{"id":"USN-3985-1","summary":"libvirt update","details":"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n","modified":"2026-02-10T04:41:32Z","published":"2019-05-15T18:18:21Z","related":["UBUNTU-CVE-2018-12126","UBUNTU-CVE-2018-12127","UBUNTU-CVE-2018-12130","UBUNTU-CVE-2019-11091"],"upstream":["CVE-2018-12126","CVE-2018-12127","CVE-2018-12130","CVE-2019-11091","UBUNTU-CVE-2018-12126","UBUNTU-CVE-2018-12127","UBUNTU-CVE-2018-12130","UBUNTU-CVE-2019-11091"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3985-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-12126"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-12127"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-12130"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11091"}],"affected":[{"package":{"name":"libvirt","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libvirt@1.3.1-1ubuntu10.26?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1ubuntu10.26"}]}],"versions":["1.2.16-2ubuntu11","1.2.16-2ubuntu12","1.2.16-2ubuntu13","1.2.16-2ubuntu14","1.2.21-2ubuntu1","1.2.21-2ubuntu3","1.2.21-2ubuntu4","1.2.21-2ubuntu5","1.2.21-2ubuntu7","1.2.21-2ubuntu8","1.2.21-2ubuntu9","1.2.21-2ubuntu10","1.3.1-1ubuntu1","1.3.1-1ubuntu2","1.3.1-1ubuntu3","1.3.1-1ubuntu4","1.3.1-1ubuntu6","1.3.1-1ubuntu9","1.3.1-1ubuntu10","1.3.1-1ubuntu10.1","1.3.1-1ubuntu10.2","1.3.1-1ubuntu10.3","1.3.1-1ubuntu10.5","1.3.1-1ubuntu10.6","1.3.1-1ubuntu10.7","1.3.1-1ubuntu10.8","1.3.1-1ubuntu10.10","1.3.1-1ubuntu10.11","1.3.1-1ubuntu10.12","1.3.1-1ubuntu10.13","1.3.1-1ubuntu10.14","1.3.1-1ubuntu10.15","1.3.1-1ubuntu10.17","1.3.1-1ubuntu10.18","1.3.1-1ubuntu10.19","1.3.1-1ubuntu10.21","1.3.1-1ubuntu10.22","1.3.1-1ubuntu10.23","1.3.1-1ubuntu10.24","1.3.1-1ubuntu10.25"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libvirt-bin","binary_version":"1.3.1-1ubuntu10.26"},{"binary_name":"libvirt-dev","binary_version":"1.3.1-1ubuntu10.26"},{"binary_name":"libvirt0","binary_version":"1.3.1-1ubuntu10.26"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3985-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12126"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12127"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12130"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-11091"}]}}},{"package":{"name":"libvirt","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libvirt@4.0.0-1ubuntu8.10?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.0-1ubuntu8.10"}]}],"versions":["3.6.0-1ubuntu5","3.6.0-1ubuntu6","4.0.0-1ubuntu1","4.0.0-1ubuntu2","4.0.0-1ubuntu3","4.0.0-1ubuntu4","4.0.0-1ubuntu5","4.0.0-1ubuntu6","4.0.0-1ubuntu7","4.0.0-1ubuntu8","4.0.0-1ubuntu8.1","4.0.0-1ubuntu8.2","4.0.0-1ubuntu8.3","4.0.0-1ubuntu8.4","4.0.0-1ubuntu8.5","4.0.0-1ubuntu8.6","4.0.0-1ubuntu8.7","4.0.0-1ubuntu8.8","4.0.0-1ubuntu8.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libnss-libvirt","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-bin","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-clients","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon-driver-storage-gluster","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon-driver-storage-rbd","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon-driver-storage-sheepdog","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon-driver-storage-zfs","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-daemon-system","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-dev","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-sanlock","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt-wireshark","binary_version":"4.0.0-1ubuntu8.10"},{"binary_name":"libvirt0","binary_version":"4.0.0-1ubuntu8.10"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3985-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12126"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12127"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2018-12130"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-11091"}]}}}],"schema_version":"1.7.3"}