CVE-2019-19338 — Observable Behavioral Discrepancy in Kernel
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.1%
top 74.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 13
Latest updateMay 24
Description
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not us…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Enterprise Linux 6.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
3Microsoft▶
A flaw was found in the fix for CVE-2019-11135 in the Linux upstream kernel versions before 5.5 where the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA↗2020-07-14
Red Hat
▶
Debian▶
CVE-2019-19338: linux - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel ver...↗2019
💬Community
3Bugzilla▶
CVE-2019-19338 kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) [fedora-all]↗2019-12-10
Bugzilla▶
CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)↗2019-12-10
Bugzilla▶
CVE-2019-19338 kernel: KVM: export MSR_IA32_TSX_CTRL to guest - complete the fix for TAA (CVE-2019-11135) [fedora-all]↗2019-12-10