Fixed
Created: May 29, 2019
Updated: Dec 23, 2019
Resolved Date: Nov 7, 2019
Previous ID: LIN8-10982
Found In Version: 8.0.0.30
Fix Version: 8.0.0.31
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127
CVE-2018-12127 Microarchitectural Load Port Data Sampling
Under certain conditions, data in microarchitectural structures that the currently-running software does not have permission to access may be speculatively accessed by faulting or assisting load or store operations. This does not result in incorrect program execution because these operations never complete, and their results are never returned to software. However, software may be able to forward this speculative-only data to a side channel disclosure gadget in a way that potentially allows malicious actors to infer the data.
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
