CVE-2019-11139Improper Check for Unusual or Exceptional Conditions in Intel-microcode

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-440Expected Behavior Violation16 documents8 sources
Severity
6.0MEDIUMNVD
OSV6.5
EPSS
0.1%
top 69.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Intel-microcodeDebian LinuxOpensuse Leap
Timeline
PublishedNov 14
Latest updateMay 24

Description

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

debiandebian/intel-microcode< intel-microcode 3.20191112.1 (bookworm)
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

6
GHSA
GHSA-m783-749c-c739: Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially2022-05-24
OSV
intel-microcode regression2019-12-04
OSV
intel-microcode regression2019-12-04
OSV
CVE-2019-11139: Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially2019-11-14
OSV
intel-microcode update2019-11-12

📋Vendor Advisories

7
Ubuntu
Intel Microcode regression2019-12-04
Ubuntu
Intel Microcode regression2019-12-04
Red Hat
hw: voltage modulation technical advisory2019-11-12
BSD
FreeBSD-SA-19:26.mcu: Intel CPU Microcode Update2019-11-12
Ubuntu
Intel Microcode update2019-11-12

💬Community

2
Bugzilla
CVE-2019-11139 microcode_ctl: hw: voltage modulation technical advisory [fedora-all]2019-11-12
Bugzilla
CVE-2019-11139 hw: voltage modulation technical advisory2019-10-25