CVE-2019-11091 - Vulnerability Details

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Intel	Microarchitectural Data Sampling Uncacheable Memory Microarchitectural Data Sampling Uncacheable Memory Firmware
Redhat	Advanced Virtualization Enterprise Linux Enterprise Mrg Openstack Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus Rhev Manager

Configuration 1 [-]

AND

cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.14.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1169	2019-05-14T00:00:00Z
libvirt-0:0.10.2-64.el6_10.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1180	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.506.el6_10.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1181	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.94.2.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1196	2019-05-14T00:00:00Z
libvirt-0:0.10.2-29.el6_5.18	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1197	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.415.el6_5.20	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1198	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.78.2.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1193	2019-05-14T00:00:00Z
libvirt-0:0.10.2-46.el6_6.10	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1194	2019-05-14T00:00:00Z
qemu-kvm-2:0.12.1.2-2.448.el6_6.8	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1195	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.12.2.rt56.929.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2019:1176	2019-05-14T00:00:00Z
kernel-0:3.10.0-957.12.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1168	2019-05-14T00:00:00Z
libvirt-0:4.5.0-10.el7_6.9	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1177	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-160.el7_6.2	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1178	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.78.2.el7	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1172	2019-05-14T00:00:00Z
libvirt-0:1.2.17-13.el7_2.10	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1186	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-105.el7_2.19	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1188	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.64.2.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1171	2019-05-14T00:00:00Z
libvirt-0:2.0.0-10.el7_3.14	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1187	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-126.el7_3.17	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1189	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.47.2.el7	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1170	2019-05-14T00:00:00Z
libvirt-0:3.2.0-14.el7_4.13	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1184	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-141.el7_4.10	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1185	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.32.2.el7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1155	2019-05-14T00:00:00Z
libvirt-0:3.9.0-14.el7_5.9	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1182	2019-05-14T00:00:00Z
qemu-kvm-10:1.5.3-156.el7_5.7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1183	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8
virt:rhel-8000020190510171727.55190bc5	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1175	2019-05-14T00:00:00Z
kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2019:1174	2019-05-14T00:00:00Z
kernel-0:4.18.0-80.1.2.el8_0	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:1167	2019-05-14T00:00:00Z
Red Hat Enterprise Linux 8 Advanced Virtualization
virt:8.0.0-8000020190530233731.55190bc5	cpe:/a:redhat:advanced_virtualization:8::el8	RHSA-2019:1455	2019-06-11T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2019:1190	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:10::el7	RHSA-2019:1200	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:13::el7	RHSA-2019:1201	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 14.0 (Rocky)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:14::el7	RHSA-2019:1202	2019-05-14T00:00:00Z
Red Hat OpenStack Platform 9.0 (Mitaka)
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/a:redhat:openstack:9::el7	RHSA-2019:1199	2019-05-14T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
vdsm-0:4.20.49-1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1204	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.2-8.6.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.2-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1209	2019-05-14T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-18.el7_6.5	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1179	2019-05-14T00:00:00Z
vdsm-0:4.30.13-4.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1203	2019-05-14T00:00:00Z
redhat-release-virtualization-host-0:4.3-0.7.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
redhat-virtualization-host-0:4.3-20190512.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1207	2019-05-14T00:00:00Z
rhvm-appliance-0:4.3-20190506.0.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1208	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2553	2019-08-22T00:00:00Z
Red Hat Virtualization Engine 4.2
rhvm-setup-plugins-0:4.2.14-1.el7ev	cpe:/a:redhat:rhev_manager:4.2	RHSA-2019:1206	2019-05-14T00:00:00Z
Red Hat Virtualization Engine 4.3
rhvm-setup-plugins-0:4.3.1-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:1205	2019-05-14T00:00:00Z
qemu-kvm-rhev-10:2.12.0-33.el7	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:2553	2019-08-22T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
https://access.redhat.com/errata/RHSA-2019:1455
https://access.redhat.com/errata/RHSA-2019:2553
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10292
https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://nvd.nist.gov/vuln/detail/CVE-2019-11091
https://seclists.org/bugtraq/2019/Jun/28
https://seclists.org/bugtraq/2019/Jun/36
https://seclists.org/bugtraq/2019/Nov/15
https://seclists.org/bugtraq/2020/Jan/21
https://security.gentoo.org/glsa/202003-56
https://usn.ubuntu.com/3977-3/
https://www.cve.org/CVERecord?id=CVE-2019-11091
https://www.debian.org/security/2020/dsa-4602
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
https://www.synology.com/security/advisory/Synology_SA_19_24

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2019-05-30T15:28:28

Updated: 2024-08-04T22:40:16.292Z

Reserved: 2019-04-11T00:00:00

Link: CVE-2019-11091

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-30T16:29:01.417

Modified: 2024-11-21T04:20:31.233

Link: CVE-2019-11091

Redhat

Severity : Moderate

Publid Date: 2019-05-14T17:00:00Z

Links: CVE-2019-11091 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Central Processing Units (CPUs)", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}], "datePublic": "2019-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-26T14:06:10", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-56"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-11091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Central Processing Units (CPUs)", "version": {"version_data": [{"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"name": "FEDORA-2019-1f5832fc0e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"name": "openSUSE-SU-2019:1505", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"name": "RHSA-2019:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-3977-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3977-3/"}, {"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"name": "openSUSE-SU-2019:1805", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"name": "openSUSE-SU-2019:1806", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"name": "FreeBSD-SA-19:07", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"name": "RHSA-2019:2553", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"name": "GLSA-202003-56", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-56"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-11091", "datePublished": "2019-05-30T15:28:28", "dateReserved": "2019-04-11T00:00:00", "dateUpdated": "2024-08-04T22:40:16.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B28D458-E322-4CCE-9E5C-D56E9FF70198", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*", "matchCriteriaId": "74BFF53A-9A81-48DD-B69D-ADF88EBD9835", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}, {"lang": "es", "value": "En Microarchitectural Data Sampling Uncacheable Memory (MDSUM): La memoria no almacenable en algunos microprocesadores que utilizan ejecuci\u00f3n especulativa puede permitir a un usuario autenticado activar potencialmente la divulgaci\u00f3n de informaci\u00f3n por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aqu\u00ed: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}], "id": "CVE-2019-11091", "lastModified": "2024-11-21T04:20:31.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-30T16:29:01.417", "references": [{"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"source": "secure@intel.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"source": "secure@intel.com", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"source": "secure@intel.com", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"source": "secure@intel.com", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"source": "secure@intel.com", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"source": "secure@intel.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"source": "secure@intel.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"source": "secure@intel.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"source": "secure@intel.com", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"source": "secure@intel.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"source": "secure@intel.com", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"source": "secure@intel.com", "url": "https://security.gentoo.org/glsa/202003-56"}, {"source": "secure@intel.com", "url": "https://usn.ubuntu.com/3977-3/"}, {"source": "secure@intel.com", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"source": "secure@intel.com", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"source": "secure@intel.com", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Nov/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202003-56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3977-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1169", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.14.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1180", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.10.2-64.el6_10.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1181", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.506.el6_10.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1196", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.94.2.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1197", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "libvirt-0:0.10.2-29.el6_5.18", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1198", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "qemu-kvm-2:0.12.1.2-2.415.el6_5.20", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1193", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "kernel-0:2.6.32-504.78.2.el6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1194", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "libvirt-0:0.10.2-46.el6_6.10", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1195", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "qemu-kvm-2:0.12.1.2-2.448.el6_6.8", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1176", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-957.12.2.rt56.929.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1168", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-957.12.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1177", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvirt-0:4.5.0-10.el7_6.9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1178", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-160.el7_6.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1172", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "kernel-0:3.10.0-327.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1186", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "libvirt-0:1.2.17-13.el7_2.10", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1188", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.19", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1171", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.64.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1187", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "libvirt-0:2.0.0-10.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1189", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.17", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1170", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.47.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1184", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "libvirt-0:3.2.0-14.el7_4.13", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1185", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "qemu-kvm-10:1.5.3-141.el7_4.10", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1155", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "kernel-0:3.10.0-862.32.2.el7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1182", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "libvirt-0:3.9.0-14.el7_5.9", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1183", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "qemu-kvm-10:1.5.3-156.el7_5.7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1175", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8000020190510171727.55190bc5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1174", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1167", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-80.1.2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1455", "cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "package": "virt:8.0.0-8000020190530233731.55190bc5", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", "release_date": "2019-06-11T00:00:00Z"}, {"advisory": "RHSA-2019:1190", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1200", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1201", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1202", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1199", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1204", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "vdsm-0:4.20.49-1.el7ev", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1209", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.2-8.6.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1209", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.2-20190512.0.el7_6", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1179", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.5", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1203", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "vdsm-0:4.30.13-4.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1207", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.3-0.7.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1207", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3-20190512.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1208", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "rhvm-appliance-0:4.3-20190506.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:2553", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-22T00:00:00Z"}, {"advisory": "RHSA-2019:1206", "cpe": "cpe:/a:redhat:rhev_manager:4.2", "package": "rhvm-setup-plugins-0:4.2.14-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1205", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "rhvm-setup-plugins-0:4.3.1-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:2553", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-08-22T00:00:00Z"}], "bugzilla": {"description": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)", "id": "1705312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"}, "csaw": true, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-226->CWE-203->CWE-385", "details": ["Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access."], "name": "CVE-2019-11091", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "ovirt-guest-agent", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-05-14T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11091\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11091"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object