SB2019051527 - Information disclosure in xen (Alpine package)
Published: May 15, 2019
Security Bulletin ID
SB2019051527
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2018-12127)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=46c72db3ec91d42b57e2341cd9514a876b1b0952
- https://git.alpinelinux.org/aports/commit/?id=49b770e54aaba339695f94b6940ff412732e4f8b
- https://git.alpinelinux.org/aports/commit/?id=4cafe4f7ac5e95424824e1ef5835b409f1fe48e7
- https://git.alpinelinux.org/aports/commit/?id=7fc5ca2a862219a65a85170d6e009147362ef8d8
- https://git.alpinelinux.org/aports/commit/?id=1d0fe0196f9102c4c9edf2965deb91b142688924
- https://git.alpinelinux.org/aports/commit/?id=0c47d89261a9f6f60cdd25fd3c7848e3d089f47a