A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has ‘TSX’ enabled. Confidentiality of data is the highest threat associated with this vulnerability.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338

software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort

www.openwall.com/lists/oss-security/2019/12/10/3

cve 2

veracode 2

f5 2

redhatcve 2

nvd 2

cvelist 2

debiancve 2

ubuntucve 2

redhat 24

nessus 72

openvas 31

centos 2

symantec 2

cbl_mariner 1

prion 1

ibm 2

photon 3

osv 6

alpinelinux 1

oraclelinux 6

thn 1

ubuntu 6

almalinux 1

xen 1

intel 1

rocky 1

mscve 1

debian 5

citrix 1

vmware 1

amazon 2

suse 5

cloudfoundry 2

mskb 1

mageia 1

slackware 1

archlinux 1

cve

CVE-2019-19338

2020-07-13 17:15:11

CVE-2019-11135

2019-11-14 19:15:13

veracode

Information Disclosure

2020-02-11 00:29:27

Information Disclosure

2019-11-13 00:20:00

K84933088 : Linux kernel vulnerability CVE-2019-19338

2022-05-20 00:00:00

K02912734 : Intel CPU vulnerability CVE-2019-11135

2019-11-15 00:00:00

redhatcve

CVE-2019-19338

2019-12-10 08:18:14

CVE-2019-11135

2019-11-12 18:37:30

nvd

CVE-2019-19338

2020-07-13 17:15:11

CVE-2019-11135

2019-11-14 19:15:13

cvelist

CVE-2019-19338

2020-07-13 16:04:00

CVE-2019-11135

2019-11-14 18:19:25

debiancve

CVE-2019-19338

2020-07-13 17:15:11

CVE-2019-11135

2019-11-14 19:15:13

ubuntucve

CVE-2019-19338

2020-07-13 00:00:00

CVE-2019-11135

2019-11-12 00:00:00

redhat

(RHSA-2020:1465) Important: kernel security, bug fix, and enhancement update

2020-04-14 14:34:17

(RHSA-2020:0839) Important: kernel-rt security and bug fix update

2020-03-17 13:09:52

(RHSA-2020:0834) Important: kernel security, bug fix, and enhancement update

2020-03-17 13:09:43

nessus

RHEL 7 : kernel (RHSA-2020:1465)

2020-04-14 00:00:00

Oracle Linux 7 : kernel (ELSA-2020-0834)

2020-03-19 00:00:00

Scientific Linux Security Update : kernel on SL7.x x86_64 (20200317)

2020-03-18 00:00:00

openvas

CentOS: Security Advisory for bpftool (CESA-2020:0839)

2020-03-26 00:00:00

Ubuntu: Security Advisory (USN-4188-1)

2022-08-26 00:00:00

Ubuntu: Security Advisory (USN-4187-1)

2022-08-26 00:00:00

centos

bpftool, kernel, perf, python security update

2020-03-18 19:22:23

qemu security update

2020-02-06 00:20:07

symantec

Linux Kernel CVE-2019-19338 Incomplete Fix Information Disclosure Vulnerability

2019-11-18 00:00:00

Multiple Intel Processors Side Channel CVE-2019-11135 Information Disclosure Vulnerability

2019-11-12 00:00:00

cbl_mariner

CVE-2019-19338 affecting package kernel 5.4.91-6

2021-03-03 03:44:27

prion

Design/Logic Flaw

2019-11-14 19:15:00

ibm

Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135)

2020-09-11 12:51:54

Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

2020-04-22 17:48:50

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0191

2019-11-25 00:00:00

Moderate Photon OS Security Update - PHSA-2019-0191

2019-11-25 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0259

2019-12-03 00:00:00

osv

CVE-2019-11135

2019-11-14 19:15:13

Moderate: virt:rhel security update

2020-01-29 13:42:54

Moderate: virt:rhel security update

2020-01-29 13:42:54

alpinelinux

CVE-2019-11135

2019-11-14 19:15:13

oraclelinux

Unbreakable Enterprise kernel security update

2019-11-12 00:00:00

Unbreakable Enterprise kernel security update

2019-11-12 00:00:00

kernel security, bug fix, and enhancement update

2020-03-18 00:00:00

thn

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

2019-11-13 15:46:00

ubuntu

Linux kernel vulnerability

2019-11-13 00:00:00

Linux kernel vulnerability

2019-11-13 00:00:00

Intel Microcode regression

2019-12-04 00:00:00

almalinux

Moderate: virt:rhel security update

2020-01-29 13:42:54

xen

TSX Asynchronous Abort speculative side channel

2019-11-12 17:53:00

intel

2019.2 IPU – TSX Asynchronous Abort Advisory

2021-05-11 00:00:00

rocky

virt:rhel security update

2020-01-29 13:42:54

mscve

Windows Kernel Information Disclosure Vulnerability

2019-11-12 08:00:00

debian

[SECURITY] [DLA 2051-1] intel-microcode security update

2019-12-30 22:33:18

[SECURITY] [DSA 4565-2] intel-microcode security update

2019-12-13 20:15:51

[SECURITY] [DSA 4565-2] intel-microcode security update

2019-12-13 20:15:51

citrix

Citrix Hypervisor Security Update

2019-11-12 05:00:00

vmware

VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)

2019-11-12 00:00:00

amazon

Medium: microcode_ctl, kernel

2019-11-14 20:06:00

Medium: microcode_ctl, kernel

2019-11-14 20:01:00

suse

Security update for ucode-intel (important)

2019-11-14 00:00:00

Security update for ucode-intel (important)

2019-11-14 00:00:00

Security update for spectre-meltdown-checker (moderate)

2019-12-31 00:00:00

cloudfoundry

USN-4182-1: Intel Microcode update | Cloud Foundry

2019-11-21 00:00:00

USN-4182-3: Intel Microcode regression | Cloud Foundry

2019-12-18 00:00:00

mskb

November 12, 2019—KB4525245 (OS Build 15063.2172)

2019-11-12 00:00:00

mageia

Updated kernel packages fix security vulnerabilities

2019-11-20 00:16:53

slackware

[slackware-security] Slackware 14.2 kernel

2019-11-16 20:57:46

archlinux

[ASA-201911-14] intel-ucode: multiple issues

2019-11-13 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for PRION:CVE-2019-19338