CVE-2019-11135

high-risk
Published 2019-11-14

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Apollo 4200 Firmware
Apollo 2000 Firmware
Proliant Bl460C Firmware
Proliant Dl580 Firmware
Proliant Dl560 Firmware
Proliant Dl380 Firmware
Proliant Dl360 Firmware
Proliant Dl180 Firmware
Proliant Dl160 Firmware
Proliant Dl120 Firmware
Proliant Dl20 Firmware
Proliant Ml350 Firmware
Proliant Ml110 Firmware
Proliant Ml30 Firmware
Proliant Xl450 Firmware

Affected Vendors

Hp Debian Redhat Slackware Oracle Intel Canonical Fedoraproject Opensuse

References (60)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html
Patch http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackwar...
Mailing List http://www.openwall.com/lists/oss-security/2019/12/10/3
Mailing List http://www.openwall.com/lists/oss-security/2019/12/10/4
Mailing List http://www.openwall.com/lists/oss-security/2019/12/11/1
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3936
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0026
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0028
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0204
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0279
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0366
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0555
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0666
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0730
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10306
Mailing List https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
and 40 more references
55
/ 100
high-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical