Arch Linux Security Advisory ASA-201911-14
=========================================
Severity: High
Date    : 2019-11-13
CVE-ID  : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139
Package : intel-ucode
Type    : multiple issues
Remote  : No
Link    : https://security.archlinux.org/AVG-1068

Summary
======
The package intel-ucode before version 20191112-1 is vulnerable to
multiple issues including information disclosure, private key recovery
and denial of service.

Resolution
=========
Upgrade to 20191112-1.

# pacman -Syu "intel-ucode>=20191112-1"

The problems have been fixed upstream in version 20191112.

Workaround
=========
None.

Description
==========
- CVE-2019-0117 (information disclosure)

A flaw was found in the implementation of SGX around the access control
of protected memory. A local attacker of a system with SGX enabled and
an affected intel GPU with the ability to execute code is able to infer
the contents of the SGX protected memory.

- CVE-2019-11135 (private key recovery)

A flaw was found in the way Intel CPUs handle speculative execution of
instructions when the TSX Asynchronous Abort (TAA) error occurs. A
local authenticated attacker with the ability to monitor execution
times could infer the TSX memory state by comparing abort execution
times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is
able to observe abort timing. Intel's Transactional Synchronisation
Extensions (TSX) are set of instructions which enable transactional
memory support to improve performance of the multi-threaded
applications, in the lock-protected critical sections. The CPU executes
instructions in the critical-sections as transactions, while ensuring
their atomic state. When such transaction execution is unsuccessful,
the processor cannot ensure atomic updates to the transaction memory,
so the processor rolls back or aborts such transaction execution. While
TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data
from architectural buffers and pass it to the dependent speculative
operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data
Sampling (MDS) issue.

This mitigation is only effective using one the follow linux kernels:
v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11.

- CVE-2019-11139 (denial of service)

It was discovered that certain Intel Xeon processors did not properly
restrict access to a voltage modulation interface. A local privileged
attacker could use this to cause a denial of service (system crash).

Impact
=====
A local unprivileged attacker with access to an affected GPU can read
protected memory on an SGX enclave. Further, an attacker can infer the
contents of TPM keys using side-channel attacks. Finally, an attacker
can crash the system by accessing the voltage modulator interface on
certain Xeon processors.

References
=========
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
https://security.archlinux.org/CVE-2019-0117
https://security.archlinux.org/CVE-2019-11135
https://security.archlinux.org/CVE-2019-11139

ArchLinux: 201911-14: intel-ucode: multiple issues

December 3, 2019

Summary

- CVE-2019-0117 (information disclosure) A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory.
- CVE-2019-11135 (private key recovery)
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.
This mitigation is only effective using one the follow linux kernels: v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11.
- CVE-2019-11139 (denial of service)
It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash).

Resolution

Upgrade to 20191112-1. # pacman -Syu "intel-ucode>=20191112-1"
The problems have been fixed upstream in version 20191112.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html https://security.archlinux.org/CVE-2019-0117 https://security.archlinux.org/CVE-2019-11135 https://security.archlinux.org/CVE-2019-11139

Severity
Package : intel-ucode
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1068

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved