CVE-2019-11135 — MEDIUM (6.5)

Q: What is CVE-2019-11135?

CVE-2019-11135 is a vulnerability with a CVSS score of 6.5 (MEDIUM). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Q: How severe is CVE-2019-11135?

CVE-2019-11135 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11135?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Fedoraproject Fedora, Slackware Slackware, Hp Apollo 4200 Firmware, Hp Apollo 4200.

Vulnerability Description

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Leap	15.0
Fedoraproject	Fedora	30
Slackware	Slackware	14.2
Hp	Apollo 4200 Firmware	< 2.20
Hp	Apollo 4200	gen10
Hp	Apollo 2000 Firmware	< 2.20
Hp	Apollo 2000	-
Hp	Proliant Bl460C Firmware	< 2.20
Hp	Proliant Bl460C	gen10
Hp	Proliant Dl580 Firmware	< 2.20
Hp	Proliant Dl580	gen10
Hp	Proliant Dl560 Firmware	< 2.20
Hp	Proliant Dl560	gen10
Hp	Proliant Dl380 Firmware	< 2.20
Hp	Proliant Dl380	gen10
Hp	Proliant Dl360 Firmware	< 2.20
Hp	Proliant Dl360	gen10
Hp	Proliant Dl180 Firmware	< 2.20
Hp	Proliant Dl180	gen10
Hp	Proliant Dl160 Firmware	< 2.20

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-SlackwarPatchThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/12/10/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/10/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/11/1Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3936Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0026Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0028Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0279Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0366Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0555Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0666Third Party Advisory

FAQ

What is CVE-2019-11135?

CVE-2019-11135 is a vulnerability with a CVSS score of 6.5 (MEDIUM). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

How severe is CVE-2019-11135?

CVE-2019-11135 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11135?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Fedoraproject Fedora, Slackware Slackware, Hp Apollo 4200 Firmware, Hp Apollo 4200.