CVE-2018-12130
Public on 2019-05-07
Modified on 2019-08-27
Description
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2019-05-07 | ALAS-2019-1205 | Fixed |
| Amazon Linux 2 - Core | kernel | 2019-05-07 | ALAS2-2019-1205 | Fixed |
| Amazon Linux 2 - Core | libvirt | 2019-08-23 | ALAS2-2019-1274 | Fixed |
| Amazon Linux 1 | qemu-kvm | 2019-08-07 | ALAS-2019-1260 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.2 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv2 | 4.7 | AV:L/AC:M/Au:N/C:C/I:N/A:N |
| NVD | CVSSv3 | 5.6 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |