Oracle Cloud Infrastructure Customer Advisory for MDS Impact on the Compute Service

Intel disclosed these speculative execution side-channel processor vulnerabilities affecting Intel processors.

These vulnerabilities have received the following CVE identifiers:

  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)

  • CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)

  • CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)

For more information, see https://blogs.oracle.com/security/intelmds.

Oracle has deployed technical mitigations across Oracle Cloud Infrastructure systems designed to prevent a malicious attacker's virtual machine (VM) instance from accessing data from other VM instances.

You are advised to keep up with OS security patches to address this vulnerability. See Oracle Cloud Infrastructure Compute Content Impact for instructions to patch the OS on the instances you manage.

Additional Guidance for Oracle Cloud Infrastructure Bare Metal Instances

Bare metal instances in Oracle Cloud Infrastructure offer customers full control of a physical server. Oracle Cloud Infrastructure's network virtualization is designed and configured to protect these instances from unauthorized access of other instances on the Oracle Cloud Infrastructure network, including other customer instances, both VM instances and other bare metal instances

However, for customers running their own virtualization stack on bare metal instances, the MDS vulnerabilities could allow a virtual machine to access privileged information from the underlying hypervisor or other VMs on the same bare metal instance. These customers should review Intel's recommendations about these MDS vulnerabilities and make the recommended changes to their configurations, https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html.