Synology-SA-19:24 Microarchitectural Data Sampling

Publish Time: 2019-05-15 18:59:52 UTC+8

Last Updated: 2021-05-14 15:42:03 UTC+8

Severity: Moderate

Status: Resolved

Abstract

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 allow local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) running on an Intel CPU or even if in Virtual Machine Manager.

Affected Products

Product	Severity	Fixed Release Availability
DSM 6.2^[1]	Moderate	Upgrade to 6.2.3-25423 or above.
DSM 6.1^[2]	Moderate	Will be fixed in DSM 6.2.
DSM 5.2^[3]	Moderate	Will be fixed in DSM 6.2.
SkyNAS	Moderate	Upgrade to 6.2.3-25426 or above.
VIrtual Machine Manager	Moderate	Upgrade to 6.2.3-25423 or above.
SRM 1.2	Not affected	N/A
VS960HD	Not affected	N/A
VS360HD	Not affected	N/A

^[1] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+, FS3017, RS3617xs, DS418play, DS918+, DS718+, DS218+, DS1618+, RS2418+, RS2418RP+, RS2818RP+, DS1019+, DS2419+, DS1819+

^[2] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+, FS3017, RS3617xs, DS418play, DS918+, DS718+, DS218+, DS1618+, RS2418+, RS2418RP+, RS2818RP+

^[3] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+

Mitigation

None

Detail

CVE-2018-12126
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12130
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-11091
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Reference

Revision

Revision	Date	Description
1	2019-05-15	Initial public release.
2	2019-12-17	Disclosed vulnerability details.
3	2020-10-20	Update for DSM 6.2 is now available in Affected Products.