Wind River Support Network

HomeDefectsOVP8-486
Fixed

OVP8-486 : Security Advisory - linux - CVE-2018-12127 MLPDS

Created: May 29, 2019    Updated: Dec 23, 2019
Resolved Date: Nov 7, 2019
Previous ID: LIN8-10982
Found In Version: 8.0.0.30
Fix Version: 8.0.0.31
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel

Description

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127

CVE-2018-12127 	Microarchitectural Load Port Data Sampling

Under certain conditions, data in microarchitectural structures that the currently-running software does not have permission to access may be speculatively accessed by faulting or assisting load or store operations. This does not result in incorrect program execution because these operations never complete, and their results are never returned to software. However, software may be able to forward this speculative-only data to a side channel disclosure gadget in a way that potentially allows malicious actors to infer the data.


https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
Live chat
Online