CVE-2019-11135 — Covert Timing Channel in HP Apollo 2000 Firmware
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 14
Latest updateNov 12
Description
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0
Affected Packages32 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31, Ubuntu Linux 14.04, Enterprise Linux 8.0, 7.6, 7.7, 8.1, 8.2, 8.4, 8.6
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-qfxp-65r3-gfv7: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclo↗2022-05-24
OSV▶
CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclo↗2019-11-14
CVEList▶
CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclo↗2019-11-14
📋Vendor Advisories
16Microsoft▶
A flaw was found in the fix for CVE-2019-11135 in the Linux upstream kernel versions before 5.5 where the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA↗2020-07-14
Red Hat
▶
💬Community
6Bugzilla▶
CVE-2019-19338 kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) [fedora-all]↗2019-12-10
Bugzilla▶
CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)↗2019-12-10
Bugzilla▶
CVE-2019-19338 kernel: KVM: export MSR_IA32_TSX_CTRL to guest - complete the fix for TAA (CVE-2019-11135) [fedora-all]↗2019-12-10
Bugzilla
▶
Bugzilla
▶