Arch Linux Security Advisory ASA-201911-14 ========================================== Severity: High Date : 2019-11-13 CVE-ID : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139 Package : intel-ucode Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1068 Summary ======= The package intel-ucode before version 20191112-1 is vulnerable to multiple issues including information disclosure, private key recovery and denial of service. Resolution ========== Upgrade to 20191112-1. # pacman -Syu "intel-ucode>=20191112-1" The problems have been fixed upstream in version 20191112. Workaround ========== None. Description =========== - CVE-2019-0117 (information disclosure) A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory. - CVE-2019-11135 (private key recovery) A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side- channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side- channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue. This mitigation is only effective using one the follow linux kernels: v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11. - CVE-2019-11139 (denial of service) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). Impact ====== A local unprivileged attacker with access to an affected GPU can read protected memory on an SGX enclave. Further, an attacker can infer the contents of TPM keys using side-channel attacks. Finally, an attacker can crash the system by accessing the voltage modulator interface on certain Xeon processors. References ========== https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html https://security.archlinux.org/CVE-2019-0117 https://security.archlinux.org/CVE-2019-11135 https://security.archlinux.org/CVE-2019-11139