2019.2 IPU – TSX Asynchronous Abort Advisory


### Summary: A potential security vulnerability in TSX Asynchronous Abort (TAA) for some Intel® Processors may allow information disclosure.** **Intel is releasing firmware updates to mitigate this potential vulnerability. ### Vulnerability Details: CVEID: [CVE-2019-11135](<https://vulners.com/cve/CVE-2019-11135>) Description: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVSS Base Score: 6.5 Medium CVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) ### Affected Products: This issue affects all current processors that support Intel© TSX unless IA32_ARCH_CAPABILITIES.TAA_NO (bit 8)=1. On CPUs affected by MDS, where IA32_ARCH_CAPABILITIES.MDS_NO (bit 5)=0, the existing MDS mitigations will also mitigate against TAA. A list of impacted products can be found [here.](<https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model>) ### Recommendations: Intel recommends that users of the affected Intel® Processors listed above, update to the latest firmware version provided by the system manufacturer that addresses these issues. For additional microcode information about the affected products, see [here](<https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/ipu-2019-2-microcode-update-guidance.pdf>) for the generic list of latest microcode updates including those for Intel-SA-00270. Additional technical details about TAA can be found [here](<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort>). Additional Advisory Guidance on CVE-2019-11135 available [here](<https://software.intel.com/content/www/us/en/develop/topics/software-security-guidance.html>). ### Acknowledgements: Intel would like to thank the following individuals for finding and reporting the vulnerability to us via coordinated disclosure. Intel thanks VU Amsterdam, CISPA to coordinate disclosure of TAA after the initial publication of their RIDL paper. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. CISPA Helmholtz Center for Information Security: Giorgi Maisuradze. Intel thanks TU Graz and KU Leuven to coordinate disclosure of TAA after the initial publication of their ZombieLoad paper. Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss. KU Leuven: Jo Van Bulck. Researchers from VUSec group at VU Amsterdam and CISPA Helmholtz Center provided Intel with a Proof of Concept (POC) in September 2018 and researchers from TU Graz and Ku Leuven provided Proof of Concept (POC) in April 2019. Intel subsequently confirmed each submission demonstrates TAA individually. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.