CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
29.4%
Severity: High
Date : 2019-11-13
CVE-ID : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139
Package : intel-ucode
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1068
The package intel-ucode before version 20191112-1 is vulnerable to
multiple issues including information disclosure, private key recovery
and denial of service.
Upgrade to 20191112-1.
The problems have been fixed upstream in version 20191112.
None.
A flaw was found in the implementation of SGX around the access control
of protected memory. A local attacker of a system with SGX enabled and
an affected intel GPU with the ability to execute code is able to infer
the contents of the SGX protected memory.
A flaw was found in the way Intel CPUs handle speculative execution of
instructions when the TSX Asynchronous Abort (TAA) error occurs. A
local authenticated attacker with the ability to monitor execution
times could infer the TSX memory state by comparing abort execution
times. This could allow information disclosure via this observed side-
channel for any TSX transaction being executed while an attacker is
able to observe abort timing. Intel’s Transactional Synchronisation
Extensions (TSX) are set of instructions which enable transactional
memory support to improve performance of the multi-threaded
applications, in the lock-protected critical sections. The CPU executes
instructions in the critical-sections as transactions, while ensuring
their atomic state. When such transaction execution is unsuccessful,
the processor cannot ensure atomic updates to the transaction memory,
so the processor rolls back or aborts such transaction execution. While
TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data
from architectural buffers and pass it to the dependent speculative
operations. This may cause information leakage via speculative side-
channel means, which is quite similar to the Microarchitectural Data
Sampling (MDS) issue.
This mitigation is only effective using one the follow linux kernels:
v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11.
It was discovered that certain Intel Xeon processors did not properly
restrict access to a voltage modulation interface. A local privileged
attacker could use this to cause a denial of service (system crash).
A local unprivileged attacker with access to an affected GPU can read
protected memory on an SGX enclave. Further, an attacker can infer the
contents of TPM keys using side-channel attacks. Finally, an attacker
can crash the system by accessing the voltage modulator interface on
certain Xeon processors.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
https://security.archlinux.org/CVE-2019-0117
https://security.archlinux.org/CVE-2019-11135
https://security.archlinux.org/CVE-2019-11139
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | intel-ucode | < 20191112-1 | UNKNOWN |
security.archlinux.org/AVG-1068
security.archlinux.org/CVE-2019-0117
security.archlinux.org/CVE-2019-11135
security.archlinux.org/CVE-2019-11139
software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
29.4%