Intel Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2019-11091 / 12126 / 12127 / 12130) | Daisy Corporate Services

Intel Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2019-11091 / 12126 / 12127 / 12130)

16th May 2019

Daisy has received notification from Intel disclosing a new set of speculative execution side channel vulnerabilities, collectively referred to as “Microarchitectural Data Sampling” (MDS). These vulnerabilities affect a number of Intel processors and have received four distinct CVE identifiers to reflect how they impact the different microarchitectural structures of the affected Intel processors:

CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12130 has been given the name “ZombieLoad”, however some agencies are (incorrectly) using the name ZombieLoad to describe all four vulnerabilities.

At the time of publication there have been no successful exploitation of these issues “in the wild”.

To exploit any of these four vulnerabilities, an attacker would require direct and persistent access to affected servers. Daisy perimeter security restricts access to authorised users only.

Daisy will be taking the approach of patching hypervisors initially followed by virtual/physical machine operating systems. As hardware vendors release new firmware versions related to these vulnerabilities, Daisy will review and schedule upgrades accordingly.

For Daisy shared platforms the programme of maintenance to apply these patches at the Hypervisor level will commence this week. This work will take place under change control and should not be service affecting for customers. Customers with dedicated platforms managed by Daisy will be contacted to discuss the required remediation work.

Daisy will continue to follow closely advisories provided by Intel and our operating systems vendors regarding this vulnerability, and further updates will be posted to the Service Updates page as appropriate.