5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.4%
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream
kernel versions before 5.5 where, the way Intel CPUs handle speculative
execution of instructions when a TSX Asynchronous Abort (TAA) error occurs.
When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0),
but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the
affected buffers by using a VERW instruction mechanism. But when the
MDS_NO=1 bit was exported to the guests, the guests did not use the VERW
mechanism to clear the affected buffers. This issue affects guests running
on Cascade Lake CPUs and requires that host has âTSXâ enabled.
Confidentiality of data is the highest threat associated with this
vulnerability.
Author | Note |
---|---|
tyhicks | This is a vendor specific CVE for kernels that did not include upstream commit e1d38b63acd8 (âkvm/x86: Export MDS_NO=0 to guests when TSX is enabledâ) and defaulted to leaving TSX enabled. Ubuntu kernels included that commit and disabled TSX where possible as part of the initial TAA mitigations (CVE-2019-11135). |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.4%