FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Microarchitectural Data Sampling (MDS)

Affected packages
12.0 <= FreeBSD-kernel < 12.0_5
11.2 <= FreeBSD-kernel < 11.2_10

Details

VuXML ID a633651b-b309-11e9-a87f-a4badb2f4699
Discovery 2019-05-14
Entry 2019-07-30

Problem Description:

On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure.

Impact:

An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).

References

CVE Name CVE-2018-1212
CVE Name CVE-2018-1213
CVE Name CVE-2019-1109
FreeBSD Advisory SA-19:07.mds