Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-12126

Exposure of Sensitive Information to an Unauthorized Actor

Published: May 30, 2019 | Modified: Nov 07, 2023
CVSS 3.x
5.6
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Ubuntu
HIGH
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-12126
CWEhttps://cwe.mitre.org/data/definitions/200.html

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Weakness

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Software

Name Vendor Start Version End Version
Microarchitectural_store_buffer_data_sampling_firmware Intel - (including) - (including)
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-754.14.2.el6 *
Red Hat Enterprise Linux 6 RedHat libvirt-0:0.10.2-64.el6_10.1 *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.506.el6_10.3 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat kernel-0:2.6.32-431.94.2.el6 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat libvirt-0:0.10.2-29.el6_5.18 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat qemu-kvm-2:0.12.1.2-2.415.el6_5.20 *
Red Hat Enterprise Linux 6.6 Advanced Update Support RedHat kernel-0:2.6.32-504.78.2.el6 *
Red Hat Enterprise Linux 6.6 Advanced Update Support RedHat libvirt-0:0.10.2-46.el6_6.10 *
Red Hat Enterprise Linux 6.6 Advanced Update Support RedHat qemu-kvm-2:0.12.1.2-2.448.el6_6.8 *
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-957.12.2.rt56.929.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-957.12.2.el7 *
Red Hat Enterprise Linux 7 RedHat libvirt-0:4.5.0-10.el7_6.9 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-160.el7_6.2 *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat kernel-0:3.10.0-327.78.2.el7 *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat libvirt-0:1.2.17-13.el7_2.10 *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat qemu-kvm-10:1.5.3-105.el7_2.19 *
Red Hat Enterprise Linux 7.2 Telco Extended Update Support RedHat kernel-0:3.10.0-327.78.2.el7 *
Red Hat Enterprise Linux 7.2 Telco Extended Update Support RedHat libvirt-0:1.2.17-13.el7_2.10 *
Red Hat Enterprise Linux 7.2 Telco Extended Update Support RedHat qemu-kvm-10:1.5.3-105.el7_2.19 *
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions RedHat kernel-0:3.10.0-327.78.2.el7 *
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions RedHat libvirt-0:1.2.17-13.el7_2.10 *
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions RedHat qemu-kvm-10:1.5.3-105.el7_2.19 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat kernel-0:3.10.0-514.64.2.el7 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat libvirt-0:2.0.0-10.el7_3.14 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat qemu-kvm-10:1.5.3-126.el7_3.17 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat kernel-0:3.10.0-514.64.2.el7 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat libvirt-0:2.0.0-10.el7_3.14 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat qemu-kvm-10:1.5.3-126.el7_3.17 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat kernel-0:3.10.0-514.64.2.el7 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat libvirt-0:2.0.0-10.el7_3.14 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat qemu-kvm-10:1.5.3-126.el7_3.17 *
Red Hat Enterprise Linux 7.4 Extended Update Support RedHat kernel-0:3.10.0-693.47.2.el7 *
Red Hat Enterprise Linux 7.4 Extended Update Support RedHat libvirt-0:3.2.0-14.el7_4.13 *
Red Hat Enterprise Linux 7.4 Extended Update Support RedHat qemu-kvm-10:1.5.3-141.el7_4.10 *
Red Hat Enterprise Linux 7.5 Extended Update Support RedHat kernel-0:3.10.0-862.32.2.el7 *
Red Hat Enterprise Linux 7.5 Extended Update Support RedHat libvirt-0:3.9.0-14.el7_5.9 *
Red Hat Enterprise Linux 7.5 Extended Update Support RedHat qemu-kvm-10:1.5.3-156.el7_5.7 *
Red Hat Enterprise Linux 8 RedHat virt:rhel-8000020190510171727.55190bc5 *
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-80.1.2.rt9.145.el8_0 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-80.1.2.el8_0 *
Red Hat Enterprise Linux 8 Advanced Virtualization RedHat virt:8.0.0-8000020190530233731.55190bc5 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt *
Red Hat OpenStack Platform 10.0 (Newton) RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.5 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.5 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.5 *
Red Hat OpenStack Platform 9.0 (Mitaka) RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.5 *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat vdsm-0:4.20.49-1.el7ev *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat redhat-release-virtualization-host-0:4.2-8.6.el7 *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat redhat-virtualization-host-0:4.2-20190512.0.el7_6 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.5 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat vdsm-0:4.30.13-4.el7ev *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat redhat-release-virtualization-host-0:4.3-0.7.el7 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat redhat-virtualization-host-0:4.3-20190512.0.el7_6 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat rhvm-appliance-0:4.3-20190506.0.el7 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-33.el7 *
Red Hat Virtualization Engine 4.2 RedHat rhvm-setup-plugins-0:4.2.14-1.el7ev *
Red Hat Virtualization Engine 4.3 RedHat rhvm-setup-plugins-0:4.3.1-1.el7ev *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-33.el7 *
Intel-microcode Ubuntu bionic *
Intel-microcode Ubuntu cosmic *
Intel-microcode Ubuntu disco *
Intel-microcode Ubuntu trusty *
Intel-microcode Ubuntu xenial *
Libvirt Ubuntu bionic *
Libvirt Ubuntu cosmic *
Libvirt Ubuntu devel *
Libvirt Ubuntu disco *
Libvirt Ubuntu eoan *
Libvirt Ubuntu focal *
Libvirt Ubuntu groovy *
Libvirt Ubuntu hirsute *
Libvirt Ubuntu impish *
Libvirt Ubuntu jammy *
Libvirt Ubuntu kinetic *
Libvirt Ubuntu lunar *
Libvirt Ubuntu mantic *
Libvirt Ubuntu noble *
Libvirt Ubuntu oracular *
Libvirt Ubuntu precise/esm *
Libvirt Ubuntu trusty/esm *
Libvirt Ubuntu xenial *
Linux Ubuntu bionic *
Linux Ubuntu cosmic *
Linux Ubuntu disco *
Linux Ubuntu trusty *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu cosmic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-6.5 Ubuntu upstream *
Linux-aws-6.8 Ubuntu upstream *
Linux-aws-fips Ubuntu trusty *
Linux-aws-fips Ubuntu upstream *
Linux-aws-fips Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu cosmic *
Linux-azure Ubuntu disco *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-6.5 Ubuntu upstream *
Linux-azure-6.8 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu trusty *
Linux-azure-fips Ubuntu upstream *
Linux-azure-fips Ubuntu xenial *
Linux-bluefield Ubuntu upstream *
Linux-dell300x Ubuntu upstream *
Linux-euclid Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/xenial *
Linux-fips Ubuntu upstream *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu cosmic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-6.5 Ubuntu upstream *
Linux-gcp-6.8 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-edge Ubuntu upstream *
Linux-gcp-fips Ubuntu trusty *
Linux-gcp-fips Ubuntu upstream *
Linux-gcp-fips Ubuntu xenial *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu upstream *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu xenial *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-6.5 Ubuntu upstream *
Linux-hwe-6.8 Ubuntu upstream *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.15 Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel Ubuntu upstream *
Linux-intel-5.13 Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-iot Ubuntu upstream *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu cosmic *
Linux-kvm Ubuntu disco *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-laptop Ubuntu upstream *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lowlatency-hwe-6.5 Ubuntu upstream *
Linux-lowlatency-hwe-6.8 Ubuntu upstream *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu upstream *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu xenial *
Linux-nvidia Ubuntu upstream *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-nvidia-6.5 Ubuntu upstream *
Linux-nvidia-6.8 Ubuntu upstream *
Linux-nvidia-lowlatency Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu cosmic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.13 Ubuntu upstream *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-6.5 Ubuntu upstream *
Linux-oem-6.8 Ubuntu upstream *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu cosmic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu eoan *
Linux-oracle Ubuntu upstream *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-5.8 Ubuntu upstream *
Linux-oracle-6.5 Ubuntu upstream *
Linux-oracle-6.8 Ubuntu upstream *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi-realtime Ubuntu upstream *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu cosmic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu eoan *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu upstream *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.15 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu upstream *
Linux-riscv-6.8 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-starfive Ubuntu upstream *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu upstream *
Linux-starfive-6.5 Ubuntu upstream *
Linux-xilinx-zynqmp Ubuntu upstream *
Qemu Ubuntu bionic *
Qemu Ubuntu cosmic *
Qemu Ubuntu devel *
Qemu Ubuntu disco *
Qemu Ubuntu eoan *
Qemu Ubuntu focal *
Qemu Ubuntu groovy *
Qemu Ubuntu hirsute *
Qemu Ubuntu impish *
Qemu Ubuntu jammy *
Qemu Ubuntu kinetic *
Qemu Ubuntu lunar *
Qemu Ubuntu mantic *
Qemu Ubuntu noble *
Qemu Ubuntu oracular *
Qemu Ubuntu trusty *
Qemu Ubuntu xenial *
Qemu-kvm Ubuntu precise/esm *

Extended Description

There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include:

Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected. These parties include:

Information exposures can occur in different ways:

It is common practice to describe any loss of confidentiality as an “information exposure,” but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read. CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store, transfer, or cleanse sensitive information.

Potential Mitigations

  • Compartmentalize the system to have “safe” areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use