X

Corporate Security Blog

Intel security bulletins released on November 12, 2019

Eric Maurice
Director of Security Assurance

On November 12, 2019, Intel released a number of new security advisories and 4 functional updates as a part of the 2019.2 Intel Platform Update (IPU).  Among the newly-disclosed issues are vulnerabilities CVE-2018-12207 and CVE-2019-11135.  CVE-2019-11135 is closely related to the Microarchitectural Data Sampling (MDS) issues (CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, and CVE-2018-12127) that were addressed earlier this year. 

Oracle has worked with Intel and other industry partners to develop technical mitigations against the issues that were disclosed today.  The technical mitigations against these issues require both software and firmware updates (only a subset of the issues disclosed today can be addressed solely with operating system microcode patches).  As a result:

To obtain software patches:

To obtain updated firmware (UEFI, microcode, etc.) or operating system microcode patches:

  • Customers of Oracle x86 servers, Oracle Linux and Virtualization and Oracle Solaris should refer to "Intel 2019.2 Intel Platform Update: Firmware and Microcode Patch Availability" My Oracle Support Doc ID 2608268.1
  • Customers of Oracle Engineered Systems should refer to the specific patches for their engineered system.

The Oracle Cloud teams are aware of these security bulletins and will apply the required patches in accordance with their change management procedures.  Oracle Cloud Infrastructure customers should refer to the documentation for the operating systems they are using to apply the required updates against their instances.

 

For More Information:

The Intel Advisories are published at https://www.intel.com/security

Intel’s guidance related to the Microarchitectural Data Sampling issues are published at https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling