CVE-2019-11139
moderate-risk
Published 2019-11-14
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
Do I need to act?
-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Xeon 8153 Firmware
Xeon 8156 Firmware
Xeon 8158 Firmware
Xeon 8160 Firmware
Xeon 8160F Firmware
Xeon 8160M Firmware
Xeon 8160T Firmware
Xeon 8164 Firmware
Xeon 8168 Firmware
Xeon 8170 Firmware
Xeon 8170M Firmware
Xeon 8176 Firmware
Xeon 8176F Firmware
Xeon 8176M Firmware
Xeon 8180 Firmware
Xeon 8180M Firmware
Xeon 5115 Firmware
References (14)
Mailing List
https://seclists.org/bugtraq/2019/Dec/28
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...
Mailing List
https://seclists.org/bugtraq/2019/Dec/28
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...
48
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
27/34 · High