Dear DFI's Valued Customers,
DFI is aware of a new group of security vulnerabilities collectively known as Microarchitectural Data Sampling (MDS).
MDS is a subclass of previously disclosed speculative execution side-channel attacks on Intel® CPUs and consists of the following CVE assignments:
● CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
● CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
● CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
● CVE-2018-12130- Microarchitectural Fill Buffer Data Sampling (MFBDS)
Systems with microprocessors utilizing speculative execution in microarchitectural structures may be exploited by malicious code for improper data access.
The severity of these vulnerabilities is classified as low to medium by the Common Vulnerability Scoring System (CVSS).
So far there are no known reports of exploits outside of a research environment.
These issues can be mitigated with an update to Intel® microprocessor microcode through OS or BIOS update.
We recommend installing the OS update to ensure protection against MDS vulnerabilities.
BIOS updates will only be available upon request.
DFI will continue to closely work with Intel® to investigate and mitigate any potential impact to affected products and will keep our customers informed of new threats and vulnerabilities.
For more information about these vulnerabilities such as impacted Intel® platforms, please see Microarchitectural Data Sampling Advisory from Intel® Product Security Center.
Regarding developing products, DFI will install the latest OS and BIOS updates prior to their release.
Sincerely,
DFI Inc.