Diff for /wikisrc/security/intel_mds.mdwn between versions 1.5 and 1.6

version 1.5, 2019/05/14 17:38:01 version 1.6, 2019/05/14 17:44:03
Line 1 Line 1
 [[!meta title="Intel MDS"]]  [[!meta title="Intel MDS"]]
   
 #NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514  #NetBSD Security Update for the amd64 port (x86_64 architecture) - 20190514
   
 ###Description  ###Description
 Details and mitigation information about a sub-class of speculative execution  Details and mitigation information about a sub-class of speculative execution
Line 8  side-channel vulnerabilities called Micr Line 8  side-channel vulnerabilities called Micr
 hardware starting with select 8th and 9th Generation Intel® CoreTM processors, as  hardware starting with select 8th and 9th Generation Intel® CoreTM processors, as
 well as the 2nd Generation Intel® Xeon® Scalable Processor Family.  well as the 2nd Generation Intel® Xeon® Scalable Processor Family.
   
 Please refer to the Intel Security Advisory 00233 is located at:  Please refer to the Intel Security Advisory 00233 located at:
 [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html).  [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html).
   
 This update is mitigation for the following CVEs:  This update is mitigation for the following CVEs:
   
 ###Common Vulnerabilities and Exposures (CVE) / Common Vulnerability Scoring System (CVSS)  ###Common Vulnerabilities and Exposures (CVE) / Common Vulnerability Scoring System (CVSS)
 * Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127  * Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127
 > CVSS: 6.5 Medium  > CVSS: 6.5 Medium
   
 * Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126  * Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12126
 > CVSS: 6.5 Medium  > CVSS: 6.5 Medium
   
 * Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130  * Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130
 > CVSS: 6.5 Medium  > CVSS: 6.5 Medium
   
 * Microarchitectural Uncacheable Data Sampling (MDSUM) – CVE-2019-11091  * Microarchitectural Uncacheable Data Sampling (MDSUM), CVE-2019-11091
 > CVSS: 3.8 Low  > CVSS: 3.8 Low
   
 ##Status of the Fix  ##Status of the Fix
 **NetBSD-7, and all the anterior releases, have no planned fixes.**  
   NetBSD-7, and all the anterior releases, have no planned fixes.
   
 [[!table data="""  [[!table data="""
 Port            |Vendor/Model   |MDS            |NetBSD-8               |NetBSD-current  Port            |Vendor/Model   |MDS            |NetBSD-8               |NetBSD-current
Line 35  amd64  |Intel  |Vulnerable |Fixed [VERW] Line 36  amd64  |Intel  |Vulnerable |Fixed [VERW]
 """]]  """]]
   
 ###Mitigation  ###Mitigation
   
 The mitigation for MDS depends on the Intel CPU model and available microcode  The mitigation for MDS depends on the Intel CPU model and available microcode
 or motherboard BIOS revision.  or motherboard BIOS revision.
   
Line 61  To manually enable the check, use "sysct Line 63  To manually enable the check, use "sysct
 will then determine if it can apply the available mitigation.  When set to 0, then  will then determine if it can apply the available mitigation.  When set to 0, then
 NetBSD will disable the mitigation.  NetBSD will disable the mitigation.
   
 ######Note: "method" will then show a [VERW] if it is enabled, and (none) if not.  Note: "method" will then show a "[VERW]" if it is enabled, and "(none)" if not.

Removed from v.1.5  
changed lines
  Added in v.1.6


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb