Security Notice - Statement on the Side Channel Vulnerabilities ＂MDS＂ of Chips

On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), Intel unified this series of vulnerabilities into Microarchitectural Data Sampling vulnerabilities. The exploitation of these vulnerabilities requires an attacker to embed malicious code in the target device, mainly for local use. In some cases, it may also be remotely exploited through JS code and malicious websites. These attack methods can be effective in both PC and cloud environments. They can cause applications, operating system virtual machines, and trusted execution environments to disclose sensitive information, including passwords, website content, disk encryption keys, and browser history.

[1]Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
[2]Red Hat: https://access.redhat.com/security/vulnerabilities/mds
[3]Microsoft: https://support.microsoft.com/en-us/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel

2019-06-11 V1.1 UPDATED Increase the link of SA
2019-06-08 V1.1 UPDATED Increase the list of affected products
2019-05-30 V1.0 INITIAL

KAYTUS shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, KAYTUS disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement. In no event shall KAYTUS or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. KAYTUS is entitled to amend or update this document from time to time.