Define md-clear CPUID bit.

Assuming an updated host kernel and microcode, the md-clear bit will be automatically exposed to guests using the QEMU "-cpu host" arg, or libvirt "host-model" or "host-passthrough" configurations.

Guests using a named CPU model it must be manually updated to add this extra CPU feature.

Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

How to install

sudo dnf upgrade --advisory=FEDORA-2019-6e146a714c

This update has been submitted for testing by berrange.

7 months ago

This update has been pushed to testing.

7 months ago

berrange edited this update.

7 months ago
User Icon puiterwijk commented & provided feedback 7 months ago
karma

Installed an f30 guest with host-passthrough CPU type on an f28 host with this update, and the guest return "Mitigation: Clear CPU buffers; SMT Host state unknown". So the VM works, and md_clear is made visible to the guest.

BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon puiterwijk commented & provided feedback 7 months ago
karma

Installed an f30 guest with host-passthrough CPU type on an f28 host with this update, and the guest return "Mitigation: Clear CPU buffers; SMT Host state unknown". So the VM works, and md_clear is made visible to the guest.

BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon mprivozn provided feedback 7 months ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for batched by bodhi.

7 months ago
User Icon mprivozn provided feedback 7 months ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for batched by bodhi.

7 months ago
User Icon fidencio provided feedback 7 months ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
User Icon fidencio provided feedback 7 months ago
karma
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Dates
submitted
7 months ago
in testing
7 months ago
in stable
7 months ago
modified
7 months ago
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
0
3
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
0
3
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
0
3
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
0
3
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
3
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
3
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
3
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
3
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
3
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
3
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
3
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
3

Automated Test Results