Oracle Cloud Infrastructure Documentation

Oracle Cloud Infrastructure Customer Advisory for MDS Impact on the Database Service

Intel disclosed 4 new speculative execution side-channel processor vulnerabilities affecting Intel processors. These vulnerabilities have received the following CVE identifiers:

  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)

  • CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)

  • CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)

For more information, see https://blogs.oracle.com/security/intelmds.

Oracle has deployed technical mitigations across Oracle Cloud Infrastructure systems designed to prevent a malicious attacker’s virtual machine (VM) instance from accessing data from other VM instances.

Autonomous Data Warehouse and Autonomous Transaction Processing

Autonomous Data Warehouse provides fully managed databases optimized for running data warehouse workloads.

Autonomous Transaction Processing provides fully managed databases optimized for running online transaction processing and mixed database workloads.

Autonomous Data Warehouse and Autonomous Transaction Processing are not affected by MDS vulnerabilities. These services do not run on their own hypervisor and they do not allow for the execution of untrusted code in their services enclave. Customers can execute code within their own instances and each customer instance is isolated from that of another customer. No further customer action is currently required.

Guidance for the DatabaseService on Bare Metal Instances

The Database service on Oracle Cloud Infrastructure bare metal instances offer customers full control over their Oracle Database running on a physical server. Oracle Cloud Infrastructure's network virtualization is designed and configured to protect these instances from unauthorized access from other instances on theOracle Cloud Infrastructure network, including other customer instances, both VM instances and other bare metal instances. As a result, the Database service on bare metal instances are not affected by the MDS vulnerabilities.

Actions for Customers with VM DB Systems, Bare Metal DB Systems, or Exadata DB Systems

Customers are advised to apply available patches at the earliest possible time. Use the following instructions to patch a running instance: