--- wikisrc/security/intel_mds.mdwn 2019/05/14 17:38:01 1.5 +++ wikisrc/security/intel_mds.mdwn 2019/05/14 17:44:03 1.6 @@ -1,6 +1,6 @@ [[!meta title="Intel MDS"]] -#NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514 +#NetBSD Security Update for the amd64 port (x86_64 architecture) - 20190514 ###Description Details and mitigation information about a sub-class of speculative execution @@ -8,26 +8,27 @@ side-channel vulnerabilities called Micr hardware starting with select 8th and 9th Generation Intel® CoreTM processors, as well as the 2nd Generation Intel® Xeon® Scalable Processor Family. -Please refer to the Intel Security Advisory 00233 is located at: +Please refer to the Intel Security Advisory 00233 located at: [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html). This update is mitigation for the following CVEs: ###Common Vulnerabilities and Exposures (CVE) / Common Vulnerability Scoring System (CVSS) -* Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127 +* Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127 > CVSS: 6.5 Medium -* Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126 +* Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12126 > CVSS: 6.5 Medium -* Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130 +* Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130 > CVSS: 6.5 Medium -* Microarchitectural Uncacheable Data Sampling (MDSUM) – CVE-2019-11091 +* Microarchitectural Uncacheable Data Sampling (MDSUM), CVE-2019-11091 > CVSS: 3.8 Low ##Status of the Fix -**NetBSD-7, and all the anterior releases, have no planned fixes.** + +NetBSD-7, and all the anterior releases, have no planned fixes. [[!table data=""" Port |Vendor/Model |MDS |NetBSD-8 |NetBSD-current @@ -35,6 +36,7 @@ amd64 |Intel |Vulnerable |Fixed [VERW] """]] ###Mitigation + The mitigation for MDS depends on the Intel CPU model and available microcode or motherboard BIOS revision. @@ -61,4 +63,4 @@ To manually enable the check, use "sysct will then determine if it can apply the available mitigation. When set to 0, then NetBSD will disable the mitigation. -######Note: "method" will then show a [VERW] if it is enabled, and (none) if not. +Note: "method" will then show a "[VERW]" if it is enabled, and "(none)" if not.