CVE-2019-11135 log

Source
Severity High
Remote No
Type Private key recovery
Description
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.

This mitigation is only effective using one the follow linux kernels: v3.16.77, v4.4.202, v4.9.202, v4.14.154, v4.19.84 or v5.3.11.
Group Package Affected Fixed Severity Status Ticket
AVG-1068 intel-ucode 20190918-1 20191112-1 High Fixed
Date Advisory Group Package Severity Description
13 Nov 2019 ASA-201911-14 AVG-1068 intel-ucode High multiple issues
References
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html