Skip to main content
  1. Blog
  2. Article

Alex Murray
on 14 May 2019

Ubuntu updates to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities

14.04 16.04 18.04 ESM Extended Security Maintenance Intel mds Security Trusty Tahr

Microarchitectural Data Sampling (MDS) describes a group of vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in various Intel microprocessors, which allow a malicious process to read various information from another process which is executing on the same CPU core. This occurs due to the use of various microarchitectural elements (buffers) within the CPU core. If one process is able to speculatively sample data from these buffers, it can infer their contents and read data belonging to another process since these buffers are not cleared when switching between processes. This includes switching between two different userspace processes, switching between kernel and userspace and switching between the host and a guest when using virtualisation.

In the case of a single process being scheduled to a single CPU thread, it is relatively simple to mitigate this vulnerability by clearing these buffers when scheduling a new process onto the CPU thread. To achieve this, Intel have released an updated microcode which combined with changes to the Linux kernel ensure these buffers are appropriately cleared.

Updated versions of the intel-microcode, qemu and linux kernel packages are being published as part of the standard Ubuntu security maintenance of Ubuntu releases 16.04 LTS, 18.04 LTS, 18.10, 19.04 and as part of the extended security maintenance for Ubuntu 14.04 ESM users. As these vulnerabilities affect such a large range of Intel processors (across laptop, desktop and server machines), a large percentage of Ubuntu users are expected to be impacted – users are encouraged to install these updated packages as soon as they become available.

The use of Symmetric Multi-Threading (SMT) – also known as Hyper-Threading – further complicates these issues since these buffers are shared between sibling Hyper-Threads. Therefore, the above changes are not sufficient to mitigate these vulnerabilities when SMT is enabled. As such, the use of SMT is not recommended when untrusted code or applications are being executed.

For further details, including the specific package versions that mitigate these vulnerablities and instructions for optionally disabling SMT, please consult this article within the Ubuntu Security Knowledge Base.

Related posts

ijlal-loutfi
6 March 2026

Sovereign clouds: enhanced data security with confidential computing 

Confidential computing Article

Increasingly, enterprises are interested in improving their level of control over their data, achieving digital sovereignty, and even building their own sovereign cloud. However, this means moving beyond thinking about just where your data is stored to thinking about the entire data lifecycle.  In this blog, we cover the differences betwe ...

Benjamin Ryzman
24 February 2026

Building quantum-safe telecom infrastructure for 5G and beyond

private mobile network Article

coRAN Labs and Canonical at MWC Barcelona 2026 At MWC Barcelona 2026, coRAN Labs and Canonical are presenting a working demonstration of a cloud-native, quantum-safe telecom platform for 5G and beyond 5G networks. This is not a conceptual exercise. It is a full 5G System (5GS) deployment with post-quantum cryptography embedded across the ...

Lidia Luna Puerta
14 January 2026

How to build DORA-ready infrastructure with verifiable provenance and reliable support

Ubuntu Article

DORA requires organizations to know what they run, where it came from, and how it’s maintained. Learn how to build infrastructure with verifiable provenance. ...