CVE-2018-12127: Infoleak
First published: Mon Jan 21 2019(Updated: )
Last updated 25 October 2024
Credit: Ke Sun Henrique Kawakami Kekai Hu Rodrigo Branco IntelYuval Yarom University of AdelaideBrandon Falk Microsoft Windows Platform Security TeamKe Sun Henrique Kawakami Kekai Hu Rodrigo Branco IntelGiorgi Maisuradze Microsoft ResearchHenrique Kawakami Kekai Hu Rodrigo Branco IntelMichael Schwarz Daniel Gruss Graz University of TechnologyAlyssa Milburn Sebastian Osterlund Pietro Frigo Kaveh Razavi Herbert Bos Cristiano Giuffrida VUSec group at VU AmsterdamDan Horea Lutas BitDefenderKe Sun Henrique Kawakami Kekai Hu Rodrigo Branco IntelMoritz Lipp Michael Schwarz Daniel Gruss Graz University of Technology secure@intel.com secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Mojave | <10.14.5 | 10.14.5 |
| Apple High Sierra | ||
| Apple Sierra | ||
| Intel Microarchitectural Load Port Data Sampling Firmware | ||
| Intel Microarchitectural Load Port Data Sampling | ||
| Fedoraproject Fedora | =29 | |
| All of | ||
| Intel Microarchitectural Load Port Data Sampling Firmware | ||
| Intel Microarchitectural Load Port Data Sampling | ||
| debian/intel-microcode | 3.20240813.1~deb11u1 3.20231114.1~deb11u1 3.20240813.1~deb12u1 3.20231114.1~deb12u1 3.20240910.1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 | |
| debian/xen | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.3+36-g54dacb5c02-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://access.redhat.com/errata/RHSA-2019:1455
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
- https://usn.ubuntu.com/3977-3/
- https://seclists.org/bugtraq/2019/Jun/28
- https://seclists.org/bugtraq/2019/Jun/36
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
- https://access.redhat.com/errata/RHSA-2019:2553
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://seclists.org/bugtraq/2019/Nov/16
- https://seclists.org/bugtraq/2019/Nov/15
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.debian.org/security/2020/dsa-4602
- https://seclists.org/bugtraq/2020/Jan/21
- https://security.gentoo.org/glsa/202003-56
- https://launchpad.net/bugs/cve/CVE-2018-12127
- https://access.redhat.com/security/vulnerabilities/mds
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646775
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1646778
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1709978
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1709979
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1710004
- https://access.redhat.com/errata/RHSA-2019:1175
- https://access.redhat.com/errata/RHSA-2019:1167
- https://access.redhat.com/errata/RHSA-2019:1174
- https://access.redhat.com/errata/RHSA-2019:1169
- https://access.redhat.com/errata/RHSA-2019:1180
- https://access.redhat.com/errata/RHSA-2019:1181
- https://access.redhat.com/errata/RHSA-2019:1177
- https://access.redhat.com/errata/RHSA-2019:1178
- https://access.redhat.com/errata/RHSA-2019:1179
- https://access.redhat.com/errata/RHSA-2019:1168
- https://access.redhat.com/errata/RHSA-2019:1176
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1184
- https://access.redhat.com/errata/RHSA-2019:1185
- https://access.redhat.com/errata/RHSA-2019:1182
- https://access.redhat.com/errata/RHSA-2019:1155
- https://access.redhat.com/errata/RHSA-2019:1183
- https://access.redhat.com/errata/RHSA-2019:1193
- https://access.redhat.com/errata/RHSA-2019:1196
- https://access.redhat.com/errata/RHSA-2019:1195
- https://access.redhat.com/errata/RHSA-2019:1198
- https://access.redhat.com/errata/RHSA-2019:1172
- https://access.redhat.com/errata/RHSA-2019:1190
- https://access.redhat.com/errata/RHSA-2019:1194
- https://access.redhat.com/errata/RHSA-2019:1199
- https://access.redhat.com/errata/RHSA-2019:1200
- https://access.redhat.com/errata/RHSA-2019:1202
- https://access.redhat.com/errata/RHSA-2019:1201
- https://access.redhat.com/errata/RHSA-2019:1171
- https://access.redhat.com/errata/RHSA-2019:1197
- https://access.redhat.com/errata/RHSA-2019:1187
- https://access.redhat.com/errata/RHSA-2019:1186
- https://access.redhat.com/errata/RHSA-2019:1189
- https://access.redhat.com/errata/RHSA-2019:1188
- https://access.redhat.com/errata/RHSA-2019:1203
- https://access.redhat.com/errata/RHSA-2019:1204
- https://access.redhat.com/errata/RHSA-2019:1205
- https://access.redhat.com/errata/RHSA-2019:1206
- https://access.redhat.com/errata/RHSA-2019:1207
- https://access.redhat.com/errata/RHSA-2019:1209
- https://access.redhat.com/errata/RHSA-2019:1208
- https://bugzilla.redhat.com/show_bug.cgi?id=1667782
- https://support.apple.com/en-us/HT210119 (Advisory)
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
- https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
- https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
- https://xenbits.xen.org/xsa/advisory-297.html
- https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
- https://security-tracker.debian.org/tracker/CVE-2018-12127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
- https://nvd.nist.gov/vuln/detail/CVE-2018-12127
- https://ubuntu.com/security/CVE-2018-12127
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8603
- CVE-2019-8635
- CVE-2019-8590
- CVE-2019-8640
- CVE-2019-2102
- CVE-2019-8592
- CVE-2019-8585
- CVE-2019-8582
- CVE-2019-8589
- CVE-2019-8560
- CVE-2019-8634
- CVE-2019-8616
- CVE-2019-8629
- CVE-2018-4456
- CVE-2019-8606
- CVE-2019-8633
- CVE-2019-8525
- CVE-2019-8547
- CVE-2019-8576
- CVE-2019-8591
- CVE-2019-8573
- CVE-2019-8631
- CVE-2018-12126
- CVE-2018-12127
- CVE-2018-12130
- CVE-2019-11091
- CVE-2019-8604
- CVE-2019-8577
- CVE-2019-8600
- CVE-2019-8598
- CVE-2019-8602
- CVE-2019-8568
- CVE-2019-8574
- CVE-2019-8569
- CVE-2019-6237
- CVE-2019-8571
- CVE-2019-8583
- CVE-2019-8584
- CVE-2019-8586
- CVE-2019-8587
- CVE-2019-8594
- CVE-2019-8595
- CVE-2019-8596
- CVE-2019-8597
- CVE-2019-8601
- CVE-2019-8608
- CVE-2019-8609
- CVE-2019-8610
- CVE-2019-8611
- CVE-2019-8615
- CVE-2019-8619
- CVE-2019-8622
- CVE-2019-8623
- CVE-2019-8628
- CVE-2019-8607
- CVE-2019-8612
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-12127
- agent/type
- collector/apple-support
- alias/CVE-2018-12130
- alias/CVE-2019-11091
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/apple
- canonical/apple macos mojave
- canonical/apple high sierra
- canonical/apple sierra
- vendor/intel
- canonical/intel microarchitectural load port data sampling firmware
- canonical/intel microarchitectural load port data sampling
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- package-manager/debian