stable

libvirt-4.1.0-6.fc28 and qemu-2.11.2-5.fc28

FEDORA-2019-6e146a714c created by berrange 5 years ago for Fedora 28

Define md-clear CPUID bit.

Assuming an updated host kernel and microcode, the md-clear bit will be automatically exposed to guests using the QEMU "-cpu host" arg, or libvirt "host-model" or "host-passthrough" configurations.

Guests using a named CPU model it must be manually updated to add this extra CPU feature.

Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-6e146a714c

This update has been submitted for testing by berrange.

5 years ago

This update has been pushed to testing.

5 years ago

berrange edited this update.

5 years ago
User Icon puiterwijk commented & provided feedback 5 years ago
karma

Installed an f30 guest with host-passthrough CPU type on an f28 host with this update, and the guest return "Mitigation: Clear CPU buffers; SMT Host state unknown". So the VM works, and md_clear is made visible to the guest.

BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon puiterwijk commented & provided feedback 5 years ago
karma

Installed an f30 guest with host-passthrough CPU type on an f28 host with this update, and the guest return "Mitigation: Clear CPU buffers; SMT Host state unknown". So the VM works, and md_clear is made visible to the guest.

BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon mprivozn provided feedback 5 years ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for batched by bodhi.

5 years ago
User Icon mprivozn provided feedback 5 years ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for batched by bodhi.

5 years ago
User Icon fidencio provided feedback 5 years ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon fidencio provided feedback 5 years ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
0
3
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
0
3
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
0
3
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
0
3
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
3
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
3
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
3
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
3
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
3
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
3
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
3
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
3

Automated Test Results