CVE-2019-11090

CWE-362 — Race Condition CWE-3855 documents5 sources

Severity

5.9MEDIUM

EPSS

0.8%

top 26.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Platform Trust Technology Firmware Intel Server Platform Services Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedDec 18

Latest updateMay 24

Description

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDintel/server_platform_services_firmwaresps_e3_04.01.00.000.0 — sps_e3_04.01.04.086.0+3

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.70+1

▶NVDintel/platform_trust_technology_firmware11.10 — 11.11.70+5

▶CVEListV5intel(r)_pttSee provided reference

🔴Vulnerability Details

GHSA

GHSA-hwwm-4fw6-6gpf: Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11↗2022-05-24

▶

CVEList

CVE-2019-11090: Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11↗2019-12-18

▶

📋Vendor Advisories

Red Hat

hw: ECDSA signature timing vulnerabilities in TPM module↗2020-01-08

▶

💬Community

Bugzilla

CVE-2019-11090 CVE-2019-16863 hw: ECDSA signature timing vulnerabilities in TPM module↗2020-01-08

▶