Debian: DLA-1989-1 Critical: Linux Kernel Privilege Escalation Issues
debian lts
November 12, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak
Topics Covered
Summary
Intel discovered that on their 8th and 9th generation GPUs,
reading certain registers while the GPU is in a low-power state
can cause a system hang. A local user permitted to use the GPU
can use this for denial of service.
This update mitigates the issue through changes to the i915
driver.
The affected chips (gen8) are listed at
CVE-2019-11135
It was discovered that on Intel CPUs supporting transactional
memory (TSX), a transaction that is going to be aborted may
continue to execute speculatively, reading sensitive data from
internal buffers and leaking it through dependent operations.
Intel calls this "TSX Asynchronous Abort" (TAA).
For CPUs affected by the previously published Microarchitectural
Data Sampling (MDS) issues (CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11091), the existing mitigation also
mitigates this issue.
For processors that are vulnerable to TAA but not MDS, this update
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.16.76-1
CVE ID: CVE-2019-0154 CVE-2019-11135
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!