On November 12, 2019, Intel released a number of new security advisories and 4 functional updates as a part of the 2019.2 Intel Platform Update (IPU). Among the newly-disclosed issues are vulnerabilities CVE-2018-12207 and CVE-2019-11135. CVE-2019-11135 is closely related to the Microarchitectural Data Sampling (MDS) issues (CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, and CVE-2018-12127) that were addressed earlier this year.
Oracle has worked with Intel and other industry partners to develop technical mitigations against the issues that were disclosed today. The technical mitigations against these issues require both software and firmware updates (only a subset of the issues disclosed today can be addressed solely with operating system microcode patches). As a result:
To obtain software patches:
To obtain updated firmware (UEFI, microcode, etc.) or operating system microcode patches:
The Oracle Cloud teams are aware of these security bulletins and will apply the required patches in accordance with their change management procedures. Oracle Cloud Infrastructure customers should refer to the documentation for the operating systems they are using to apply the required updates against their instances.
For More Information:
The Intel Advisories are published at https://www.intel.com/security
Intel’s guidance related to the Microarchitectural Data Sampling issues are published at https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling