CVE-2019-11135
medium
CVSS v3
6.5
CVSS v4 NEW
β
VIR risk
6.5
Description
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
Predictions
Exploit likelihood
65%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description hw: TSX Transaction Asynchronous Abort (TAA) Red Hat statement libvirt and qemu-kvm on Red Hat Enterprise Linux 6 are not affected by this vulnerability as they do not support MSR-based CPU features. CVSS v3: 6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Advanced Virtualization for RHELβ¦
Description
hw: TSX Transaction Asynchronous Abort (TAA)
Red Hat statement
libvirt and qemu-kvm on Red Hat Enterprise Linux 6 are not affected by this vulnerability as they do not support MSR-based CPU features.
CVSS v3: 6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Advanced Virtualization for RHEL 8.1.0 | virt:8.1-8010020191227172441.c27ad7f8 | RHSA-2020:0555 | 2020-02-19T00:00:00Z |
| Advanced Virtualization for RHEL 8.1.0 | virt-devel:8.1-8010020191227172441.c27ad7f8 | RHSA-2020:0555 | 2020-02-19T00:00:00Z |
| Red Hat Enterprise Linux 6 | kernel-0:2.6.32-754.24.2.el6 | RHSA-2019:3836 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel-0:2.6.32-431.96.3.el6 | RHSA-2019:3843 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | kernel-0:2.6.32-504.81.3.el6 | RHSA-2019:3842 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7 | kernel-rt-0:3.10.0-1062.4.2.rt56.1028.el7 | RHSA-2019:3835 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7 | kernel-0:3.10.0-1062.4.2.el7 | RHSA-2019:3834 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7 | kpatch-patch | RHSA-2020:0028 | 2020-01-06T00:00:00Z |
| Red Hat Enterprise Linux 7 | qemu-kvm-10:1.5.3-167.el7_7.4 | RHSA-2020:0366 | 2020-02-04T00:00:00Z |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel-0:3.10.0-327.82.2.el7 | RHSA-2019:3841 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.2 Telco Extended Update Support | kernel-0:3.10.0-327.82.2.el7 | RHSA-2019:3841 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions | kernel-0:3.10.0-327.82.2.el7 | RHSA-2019:3841 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel-0:3.10.0-514.70.2.el7 | RHSA-2019:3840 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | kernel-0:3.10.0-514.70.2.el7 | RHSA-2019:3840 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | kernel-0:3.10.0-514.70.2.el7 | RHSA-2019:3840 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel-0:3.10.0-693.60.2.el7 | RHSA-2019:3839 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | kernel-0:3.10.0-693.60.2.el7 | RHSA-2019:3839 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | kernel-0:3.10.0-693.60.2.el7 | RHSA-2019:3839 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.5 Extended Update Support | kernel-0:3.10.0-862.43.2.el7 | RHSA-2019:3838 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.6 Extended Update Support | kernel-0:3.10.0-957.38.2.el7 | RHSA-2019:3837 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 7.6 Extended Update Support | kpatch-patch | RHSA-2020:0026 | 2020-01-06T00:00:00Z |
| Red Hat Enterprise Linux 7.6 Extended Update Support | qemu-kvm-10:1.5.3-160.el7_6.5 | RHSA-2020:0666 | 2020-03-03T00:00:00Z |
| Red Hat Enterprise Linux 8 | virt-devel:rhel-8010020191216093608.c27ad7f8 | RHSA-2020:0279 | 2020-01-29T00:00:00Z |
| Red Hat Enterprise Linux 8 | virt:rhel-8010020191216093608.c27ad7f8 | RHSA-2020:0279 | 2020-01-29T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-147.0.2.rt24.94.el8_1 | RHSA-2019:3833 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-147.0.2.el8_1 | RHSA-2019:3832 | 2019-11-12T00:00:00Z |
| Red Hat Enterprise Linux 8 | kpatch-patch | RHSA-2019:3936 | 2019-11-22T00:00:00Z |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | kernel-0:4.18.0-80.15.1.el8_0 | RHSA-2020:0204 | 2020-01-22T00:00:00Z |
| Red Hat Enterprise MRG 2 | kernel-rt-1:3.10.0-693.60.2.rt56.655.el6rt | RHSA-2019:3844 | 2019-11-12T00:00:00Z |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | kernel-0:3.10.0-957.38.2.el7 | RHSA-2019:3837 | 2019-11-12T00:00:00Z |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | redhat-virtualization-host-0:4.2-20191107.0.el7_6 | RHSA-2019:3860 | 2019-11-12T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | redhat-virtualization-host-0:4.3.6-20191108.0.el7_7 | RHSA-2019:3860 | 2019-11-12T00:00:00Z |
| Red Hat Virtualization Engine 4.2 | qemu-kvm-rhev-10:2.12.0-18.el7_6.9 | RHSA-2020:0730 | 2020-03-05T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope |
| Red Hat Enterprise Linux 5 | microcode_ctl | Out of support scope |
| Red Hat Enterprise Linux 6 | libvirt | Not affected |
| Red Hat Enterprise Linux 6 | microcode_ctl | Affected |
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
| Red Hat Enterprise Linux 7 | libvirt | Affected |
| Red Hat Enterprise Linux 7 | microcode_ctl | Affected |
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Affected |
| Red Hat Enterprise Linux 8 | microcode_ctl | Affected |
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Affected |
Apply commands
Apply RHSA-2020:0555 for Advanced Virtualization for RHEL 8.1.0
yum update -y virt:8
# or:
dnf upgrade -y virt:8Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 6 | Affected |
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Affected |
| redhat | Red Hat Enterprise Linux 7 | Affected |
| redhat | Red Hat Enterprise Linux 7 | Affected |
| redhat | Red Hat Enterprise Linux 8 | Affected |
| redhat | Red Hat Enterprise Linux 8 Advanced Virtualization | Affected |
OS impact
Fedora Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 31 | Affected | β |
| 30 | Affected | β |
SUSE Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 15.1 | Affected | β |
| 15.0 | Affected | β |
| β | Affected | β |
Ubuntu Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 14.04 | Affected | β |
Debian Mixed 8 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 3.20191112.1 |
| sid | Fixed | 3.20191112.1 |
| forky | Fixed | 3.20191112.1 |
| bullseye | Fixed | 3.20191112.1 |
| bookworm | Fixed | 3.20191112.1 |
| 10.0 | Affected | β |
| 9.0 | Affected | β |
| 8.0 | Affected | β |
Red Hat Mixed 9 releases
| Version | Status | Fixed in |
|---|---|---|
| 8.6 | Affected | β |
| 8.4 | Affected | β |
| 8.2 | Affected | β |
| 8.1 | Affected | β |
| 8.0 | Affected | β |
| 8 | Fixed | β |
| 7.7 | Affected | β |
| 7.6 | Affected | β |
| 7.0 | Affected | β |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Fixed | 20191112-1 |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
Application impact
References
- https://security.archlinux.org/ASA-201911-14
- https://www.suse.com/security/cve/CVE-2019-11135.html
- https://security-tracker.debian.org/tracker/CVE-2019-11135
- https://errata.rockylinux.org/RLSA-2020:0279
- https://errata.almalinux.org/8/ALSA-2020-0279.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html
- http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.openwall.com/lists/oss-security/2019/12/10/3
- http://www.openwall.com/lists/oss-security/2019/12/10/4
- http://www.openwall.com/lists/oss-security/2019/12/11/1
- https://access.redhat.com/errata/RHSA-2019:3936
- https://access.redhat.com/errata/RHSA-2020:0026
- https://access.redhat.com/errata/RHSA-2020:0028
- https://access.redhat.com/errata/RHSA-2020:0204
- https://access.redhat.com/errata/RHSA-2020:0279
- https://access.redhat.com/errata/RHSA-2020:0366
- https://access.redhat.com/errata/RHSA-2020:0555
- https://access.redhat.com/errata/RHSA-2020:0666
- https://access.redhat.com/errata/RHSA-2020:0730
- https://kc.mcafee.com/corporate/index?page=content&id=SB10306
- https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.