Intel CPU vulnerabilities
On 14 May 2019 security vulnerabilities were published regarding Intel and other processors, including those used in our servers, which could allow attackers to access sensitive data.
Action required for Self-Managed Servers
As the vulnerabilities can’t be fixed on the hardware level, OS developers are updating their operating systems to work around the error. For this reason, you will need to patch the relevant OS on your Self-Managed server.
The Microarchitectural Data Sampling (MDS) attacks, include 3 variants or attack vectors, and are known as;
- Fallout attack
- Zombieload
- Rogue In-Flight Data Load (RIDL)
Operating System Patches
Refer to the relevant Security Advisory for your Operating System
Debian
Security Advisory
- https://security-tracker.debian.org/tracker/CVE-2018-12126
- https://security-tracker.debian.org/tracker/CVE-2018-12130
- https://security-tracker.debian.org/tracker/CVE-2018-12127
- https://security-tracker.debian.org/tracker/CVE-2019-11091
Ubuntu
Announcement: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
Security Advisory
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11091.html
RedHat / CentOS
Announcement: https://access.redhat.com/security/vulnerabilities/mds
Security Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-12126
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-12130
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-12127
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-11091
OpenSUSE
Security Advisory
- https://www.suse.com/security/cve/CVE-2018-12126/
- https://www.suse.com/security/cve/CVE-2018-12130/
- https://www.suse.com/security/cve/CVE-2018-12127/
- https://www.suse.com/security/cve/CVE-2019-11091/
Microsoft Windows
Security Advisory