CVE-2018-12130

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVSS v3 5.6 MEDIUM
CVSS v2.0 4.7 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability : 1.1 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
https://access.redhat.com/errata/RHSA-2019:1455
https://access.redhat.com/errata/RHSA-2019:2553
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10292
https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://seclists.org/bugtraq/2019/Jun/28
https://seclists.org/bugtraq/2019/Jun/36
https://seclists.org/bugtraq/2019/Nov/15
https://seclists.org/bugtraq/2019/Nov/16
https://seclists.org/bugtraq/2020/Jan/21
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
https://security.gentoo.org/glsa/202003-56
https://usn.ubuntu.com/3977-3/
https://www.debian.org/security/2020/dsa-4602
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_24
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
https://access.redhat.com/errata/RHSA-2019:1455
https://access.redhat.com/errata/RHSA-2019:2553
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10292
https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://seclists.org/bugtraq/2019/Jun/28
https://seclists.org/bugtraq/2019/Jun/36
https://seclists.org/bugtraq/2019/Nov/15
https://seclists.org/bugtraq/2019/Nov/16
https://seclists.org/bugtraq/2020/Jan/21
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
https://security.gentoo.org/glsa/202003-56
https://usn.ubuntu.com/3977-3/
https://www.debian.org/security/2020/dsa-4602
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_24

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:microarchitectural_fill_buffer_data_sampling:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

History

21 Nov 2024, 03:44

Information

Published : 2019-05-30 16:29

Updated : 2024-11-21 03:44

NVD link : CVE-2018-12130

Mitre link : CVE-2018-12130

CVE.ORG link : CVE-2018-12130

JSON object : View

Products Affected

intel

microarchitectural_fill_buffer_data_sampling
microarchitectural_fill_buffer_data_sampling_firmware

fedoraproject

fedora

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2018-12130", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2019-05-30T16:29:00.950", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html", "source": "secure@intel.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html", "source": "secure@intel.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html", "source": "secure@intel.com"}, {"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "source": "secure@intel.com"}, {"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "source": "secure@intel.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1455", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2553", "source": "secure@intel.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "source": "secure@intel.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "source": "secure@intel.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "source": "secure@intel.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/", "source": "secure@intel.com"}, {"url": "https://seclists.org/bugtraq/2019/Jun/28", "source": "secure@intel.com"}, {"url": "https://seclists.org/bugtraq/2019/Jun/36", "source": "secure@intel.com"}, {"url": "https://seclists.org/bugtraq/2019/Nov/15", "source": "secure@intel.com"}, {"url": "https://seclists.org/bugtraq/2019/Nov/16", "source": "secure@intel.com"}, {"url": "https://seclists.org/bugtraq/2020/Jan/21", "source": "secure@intel.com"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", "source": "secure@intel.com"}, {"url": "https://security.gentoo.org/glsa/202003-56", "source": "secure@intel.com"}, {"url": "https://usn.ubuntu.com/3977-3/", "source": "secure@intel.com"}, {"url": "https://www.debian.org/security/2020/dsa-4602", "source": "secure@intel.com"}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_24", "source": "secure@intel.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1455", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2553", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Jun/28", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Jun/36", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Nov/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Nov/16", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2020/Jan/21", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202003-56", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3977-3/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2020/dsa-4602", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_24", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}, {"lang": "es", "value": "En Microarchitectural Fill Buffer Data Sampling (MFBDS): El llenado de los b\u00fafer en algunos microprocesadores que utilizan ejecuci\u00f3n especulativa pueden permitir que un usuario autenticado active potencialmente la divulgaci\u00f3n de informaci\u00f3n por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aqu\u00ed: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf."}], "lastModified": "2024-11-21T03:44:38.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FACDE6C-6912-4372-A04C-E8ED447B7475"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:microarchitectural_fill_buffer_data_sampling:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "243D3D4E-7AC4-4FE2-8F0C-D5A05F59D6D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}

5.6 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.7 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-12130

5.6^/10

4.7^/10

Attach tags to `CVE-2018-12130`