CVE-2019-11135

Public on 2019-11-14
Modified on 2019-11-16
Description
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.
Severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 microcode_ctl 2019-11-14 20:01 ALAS2-2019-1364
Amazon Linux 2 kernel 2019-11-14 20:01 ALAS2-2019-1364
Amazon Linux 1 microcode_ctl 2019-11-14 20:06 ALAS-2019-1318
Amazon Linux 1 kernel 2019-11-14 20:06 ALAS-2019-1318

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
NVD CVSSv3 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N