ArchLinux: 201911-14: intel-ucode: multiple issues

    Date03 Dec 2019
    CategoryArchLinux
    67
    Posted ByLinuxSecurity Advisories
    The package intel-ucode before version 20191112-1 is vulnerable to multiple issues including information disclosure, private key recovery and denial of service.
    Arch Linux Security Advisory ASA-201911-14
    ==========================================
    
    Severity: High
    Date    : 2019-11-13
    CVE-ID  : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139
    Package : intel-ucode
    Type    : multiple issues
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1068
    
    Summary
    =======
    
    The package intel-ucode before version 20191112-1 is vulnerable to
    multiple issues including information disclosure, private key recovery
    and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 20191112-1.
    
    # pacman -Syu "intel-ucode>=20191112-1"
    
    The problems have been fixed upstream in version 20191112.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-0117 (information disclosure)
    
    A flaw was found in the implementation of SGX around the access control
    of protected memory. A local attacker of a system with SGX enabled and
    an affected intel GPU with the ability to execute code is able to infer
    the contents of the SGX protected memory.
    
    - CVE-2019-11135 (private key recovery)
    
    A flaw was found in the way Intel CPUs handle speculative execution of
    instructions when the TSX Asynchronous Abort (TAA) error occurs. A
    local authenticated attacker with the ability to monitor execution
    times could infer the TSX memory state by comparing abort execution
    times. This could allow information disclosure via this observed side-
    channel for any TSX transaction being executed while an attacker is
    able to observe abort timing. Intel's Transactional Synchronisation
    Extensions (TSX) are set of instructions which enable transactional
    memory support to improve performance of the multi-threaded
    applications, in the lock-protected critical sections. The CPU executes
    instructions in the critical-sections as transactions, while ensuring
    their atomic state. When such transaction execution is unsuccessful,
    the processor cannot ensure atomic updates to the transaction memory,
    so the processor rolls back or aborts such transaction execution. While
    TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data
    from architectural buffers and pass it to the dependent speculative
    operations. This may cause information leakage via speculative side-
    channel means, which is quite similar to the Microarchitectural Data
    Sampling (MDS) issue.
    
    This mitigation is only effective using one the follow linux kernels:
    v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11.
    
    - CVE-2019-11139 (denial of service)
    
    It was discovered that certain Intel Xeon processors did not properly
    restrict access to a voltage modulation interface. A local privileged
    attacker could use this to cause a denial of service (system crash).
    
    Impact
    ======
    
    A local unprivileged attacker with access to an affected GPU can read
    protected memory on an SGX enclave. Further, an attacker can infer the
    contents of TPM keys using side-channel attacks. Finally, an attacker
    can crash the system by accessing the voltage modulator interface on
    certain Xeon processors.
    
    References
    ==========
    
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html
    https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
    https://security.archlinux.org/CVE-2019-0117
    https://security.archlinux.org/CVE-2019-11135
    https://security.archlinux.org/CVE-2019-11139
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.