CPUs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.

For these CVEs there are RH and CentOS updates available

RH : https://www.redhat.com/archives/rhsa-announce/2019-May/msg00054.html
CENTOS: https://lists.centos.org/pipermail/centos-announce/2019-May/023314.html

Right now we have kernel-3.10.0-957.1.3.el7.src.rpm [0]

They are pointing to kernel-3.10.0-957.12.2.el7, maybe we should do an update, the SRPM and patches are in [1]:

same for microcode_ctl-2.1-47.2.el7_6[2] [3]

[0] https://opendev.org/starlingx/integ/src/branch/master/kernel/kernel-std/centos/srpm_path
[1] http://mirror.centos.org/centos/7/centosplus/x86_64/Packages/
[2] https://centos.pkgs.org/7/centos-updates-x86_64/microcode_ctl-2.1-47.2.el7_6.x86_64.rpm.html
[3] https://lists.centos.org/pipermail/centos-announce/2019-May/023311.html

Ghada Khalil (gkhalil) wrote :

Marking as stx.2.0 release gating as this is a high visibility set of CVEs which impact the kernel used in stx. As per above, we need to pick up the latest kernel from CentOS 7.6 to address these vulnerabilities.

tags: added: stx.2.0 stx.security
Changed in starlingx:
importance: Undecided → High
status: New → Triaged
assignee: nobody → Cindy Xie (xxie1)
zhao.shuai (zhao.shuai) on 2019-05-28
Changed in starlingx:
assignee: Cindy Xie (xxie1) → zhao.shuai (zhao.shuai)
Zhang Zhiguo (zhangzhg) on 2019-06-05
Changed in starlingx:
status: Triaged → In Progress

Reviewed: https://review.opendev.org/663071
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=ecf223e163f2f2bf40ab9b319cec086fde1f0fe7
Submitter: Zuul
Branch: master

commit ecf223e163f2f2bf40ab9b319cec086fde1f0fe7
Author: zhiguo.zhang <email address hidden>
Date: Tue Jun 4 23:48:11 2019 +0800

    Upgrade kernel patch to CentOS7.6 3.10.0-957.12.2

    New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
    CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
    For these CVEs there are RH and CentOS updates available.

    CVE-2018-12126:
    Microarchitectural Store Buffer Data Sampling (MSBDS):
    Store buffers on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially
    enable information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12127:
    Microarchitectural Load Port Data Sampling (MLPDS):
    Load ports on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12130:
    Microarchitectural Fill Buffer Data Sampling (MFBDS):
    Fill buffers on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2019-11091:
    Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
    Uncacheable memory on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially enable
    information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    These are from the http://cve.mitre.org website.
    These are the MDS security CVEs.

    Closes-Bug: 1830487
    Change-Id: I9c69ca78dc046128521d2a46b520f9c242fe6e56
    Signed-off-by: zhiguo.zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released

Reviewed: https://review.opendev.org/663094
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=d4aebcaf913d3e53b45cac830c7cfca0b2871bd8
Submitter: Zuul
Branch: master

commit d4aebcaf913d3e53b45cac830c7cfca0b2871bd8
Author: zhiguo.zhang <email address hidden>
Date: Wed Jun 5 00:16:44 2019 +0800

    Upgrade rt kernel patch to CentOS7.6 3.10.0-957.12.2

    New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
    CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
    For these CVEs there are RH and CentOS updates available.

    CVE-2018-12126:
    Microarchitectural Store Buffer Data Sampling (MSBDS):
    Store buffers on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially
    enable information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12127:
    Microarchitectural Load Port Data Sampling (MLPDS):
    Load ports on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12130:
    Microarchitectural Fill Buffer Data Sampling (MFBDS):
    Fill buffers on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2019-11091:
    Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
    Uncacheable memory on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially enable
    information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    These are from the http://cve.mitre.org website.
    These are the MDS security CVEs.

    The patch is modified as follows:
    1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c
      file,
      because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
      removes the ici_cpuid4_info structure.

    2.Except for the modification of the file in 1, the other patches
      only modify the line number.

    Closes-Bug: 1830487
    Depends-On: https://review.opendev.org/663071
    Change-Id: I16ac63df21eeb85b4fc3ab19d539986e77c8c0d3
    Signed-off-by: zhiguo.zhang <email address hidden>

Reviewed: https://review.opendev.org/663083
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=30788066d6bccd86bb3fb31a0a69f6c868b56682
Submitter: Zuul
Branch: master

commit 30788066d6bccd86bb3fb31a0a69f6c868b56682
Author: zhiguo.zhang <email address hidden>
Date: Wed Jun 5 00:07:09 2019 +0800

    Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2

    New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
    CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
    For these CVEs there are RH and CentOS updates available.

    CVE-2018-12126:
    Microarchitectural Store Buffer Data Sampling (MSBDS):
    Store buffers on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially
    enable information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12127:
    Microarchitectural Load Port Data Sampling (MLPDS):
    Load ports on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12130:
    Microarchitectural Fill Buffer Data Sampling (MFBDS):
    Fill buffers on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2019-11091:
    Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
    Uncacheable memory on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially enable
    information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    These are from the http://cve.mitre.org website.
    These are the MDS security CVEs.

    The patch is modified as follows:
    1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file,
      because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
      removes the ici_cpuid4_info structure.

    2.The build-logic-and-sources-for-TiC.patch version number
      has been modified.

    3.In addition to the modifications in the files in 1 and 2,
      other patches only modify the line number.

    Closes-Bug: 1830487
    Depends-On: https://review.opendev.org/663071
    Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d
    Signed-off-by: zhiguo.zhang <email address hidden>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers