Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: Microarchitectural Data Sampling (CVE-2018-12126 , CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Recommended

Wind River Security Vulnerability Notice: Microarchitectural Data Sampling (CVE-2018-12126 , CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Released: --

Summary

Wind River Security Vulnerability Notice: Microarchitectural Data Sampling (CVE-2018-12126 , CVE-2018-12127,CVE-2018-12130,CVE-2019-11091) for Wind River Linux

Affected Product Versions

Wind River Linux 9, Wind River Linux 5, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 4

Downloads

Description

Microarchitectural Data Sampling is a hardware vulnerability which allows unprivileged speculative access to data which is available in various CPU internal buffers. It is a family of side channel attacks on internal buffers in Intel CPUs. MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms. Although it may be difficult to target particular data on a system using these methods, malicious actors may be able to infer protected data by collecting and analyzing large amounts of data. The variants are:

CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Affected Windriver Linux releases:

All releases including Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 8, Wind River Linux 7, Wind River Linux 6, Wind River Linux 5, Wind River Linux 4

Affected software components:

Linux kernel.

Affected hardware:

Almost all Intel CPUs after 2011, here is the full affect CPU list: https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs#MDS-CPUID

Mitigation

Install source patches of Linux kernel once available;

AND

Upgrade CPU microcode once available.

Note: For the microcode upgrading, we will update our recipe to align with Intel. But to make a full mitigation, the new microcode should be loaded in BIOS. So please contact your BIOS vendor for it.

Additional References

Intel MDS Overview
Intel MDS Deep Dive
Linux kernel MDS Technical Information
Processors Affected by Microarchitectural Data Sampling
Microcode Updates for MDS
source patch of mainline linux kernel
source patches of stable linux kernel 4.4.y

We are porting all necessary kernel patches on all our supporting releases, at the same time, fetching and upgrading the microcode recipe. We will continue to update this web page and once we have any progress you can get it here.

For any questions or requirements, please contact your local WR support team, or mail to security-alert@windriver.com directly.

Changelog

7/1/2019: Add Experimental HOTPATH of linux kernel for WRL7-RCPL0030
6/22/2019: Repair the broken patch of the hotpath of WRL8
5/31/2019: Add Experimental HOTPATH of linux kernel for WRL8-RCPL0030; Use sha256sum instead of md5sum to get/check digest of hotpatch tarballs.
5/29/2019: Update the ewblink address of the full affect CPU list
5/27/2019: Add Experimental HOTPATH of linux kernel for WRL9-RCPL0020
5/21/2019: Add Experimental HOTPATH of linux kernel for LTS1017-RCPL0015
5/18/2019: Rename MDS-HOTPATCH-4-WRL-LTS1018-RCPL-0006.tar.bz2 to MDS-Experimental-HOTPATCH-4-WRL-LTS1018-RCPL-0006.tar.bz2.
5/17/2019: Add Experimental HOTPATH of linux kernel for LTS1018-RCPL0006.
5/16/2019: Initial

Installation Notes

LTS1018

1) Download the hotpatch locally and unpackage it:

#sha256sum MDS-Experimental-HOTPATCH-4-WRL-LTS1018-RCPL-0006.tar.bz2

ff6bf0930ffd11b13c89d07b615275ce77a60c04f8590136e493931638f5c620

# cd /PATH_2_hotpatches/

# tar jxvf MDS-Experimental-HOTPATCH-4-WRL-LTS1018-RCPL-0006.tar.bz2

2) Integrate them and rebuild the kernel image

# bitbake linux-yocto -c devshell

# git am /PATH_2_hotpatches/*patch

# make bzImage

...

LTS1017

1) Download the hotpatch locally and unpackage it:

#sha256sum MDS-Experimental-HOTPATCH-4-WRL-LTS1017-RCPL-0015.tar.bz2

98c59adb37b769c3eb0f0c15251c2f8c7e4daea30dea8835aa2d3636c1921d03

# cd /PATH_2_hotpatches/

# tar jxvf MDS-Experimental-HOTPATCH-4-WRL-LTS1017-RCPL-0015.tar.bz2

2) Integrate them and rebuild the kernel image

# bitbake linux-yocto -c devshell

# git am /PATH_2_hotpatches/*patch

# make bzImage

...

WRL9

1) Download the hotpatch locally and unpackage it:

#sha256sum MDS-Experimental-HOTPATCH-4-WRL-WRL9-RCPL-0020.tar.bz2

6794404458fc59ee4f302d8da06b3c4be817d3163d8e50c786b6bb641a268868

# cd /PATH_2_hotpatches/

# tar jxvf MDS-Experimental-HOTPATCH-4-WRL-WRL9-RCPL-0020.tar.bz2

2) Integrate them and rebuild the kernel image

# bitbake linux-windriver -c devshell

# git am /PATH_2_hotpatches/*patch

# make bzImage

...

WRL8

1) Download the hotpatch locally and unpackage it:

#sha256sum MDS-Experimental-HOTPATCH-4-WRL-WRL8-RCPL-0030.tar.bz2

59ad9733c49ca9f55892a02d24a64763fe32e59fe2738d7a5a0bb298ae8b9256

# cd /PATH_2_hotpatches/

# tar jxvf MDS-Experimental-HOTPATCH-4-WRL-WRL8-RCPL-0030.tar.bz2

2) Integrate them and rebuild the kernel image

# bitbake linux-windriver -c devshell

# git am /PATH_2_hotpatches/*patch

# make bzImage

...

WRL7

1) Download the hotpatch locally and unpackage it:

#sha256sum MDS-Experimental-HOTPATCH-4-WRL-WRL7-RCPL-0030.tar.bz2

9c9395f5a40480a158afe71381f79ad60b06477a31060fe435b09354f4c45701

# cd /PATH_2_hotpatches/

# tar jxvf MDS-Experimental-HOTPATCH-4-WRL-WRL7-RCPL-0030.tar.bz2

2) Integrate them and rebuild the kernel image

# bitbake linux-windriver -c devshell

# git am /PATH_2_hotpatches/*patch

# make bzImage

...

Please note the hot patches is just experimental, not official release.