wid-sec-w-2023-1692
Vulnerability from csaf_certbund
Published
2019-05-14 22:00
Modified
2023-07-09 22:00
Summary
Intel Prozessoren: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- MacOS X
- Windows
- BIOS/Firmware
- Native Hypervisor
- Appliance
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- BIOS/Firmware\n- Native Hypervisor\n- Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1692 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-1692.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1692 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1692"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-3822 vom 2023-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2023-3822.html"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00233 vom 2019-05-14",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"category": "external",
"summary": "ZombieLoad Attack vom 2019-05-15",
"url": "https://zombieloadattack.com/"
},
{
"category": "external",
"summary": "RIDL and Fallout: MDS attacks vom 2019-05-15",
"url": "https://mdsattacks.com/"
},
{
"category": "external",
"summary": "CPU.fail",
"url": "https://cpu.fail/"
},
{
"category": "external",
"summary": "PoC Demonstration auf YouTube",
"url": "https://youtu.be/JXPebaGY8RA"
},
{
"category": "external",
"summary": "Red Hat Patchsammlung",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-1169",
"url": "http://linux.oracle.com/errata/ELSA-2019-1169.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-1180",
"url": "http://linux.oracle.com/errata/ELSA-2019-1180.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-1181",
"url": "http://linux.oracle.com/errata/ELSA-2019-1181.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-4629",
"url": "http://linux.oracle.com/errata/ELSA-2019-4629.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-4636",
"url": "http://linux.oracle.com/errata/ELSA-2019-4636.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-4637",
"url": "http://linux.oracle.com/errata/ELSA-2019-4637.html"
},
{
"category": "external",
"summary": "Oracle Enterprise Linux Security Advisory ELSA-2019-4640",
"url": "http://linux.oracle.com/errata/ELSA-2019-4640.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4444",
"url": "http://www.debian.org/security/2019/dsa-4444"
},
{
"category": "external",
"summary": "VMware Security Advisory VMSA-2019-0008",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0008.html"
},
{
"category": "external",
"summary": "XEN Security Advisory XSA-297",
"url": "http://xenbits.xen.org/xsa/advisory-297.html"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FreeBSD-SA-19:07.mds",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"category": "external",
"summary": "Additional mitigations for speculative execution vulnerabilities in Intel CPUs",
"url": "https://support.apple.com/de-de/HT210107"
},
{
"category": "external",
"summary": "Citrix Hypervisor Security Update CTX251995",
"url": "https://support.citrix.com/article/CTX251995"
},
{
"category": "external",
"summary": "HP April 2019 BIOS Refresh",
"url": "https://support.hp.com/de-de/document/c06326383"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3977-1",
"url": "https://usn.ubuntu.com/3977-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3978-1",
"url": "https://usn.ubuntu.com/3978-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3979-1",
"url": "https://usn.ubuntu.com/3979-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3980-2",
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3981-1",
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3981-2",
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3982-2",
"url": "https://usn.ubuntu.com/3982-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3983-1",
"url": "https://usn.ubuntu.com/3983-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3983-2",
"url": "https://usn.ubuntu.com/3983-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3984-1",
"url": "https://usn.ubuntu.com/3984-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1235-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1235-1-important-ucode-intel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1236-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191236-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1238-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1238-1-important-qemu"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1241-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1241-1-important-the-linux-kernel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1242-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191242-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1243-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191243-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1244-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1244-1-important-the-linux-kernel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1245-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1245-1-important-the-linux-kernel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1248-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191248-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-14048-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-14048-1-important-microcode_ctl"
},
{
"category": "external",
"summary": "Microsoft Security Advisory ADV190013",
"url": "https://portal.msrc.microsoft.com/de-de/security-guidance/advisory/ADV190013"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4447",
"url": "http://www.debian.org/security/2019/dsa-4447"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1240-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1240-1-important-the-linux-kernel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019-1239-1",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1239-1-important-qemu"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-1168 vom 2019-05-15",
"url": "http://linux.oracle.com/errata/ELSA-2019-1168.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-1177 vom 2019-05-15",
"url": "http://linux.oracle.com/errata/ELSA-2019-1177.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-1178 vom 2019-05-15",
"url": "http://linux.oracle.com/errata/ELSA-2019-1178.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3985-1 vom 2019-05-16",
"url": "https://usn.ubuntu.com/3985-1/"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1168 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1168-Important-CentOS-7-kernel-Security-Update-tp4645554.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1177 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1177-Important-CentOS-7-libvirt-Security-Update-tp4645553.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1178 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1178-Important-CentOS-7-qemu-kvm-Security-Update-tp4645552.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1169 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1169-Important-CentOS-6-kernel-Security-Update-tp4645549.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1180 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1180-Important-CentOS-6-libvirt-Security-Update-tp4645548.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:1181 vom 2019-05-15",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1181-Important-CentOS-6-qemu-kvm-Security-Update-tp4645547.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4643 vom 2019-05-16",
"url": "http://linux.oracle.com/errata/ELSA-2019-4643.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3985-2 vom 2019-05-17",
"url": "https://usn.ubuntu.com/3985-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1272-1 vom 2019-05-17",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191272-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14051-1 vom 2019-05-17",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1269-1 vom 2019-05-17",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191269-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1289-1 vom 2019-05-18",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1287-1 vom 2019-05-18",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14052-1 vom 2019-05-18",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914052-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1268-1 vom 2019-05-17",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191268-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1296-1 vom 2019-05-21",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1296-1-important-ucode-intel?rss"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14053-1 vom 2019-05-21",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-14053-1-important-kvm?rss"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1296-1 vom 2019-05-21",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191296-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1313-1 vom 2019-05-22",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191313-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3977-2 vom 2019-05-23",
"url": "https://usn.ubuntu.com/3977-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14063-1 vom 2019-05-24",
"url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-14063-1-important-xen"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14063-1 vom 2019-05-24",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914063-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1349-1 vom 2019-05-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191349-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1348-1 vom 2019-05-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191348-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1347-1 vom 2019-05-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191347-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1356-1 vom 2019-05-28",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191356-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1371-1 vom 2019-05-29",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191371-1.html"
},
{
"category": "external",
"summary": "Palo Alto Networks PAN-117746 vom 2019-05-30",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/150"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2019-0016 vom 2019-05-30",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000939.html"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2019-0018 vom 2019-05-30",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000940.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4669 vom 2019-05-31",
"url": "http://linux.oracle.com/errata/ELSA-2019-4669.html"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2019-0024 vom 2019-06-05",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000943.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1423-1 vom 2019-06-05",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191423-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1438-1 vom 2019-06-06",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191438-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4672 vom 2019-06-06",
"url": "http://linux.oracle.com/errata/ELSA-2019-4672.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1452-1 vom 2019-06-08",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191452-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4675 vom 2019-06-07",
"url": "http://linux.oracle.com/errata/ELSA-2019-4675.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1455 vom 2019-06-12",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1490-1 vom 2019-06-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191490-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1547-1 vom 2019-06-18",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191547-1.html"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2019-0026 vom 2019-06-18",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000945.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1550-1 vom 2019-06-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191550-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3977-3 vom 2019-06-21",
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4469 vom 2019-06-23",
"url": "https://www.debian.org/security/2019/dsa-4469"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4713 vom 2019-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2019-4713.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4714 vom 2019-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2019-4714.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1910-1 vom 2019-07-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191910-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1909-1 vom 2019-07-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191909-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1954-1 vom 2019-07-23",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191954-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14133-1 vom 2019-07-23",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914133-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4702 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4702.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4732 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4732.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2029 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2029.html"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2553 vom 2019-08-22",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"category": "external",
"summary": "McAfee Security Bulletin SB10292",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2430-1 vom 2019-09-23",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192430-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2769-1 vom 2019-10-24",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1.html"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2019-199 vom 2019-12-20",
"url": "https://www.dell.com/support/security/de-de/details/539821/DSA-2019-199-Dell-EMC-Avamar-Intel-Microarchitectural-Data-Sampling-Vulnerabilities"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2020-305 vom 2020-03-19",
"url": "http://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2020/02.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1275-1 vom 2020-05-21",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201275-1.html"
},
{
"category": "external",
"summary": "EMC Security Advisory 533910 vom 2020-06-22",
"url": "https://www.dell.com/support/security/de-de/details/533910/Intel-SA-00233-Impact-on-Dell-EMC-Products"
}
],
"source_lang": "en-US",
"title": "Intel Prozessoren: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2023-07-09T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:35:30.360+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-1692",
"initial_release_date": "2019-05-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-05-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-05-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora, Oracle Linux, Ubuntu, Debian und CentOS aufgenommen"
},
{
"date": "2019-05-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2019-05-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-22T22:00:00.000+00:00",
"number": "6",
"summary": "Schreibfehler korrigiert"
},
{
"date": "2019-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2019-05-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-27T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von PaloAlto Networks"
},
{
"date": "2019-05-30T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von ORACLE aufgenommen"
},
{
"date": "2019-06-02T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux und ORACLE aufgenommen"
},
{
"date": "2019-06-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von ORACLE und SUSE aufgenommen"
},
{
"date": "2019-06-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2019-06-10T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2019-06-11T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-06-13T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-18T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE und ORACLE aufgenommen"
},
{
"date": "2019-06-20T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-06-23T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-06-27T22:00:00.000+00:00",
"number": "22",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2019-07-10T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-07-21T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-07-23T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-08-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-13T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-22T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-11T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von McAfee aufgenommen"
},
{
"date": "2019-09-23T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-10-24T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-12-19T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2020-01-12T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2020-03-18T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2020-05-21T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-06-21T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2023-07-09T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apple macOS",
"product": {
"name": "Apple macOS",
"product_id": "697",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:-"
}
}
}
],
"category": "vendor",
"name": "Apple"
},
{
"branches": [
{
"category": "product_name",
"name": "Citrix Systems XenServer",
"product": {
"name": "Citrix Systems XenServer",
"product_id": "T004077",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:-"
}
}
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel Prozessor",
"product": {
"name": "Intel Prozessor",
"product_id": "T011586",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper Junos Space \u003c 19.4R1",
"product": {
"name": "Juniper Junos Space \u003c 19.4R1",
"product_id": "T015663",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:19.4r1"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "McAfee Data Loss Prevention",
"product": {
"name": "McAfee Data Loss Prevention",
"product_id": "T007338",
"product_identification_helper": {
"cpe": "cpe:/a:mcafee:data_loss_prevention:-"
}
}
},
{
"category": "product_name",
"name": "McAfee Email Gateway",
"product": {
"name": "McAfee Email Gateway",
"product_id": "T014992",
"product_identification_helper": {
"cpe": "cpe:/a:mcafee:email_gateway:-"
}
}
},
{
"category": "product_name",
"name": "McAfee Enterprise Security Manager",
"product": {
"name": "McAfee Enterprise Security Manager",
"product_id": "T014993",
"product_identification_helper": {
"cpe": "cpe:/a:mcafee:enterprise_security_manager:-"
}
}
},
{
"category": "product_name",
"name": "McAfee Threat Intelligence Exchange",
"product": {
"name": "McAfee Threat Intelligence Exchange",
"product_id": "T014994",
"product_identification_helper": {
"cpe": "cpe:/a:mcafee:threat_intelligence_exchange:-"
}
}
},
{
"category": "product_name",
"name": "McAfee Web Gateway",
"product": {
"name": "McAfee Web Gateway",
"product_id": "T003324",
"product_identification_helper": {
"cpe": "cpe:/a:mcafee:web_gateway:-"
}
}
}
],
"category": "vendor",
"name": "McAfee"
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Windows 10",
"product": {
"name": "Microsoft Windows 10",
"product_id": "T005617",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_10:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server",
"product": {
"name": "Microsoft Windows Server",
"product_id": "T012776",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Windows Server 2019",
"product": {
"name": "Microsoft Windows Server 2019",
"product_id": "T012979",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows_server_2019:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Xen",
"product": {
"name": "Open Source Xen",
"product_id": "T000611",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle VM",
"product": {
"name": "Oracle VM",
"product_id": "T011119",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks PAN-OS",
"product": {
"name": "PaloAlto Networks PAN-OS",
"product_id": "393593",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "VMware ESXi",
"product": {
"name": "VMware ESXi",
"product_id": "T009575",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:-"
}
}
},
{
"category": "product_name",
"name": "VMware Fusion",
"product": {
"name": "VMware Fusion",
"product_id": "T009574",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:fusion:-"
}
}
},
{
"category": "product_name",
"name": "VMware Workstation",
"product": {
"name": "VMware Workstation",
"product_id": "11768",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:workstation:-"
}
}
},
{
"category": "product_name",
"name": "VMware Workstation Player",
"product": {
"name": "VMware Workstation Player",
"product_id": "T014230",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:player:-"
}
}
},
{
"category": "product_name",
"name": "VMware vCenter Server",
"product": {
"name": "VMware vCenter Server",
"product_id": "T012302",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:vcenter_server:-"
}
}
}
],
"category": "vendor",
"name": "VMware"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Network Attached Storage",
"product": {
"name": "Hitachi Network Attached Storage",
"product_id": "T011055",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:-"
}
}
}
],
"category": "vendor",
"name": "hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Desktop Firmware",
"product": {
"name": "HP Desktop Firmware",
"product_id": "T014231",
"product_identification_helper": {
"cpe": "cpe:/a:hp:desktop_firmware:-"
}
}
}
],
"category": "vendor",
"name": "hp"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"product_id": "T002247",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:-"
}
}
}
],
"category": "vendor",
"name": "suse"
},
{
"branches": [
{
"category": "product_name",
"name": "VMware vCenter Server Appliance",
"product": {
"name": "VMware vCenter Server Appliance",
"product_id": "T004416",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:vcenter_server_appliance:-"
}
}
}
],
"category": "vendor",
"name": "vmware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Intel-Prozessoren. Ein Angreifer kann Teile von CPU-internen Puffern durch Seitenkanalangriffe offenlegen. Dies wird als \"Microarchitectural Data Sampling (MDS)\" bezeichnet. Die Schwachstellen wurden \"Zombieload\", \"RIDL\" und \"Fallout\" genannt. Die Auswirkungen sind vergleichbar mit den bereits bekannten Schwachstellen \"Meltdown\" (CVE-2017-5754) und \"Spectre\" (CVE-2017-5715, CVE-2017-5753). Je nach Szenario muss der Angreifer ein Programm lokal ausf\u00fchren, um diese Schwachstellen auszunutzen. In einer virtualisierten Umgebung kann der Angriff jedoch auch von einer benachbarten VM aus gestartet werden."
}
],
"product_status": {
"known_affected": [
"T004077",
"T012979",
"67646",
"4035",
"T003324",
"T012776",
"T004416",
"T011586",
"T014994",
"T014993",
"T004914",
"T014992",
"T014230",
"T014231",
"11768",
"697",
"T000611",
"T011119",
"393593",
"T012302",
"T007338",
"T011055",
"T005617",
"T014381",
"2951",
"T002207",
"T000126",
"T002247",
"1727",
"T009575",
"T009574"
]
},
"release_date": "2019-05-14T22:00:00Z",
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Intel-Prozessoren. Ein Angreifer kann Teile von CPU-internen Puffern durch Seitenkanalangriffe offenlegen. Dies wird als \"Microarchitectural Data Sampling (MDS)\" bezeichnet. Die Schwachstellen wurden \"Zombieload\", \"RIDL\" und \"Fallout\" genannt. Die Auswirkungen sind vergleichbar mit den bereits bekannten Schwachstellen \"Meltdown\" (CVE-2017-5754) und \"Spectre\" (CVE-2017-5715, CVE-2017-5753). Je nach Szenario muss der Angreifer ein Programm lokal ausf\u00fchren, um diese Schwachstellen auszunutzen. In einer virtualisierten Umgebung kann der Angriff jedoch auch von einer benachbarten VM aus gestartet werden."
}
],
"product_status": {
"known_affected": [
"T004077",
"T012979",
"67646",
"4035",
"T003324",
"T012776",
"T004416",
"T011586",
"T014994",
"T014993",
"T004914",
"T014992",
"T014230",
"T014231",
"11768",
"697",
"T000611",
"T011119",
"393593",
"T012302",
"T007338",
"T011055",
"T005617",
"T014381",
"2951",
"T002207",
"T000126",
"T002247",
"1727",
"T009575",
"T009574"
]
},
"release_date": "2019-05-14T22:00:00Z",
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Intel-Prozessoren. Ein Angreifer kann Teile von CPU-internen Puffern durch Seitenkanalangriffe offenlegen. Dies wird als \"Microarchitectural Data Sampling (MDS)\" bezeichnet. Die Schwachstellen wurden \"Zombieload\", \"RIDL\" und \"Fallout\" genannt. Die Auswirkungen sind vergleichbar mit den bereits bekannten Schwachstellen \"Meltdown\" (CVE-2017-5754) und \"Spectre\" (CVE-2017-5715, CVE-2017-5753). Je nach Szenario muss der Angreifer ein Programm lokal ausf\u00fchren, um diese Schwachstellen auszunutzen. In einer virtualisierten Umgebung kann der Angriff jedoch auch von einer benachbarten VM aus gestartet werden."
}
],
"product_status": {
"known_affected": [
"T004077",
"T012979",
"67646",
"4035",
"T003324",
"T012776",
"T004416",
"T011586",
"T014994",
"T014993",
"T004914",
"T014992",
"T014230",
"T014231",
"11768",
"697",
"T000611",
"T011119",
"393593",
"T012302",
"T007338",
"T011055",
"T005617",
"T014381",
"2951",
"T002207",
"T000126",
"T002247",
"1727",
"T009575",
"T009574"
]
},
"release_date": "2019-05-14T22:00:00Z",
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Intel-Prozessoren. Ein Angreifer kann Teile von CPU-internen Puffern durch Seitenkanalangriffe offenlegen. Dies wird als \"Microarchitectural Data Sampling (MDS)\" bezeichnet. Die Schwachstellen wurden \"Zombieload\", \"RIDL\" und \"Fallout\" genannt. Die Auswirkungen sind vergleichbar mit den bereits bekannten Schwachstellen \"Meltdown\" (CVE-2017-5754) und \"Spectre\" (CVE-2017-5715, CVE-2017-5753). Je nach Szenario muss der Angreifer ein Programm lokal ausf\u00fchren, um diese Schwachstellen auszunutzen. In einer virtualisierten Umgebung kann der Angriff jedoch auch von einer benachbarten VM aus gestartet werden."
}
],
"product_status": {
"known_affected": [
"T004077",
"T012979",
"67646",
"4035",
"T003324",
"T012776",
"T004416",
"T011586",
"T014994",
"T014993",
"T004914",
"T014992",
"T014230",
"T014231",
"11768",
"697",
"T000611",
"T011119",
"393593",
"T012302",
"T007338",
"T011055",
"T005617",
"T014381",
"2951",
"T002207",
"T000126",
"T002247",
"1727",
"T009575",
"T009574"
]
},
"release_date": "2019-05-14T22:00:00Z",
"title": "CVE-2019-11091"
}
]
}
Loading...