Synology-SA-19:24 Microarchitectural Data Sampling
Publish Time: 2019-05-15 18:59:52 UTC+8
Last Updated: 2019-05-15 18:59:52 UTC+8
- Severity
- Moderate
- Status
- Ongoing
Abstract
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 allow local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) running on an Intel CPU or even if in Virtual Machine Manager.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2[1] | Moderate | Ongoing |
| DSM 6.1[2] | Moderate | Will be fixed in DSM 6.2. |
| DSM 5.2[3] | Moderate | Will be fixed in DSM 6.2. |
| SkyNAS | Moderate | Ongoing |
| VIrtual Machine Manager | Moderate | Ongoing |
| SRM 1.2 | Not affected | N/A |
| VS960HD | Not affected | N/A |
| VS360HD | Not affected | N/A |
[1] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+, FS3017, RS3617xs, DS418play, DS918+, DS718+, DS218+, DS1618+, RS2418+, RS2418RP+, RS2818RP+, DS1019+, DS2419+, DS1819+
[2] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+, FS3017, RS3617xs, DS418play, DS918+, DS718+, DS218+, DS1618+, RS2418+, RS2418RP+, RS2818RP+
[3] DS3611xs, RS3411RPxs, RS3411RPxs, DS3612xs, RS3412RPxs, RS3412xs, RS3413xs+, RS10613xs+, RS3614xs, RS3614RPxs, DS3615xs, RS3614xs+, RC18015xs+, RS18016xs+
Mitigation
None
Detail
Reserved
Reference
- Intel Releases Security Updates, Mitigations for Multiple Products
- INTEL-SA-00233
- CVE-2018-12126
- CVE-2018-12127
- CVE-2018-12130
- CVE-2019-11091
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2019-05-15 | Initial public release. |