Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-11139
Vulnerability from cvelistv5
Published
2019-11-14 18:18
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation |
Version: See provided reference |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:08.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { name: "openSUSE-SU-2019:2527", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { name: "openSUSE-SU-2019:2528", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS", }, { name: "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/28", }, { name: "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "2019.2 IPU – Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation", vendor: "n/a", versions: [ { status: "affected", version: "See provided reference", }, ], }, ], descriptions: [ { lang: "en", value: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-31T00:06:32", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { name: "openSUSE-SU-2019:2527", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { name: "openSUSE-SU-2019:2528", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS", }, { name: "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/28", }, { name: "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-11139", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "2019.2 IPU – Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation", version: { version_data: [ { version_value: "See provided reference", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { name: "openSUSE-SU-2019:2527", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { name: "openSUSE-SU-2019:2528", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { name: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", }, { name: "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/28", }, { name: "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-11139", datePublished: "2019-11-14T18:18:56", dateReserved: "2019-04-11T00:00:00", dateUpdated: "2024-08-04T22:48:08.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2019-11139\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-11-14T19:15:13.190\",\"lastModified\":\"2024-11-21T04:20:36.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.\"},{\"lang\":\"es\",\"value\":\"Una comprobación de condiciones inapropiadas en la interfaz de modulación de voltaje para algunos Intel® Xeon® Scalable Processors, puede habilitar a un usuario privilegiado para permitir potencialmente una denegación de servicio por medio de un acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8153_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2DFB869-33F8-4459-95CE-04555196776C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8153:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D6EBCF2-2DF1-41B8-BA7E-3B576CB653E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8156_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2219666-0265-4791-B2E0-0F65B526915A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8156:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D922C72-5646-4BC9-8554-C350BC489FA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8158_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66D94CC9-23D3-4FB7-85EA-FB44EE4DA205\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8158:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B553518-4B86-4876-84BE-4C77769DA233\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8160_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39968F90-2D2F-418B-A8A4-BE992DEC1561\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8160:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D419FED8-FB40-40CE-82BA-A5D79DEB5A02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8160f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8903A604-1176-45B9-B967-65624E3A6507\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8160f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE0F30B1-3873-4120-8A73-3F93350745BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8160m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC4F99BB-52FB-4D1D-B783-F33A7CF99425\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8160m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D28BCE14-2F61-4FF5-B3B9-AF60A08D89E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8160t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81284EE2-526F-42C5-96DB-0DA222C4CCE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8160t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21801FEA-5B52-4297-917C-2BA0EDDF57E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8164_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9A22A2-CF28-46EE-992B-42D5142877BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8164:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3931109-5AFA-4C11-9A4A-BC0E2C208E96\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8168_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D56EAAC-499C-4E5F-895E-3CCC0EBD25C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8168:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54F9A665-FB0F-4CEB-B3A7-5AEE55EBB676\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8170_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85FA027A-93B1-4C10-9DAB-16C6BED90D29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8170:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE76F51B-8C7D-42D0-BD4F-AD2C2E8EA0A1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8170m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4FDA8F4-77B6-4E0A-9891-B323EAEB1A29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8170m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1941CFA-881E-4863-8E13-49459EF4B6DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8176_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E42B923-8CE9-4669-8AD9-62733DEA6F70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8176:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5613DF64-FF2F-4A47-BAE0-D2A8152036DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8176f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35696FDE-A146-437B-A8F8-E23A656FD5FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8176f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A81E98EA-6E25-44A4-A721-8E867DACC5EB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8176m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A429F5-4EED-468D-95A6-BC81AAB707EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8176m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFBF5AC-88B4-4BE4-AA5F-950A4A62D89D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8180_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F487028-015D-4BCC-A639-F2DED35FD467\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D28D96F-67C3-4DAD-9A8A-AA0641B43744\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_8180m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A67280-25D1-43F0-8CF2-C6C90A312208\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_8180m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A36C0B5-0792-4895-A2E1-5FBB72E5FD76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5115_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1609E1C0-7A46-4941-996E-5631A8A50B7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F88FF7-A45D-4B08-B3D0-B9D6D2CFBAE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5118_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEB7879-90E3-43E8-8B31-34A1245AC25C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5118:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7EAF827-76FF-45FF-811B-C26129361DF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5119t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D689D4C6-FB59-4759-9A08-B18238B99C6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5119t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CC08EC7-31FC-4A31-BC63-0CDAE900DD4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5120_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B6B2817-3923-4614-8ACD-2570DF3936B9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31ACA3B7-70AF-4085-A80B-1154AB636EE5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5120t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD02B5E-7798-4505-B8E3-E1CEEB8C1845\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5120t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1703CAB8-306C-4E37-94CA-7DE1B1CC5332\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_5122_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06BF3352-3208-4EB2-85AC-998354B8DBB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_5122:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AEDAE12-BEB4-4BA4-ACB6-CFCAFB346C47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6126_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1069193-8BF5-4EB2-B8C8-E11D26562F66\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6126:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C001A4D3-704B-4C51-9025-3EEA74DEC82C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6126f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F661978-39C8-460A-A41D-2B0ADD476067\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6126f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8894B01-D94B-48BD-A2C5-FC2392E7E1B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6126t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06283C7-8104-447C-84E7-5AF39C10E2ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6126t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BA6456F-708A-47AE-8573-AE2E4D19E5A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6128_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C7E0ED9-684B-4A2F-AFBF-0D84707632F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6128:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79514ECE-C041-42CE-BA56-12FE918AEEF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA20D328-0D65-47D9-9AC0-74BAED085963\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E77EF6-A378-481A-A57D-295796DB4694\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6130f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5962DA-4C52-49A2-93A2-B66180EC97E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6130f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1995BA-25F4-49CD-AC62-DCC372A0CAE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6130t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACFC5A-9659-4BF7-B9FF-1F384EEBF857\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6130t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648CEB95-915C-44AA-AA62-57DF6366E0CE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6132_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E919175-FA64-4AFA-ABB6-23F965603A51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6132:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29FCCBDE-DDC6-425C-9EFF-F3420F582D59\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6134_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0697B628-D7F9-4799-97CF-30BDC87BBB36\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6134:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7341AC9C-193A-40C8-ACFA-B95E330A74C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6134m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98928B31-B2B3-47B0-BF06-B1BE9C801AB3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6134m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12062D98-F990-4B1F-ADCE-E76F5F879DFF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6136_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14F68B37-A831-48CF-978D-5B69E36B7DA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6136:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4FA382-57C9-4C90-91FC-0CCFA7374788\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6138_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA239D1-6073-4E2A-A8EA-FDC5172B6017\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6138:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"396BF8C5-C6DE-4E5D-9125-8A36B274F428\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6138f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF0CD52-3BCA-48DB-AD61-3675F548DA04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6138f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B64F57E-1A40-49FF-AC61-B5CFBC8B59EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6138t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10A29477-CD74-4BA9-9907-E0DCFE645509\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6138t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD7263E-7101-4774-9DE2-6EA884ADBB45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6140_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58138B2C-37AC-48DD-9B45-19B2062EFD39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BD7D153-24DD-42B8-85DD-BAD9F073DB75\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6140m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D8E25B-C91A-408C-BE7E-640518184CA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6140m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF1ECBC7-BB8A-494E-AF84-4537ED605DFA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6142_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FF6CA76-6747-4AEE-82F4-7ECAF4FA3477\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6142:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4B4211-5D41-489F-90CD-D4433E327B5D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6142f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D987EDBB-1385-4613-9EEE-F2E0E5ECB97E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6142f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D438C9E-657F-406E-8BED-76B8A89CDEF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6144_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7641D6A-E7DF-4DD5-B7EA-E96FF867209D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6144:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"547F2F51-C9D7-4729-8E77-D6EC9234AE32\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6146_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C556955-3BB3-46D8-9C59-66318719A8E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6146:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E2CF69-B958-4833-BD5B-D3FF51FEA5BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6148_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351632F2-B56D-421D-ABDA-3F02040B8BA8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6148:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D5041FF-046C-4DC5-B943-29024FEFCA3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6148f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172E3226-074A-4A4A-B4EC-DAE60C2DCB49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6148f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C9103A-B87D-4906-BE63-9E7CCF549B62\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59D3154-52AC-41CE-B578-B504D8217E9C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02356D3B-CF1D-474D-9489-70C783FB240D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6152_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702469D7-98CA-445F-B0E5-2731E2F834CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6152:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D190CA8-62DD-48C1-A2CF-5E4DD7087724\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_6154_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F90DF0-D7E6-4F4B-ADD8-EFF15DF2B8CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_6154:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B557A9-22AA-4231-8181-A048BCDE559D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4108_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C37AE95-8451-4260-A245-F9867698766C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4108:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B73B8B0-2816-4769-AB49-6103C606220C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4109t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76D77A9E-3271-41CF-9E0A-77237E3CCA27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4109t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02DE4F50-1762-43A6-9B23-E777AEAC9BB8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4110_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31E0AEBC-640B-45DB-8062-9BCBF6F78E23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F8AB-65B9-4C1E-AE94-D6354BBB92BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4112_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EBF7470-5EE3-48FE-90D4-B18E8902F84A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"580EE4F4-8F7A-4DEA-A6D5-17EE07223F1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4114_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2381BA-717C-465F-ACB2-F751B8DB558B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4114:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A77EDB9-F4AF-4F1E-A89B-CC3C8348E3FF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4114t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF44B3B6-CBCD-4F15-A717-8B06EBC737D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4114t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17BB6D83-93B9-4998-AF65-B40C6305CB05\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4116_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E808ECA-197A-4443-82EF-4A0F8E56D3E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4116:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26299DE8-DC9A-491B-B1B6-B8FE2A63C1E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_4116t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82805C40-0057-4DB2-86B1-CD1BD88A7E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_4116t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1FFF6A-6E39-49D6-B9F4-E052D17F2E00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_3104_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB055DB1-7C17-4D9A-B634-B8306EF82085\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_3104:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BFD9456-BCA8-490C-9C5C-5B87740DBF8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_3106_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"389172DD-3511-42C1-82E8-D3E552EF26CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_3106:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15B3ADD-3D03-48EC-8CE6-31A3DB69AD0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/28\",\"source\":\"secure@intel.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS\",\"source\":\"secure@intel.com\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
opensuse-su-2024:11478-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ucode-intel-20210608-1.2 on GA media
Notes
Title of the patch
ucode-intel-20210608-1.2 on GA media
Description of the patch
These are all security issues fixed in the ucode-intel-20210608-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11478
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ucode-intel-20210608-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ucode-intel-20210608-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11478", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11478-1.json", }, { category: "self", summary: "SUSE CVE CVE-2017-5715 page", url: "https://www.suse.com/security/cve/CVE-2017-5715/", }, { category: "self", summary: "SUSE CVE CVE-2018-12126 page", url: "https://www.suse.com/security/cve/CVE-2018-12126/", }, { category: "self", summary: "SUSE CVE CVE-2018-12130 page", url: "https://www.suse.com/security/cve/CVE-2018-12130/", }, { category: "self", summary: "SUSE CVE CVE-2018-3640 page", url: "https://www.suse.com/security/cve/CVE-2018-3640/", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, { category: "self", summary: "SUSE CVE CVE-2020-0543 page", url: "https://www.suse.com/security/cve/CVE-2020-0543/", }, { category: "self", summary: "SUSE CVE CVE-2020-0548 page", url: "https://www.suse.com/security/cve/CVE-2020-0548/", }, { category: "self", summary: "SUSE CVE CVE-2020-24489 page", url: "https://www.suse.com/security/cve/CVE-2020-24489/", }, { category: "self", summary: "SUSE CVE CVE-2020-24511 page", url: "https://www.suse.com/security/cve/CVE-2020-24511/", }, { category: "self", summary: "SUSE CVE CVE-2020-24512 page", url: "https://www.suse.com/security/cve/CVE-2020-24512/", }, { category: "self", summary: "SUSE CVE CVE-2020-24513 page", url: "https://www.suse.com/security/cve/CVE-2020-24513/", }, { category: "self", summary: "SUSE CVE CVE-2020-8695 page", url: "https://www.suse.com/security/cve/CVE-2020-8695/", }, { category: "self", summary: "SUSE CVE CVE-2020-8696 page", url: "https://www.suse.com/security/cve/CVE-2020-8696/", }, { category: "self", summary: "SUSE CVE CVE-2020-8698 page", url: "https://www.suse.com/security/cve/CVE-2020-8698/", }, ], title: "ucode-intel-20210608-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11478-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20210608-1.2.aarch64", product: { name: "ucode-intel-20210608-1.2.aarch64", product_id: "ucode-intel-20210608-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ucode-intel-20210608-1.2.ppc64le", product: { name: "ucode-intel-20210608-1.2.ppc64le", product_id: "ucode-intel-20210608-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ucode-intel-20210608-1.2.s390x", product: { name: "ucode-intel-20210608-1.2.s390x", product_id: "ucode-intel-20210608-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ucode-intel-20210608-1.2.x86_64", product: { name: "ucode-intel-20210608-1.2.x86_64", product_id: "ucode-intel-20210608-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20210608-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", }, product_reference: "ucode-intel-20210608-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20210608-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", }, product_reference: "ucode-intel-20210608-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20210608-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", }, product_reference: "ucode-intel-20210608-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20210608-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", }, product_reference: "ucode-intel-20210608-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2017-5715", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5715", }, ], notes: [ { category: "general", text: "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5715", url: "https://www.suse.com/security/cve/CVE-2017-5715", }, { category: "external", summary: "SUSE Bug 1068032 for CVE-2017-5715", url: "https://bugzilla.suse.com/1068032", }, { category: "external", summary: "SUSE Bug 1074562 for CVE-2017-5715", url: "https://bugzilla.suse.com/1074562", }, { category: "external", summary: "SUSE Bug 1074578 for CVE-2017-5715", url: "https://bugzilla.suse.com/1074578", }, { category: "external", summary: "SUSE Bug 1074701 for CVE-2017-5715", url: "https://bugzilla.suse.com/1074701", }, { category: "external", summary: "SUSE Bug 1074741 for CVE-2017-5715", url: "https://bugzilla.suse.com/1074741", }, { category: "external", summary: "SUSE Bug 1074919 for CVE-2017-5715", url: "https://bugzilla.suse.com/1074919", }, { category: "external", summary: "SUSE Bug 1075006 for CVE-2017-5715", url: "https://bugzilla.suse.com/1075006", }, { category: "external", summary: "SUSE Bug 1075007 for CVE-2017-5715", url: "https://bugzilla.suse.com/1075007", }, { category: "external", summary: "SUSE Bug 1075262 for CVE-2017-5715", url: "https://bugzilla.suse.com/1075262", }, { category: "external", summary: "SUSE Bug 1075419 for CVE-2017-5715", url: "https://bugzilla.suse.com/1075419", }, { category: "external", summary: "SUSE Bug 1076115 for CVE-2017-5715", url: "https://bugzilla.suse.com/1076115", }, { category: "external", summary: "SUSE Bug 1076372 for CVE-2017-5715", url: "https://bugzilla.suse.com/1076372", }, { category: "external", summary: "SUSE Bug 1076606 for CVE-2017-5715", url: "https://bugzilla.suse.com/1076606", }, { category: "external", summary: "SUSE Bug 1078353 for CVE-2017-5715", url: "https://bugzilla.suse.com/1078353", }, { category: "external", summary: "SUSE Bug 1080039 for CVE-2017-5715", url: "https://bugzilla.suse.com/1080039", }, { category: "external", summary: "SUSE Bug 1087887 for CVE-2017-5715", url: "https://bugzilla.suse.com/1087887", }, { category: "external", summary: "SUSE Bug 1087939 for CVE-2017-5715", url: "https://bugzilla.suse.com/1087939", }, { category: "external", summary: "SUSE Bug 1088147 for CVE-2017-5715", url: "https://bugzilla.suse.com/1088147", }, { category: "external", summary: "SUSE Bug 1089055 for CVE-2017-5715", url: "https://bugzilla.suse.com/1089055", }, { category: "external", summary: "SUSE Bug 1091815 for CVE-2017-5715", url: "https://bugzilla.suse.com/1091815", }, { category: "external", summary: "SUSE Bug 1095735 for CVE-2017-5715", url: "https://bugzilla.suse.com/1095735", }, { category: "external", summary: "SUSE Bug 1102517 for CVE-2017-5715", url: "https://bugzilla.suse.com/1102517", }, { category: "external", summary: "SUSE Bug 1105108 for CVE-2017-5715", url: "https://bugzilla.suse.com/1105108", }, { category: "external", summary: "SUSE Bug 1126516 for CVE-2017-5715", url: "https://bugzilla.suse.com/1126516", }, { category: "external", summary: "SUSE Bug 1173489 for CVE-2017-5715", url: "https://bugzilla.suse.com/1173489", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2017-5715", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1201457 for CVE-2017-5715", url: "https://bugzilla.suse.com/1201457", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2017-5715", url: "https://bugzilla.suse.com/1201877", }, { category: "external", summary: "SUSE Bug 1203236 for CVE-2017-5715", url: "https://bugzilla.suse.com/1203236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-5715", }, { cve: "CVE-2018-12126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12126", }, ], notes: [ { category: "general", text: "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-12126", url: "https://www.suse.com/security/cve/CVE-2018-12126", }, { category: "external", summary: "SUSE Bug 1103186 for CVE-2018-12126", url: "https://bugzilla.suse.com/1103186", }, { category: "external", summary: "SUSE Bug 1111331 for CVE-2018-12126", url: "https://bugzilla.suse.com/1111331", }, { category: "external", summary: "SUSE Bug 1132686 for CVE-2018-12126", url: "https://bugzilla.suse.com/1132686", }, { category: "external", summary: "SUSE Bug 1135409 for CVE-2018-12126", url: "https://bugzilla.suse.com/1135409", }, { category: "external", summary: "SUSE Bug 1135524 for CVE-2018-12126", url: "https://bugzilla.suse.com/1135524", }, { category: "external", summary: "SUSE Bug 1137916 for CVE-2018-12126", url: "https://bugzilla.suse.com/1137916", }, { category: "external", summary: "SUSE Bug 1138534 for CVE-2018-12126", url: "https://bugzilla.suse.com/1138534", }, { category: "external", summary: "SUSE Bug 1141977 for CVE-2018-12126", url: "https://bugzilla.suse.com/1141977", }, { category: "external", summary: "SUSE Bug 1149725 for CVE-2018-12126", url: "https://bugzilla.suse.com/1149725", }, { category: "external", summary: "SUSE Bug 1149726 for CVE-2018-12126", url: "https://bugzilla.suse.com/1149726", }, { category: "external", summary: "SUSE Bug 1149729 for CVE-2018-12126", url: "https://bugzilla.suse.com/1149729", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2018-12126", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2018-12126", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.8, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-12126", }, { cve: "CVE-2018-12130", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12130", }, ], notes: [ { category: "general", text: "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-12130", url: "https://www.suse.com/security/cve/CVE-2018-12130", }, { category: "external", summary: "SUSE Bug 1103186 for CVE-2018-12130", url: "https://bugzilla.suse.com/1103186", }, { category: "external", summary: "SUSE Bug 1111331 for CVE-2018-12130", url: "https://bugzilla.suse.com/1111331", }, { category: "external", summary: "SUSE Bug 1132686 for CVE-2018-12130", url: "https://bugzilla.suse.com/1132686", }, { category: "external", summary: "SUSE Bug 1135409 for CVE-2018-12130", url: "https://bugzilla.suse.com/1135409", }, { category: "external", summary: "SUSE Bug 1137916 for CVE-2018-12130", url: "https://bugzilla.suse.com/1137916", }, { category: "external", summary: "SUSE Bug 1138534 for CVE-2018-12130", url: "https://bugzilla.suse.com/1138534", }, { category: "external", summary: "SUSE Bug 1141977 for CVE-2018-12130", url: "https://bugzilla.suse.com/1141977", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2018-12130", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2018-12130", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-12130", }, { cve: "CVE-2018-3640", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3640", }, ], notes: [ { category: "general", text: "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3640", url: "https://www.suse.com/security/cve/CVE-2018-3640", }, { category: "external", summary: "SUSE Bug 1074701 for CVE-2018-3640", url: "https://bugzilla.suse.com/1074701", }, { category: "external", summary: "SUSE Bug 1087078 for CVE-2018-3640", url: "https://bugzilla.suse.com/1087078", }, { category: "external", summary: "SUSE Bug 1087083 for CVE-2018-3640", url: "https://bugzilla.suse.com/1087083", }, { category: "external", summary: "SUSE Bug 1094912 for CVE-2018-3640", url: "https://bugzilla.suse.com/1094912", }, { category: "external", summary: "SUSE Bug 1098813 for CVE-2018-3640", url: "https://bugzilla.suse.com/1098813", }, { category: "external", summary: "SUSE Bug 1100394 for CVE-2018-3640", url: "https://bugzilla.suse.com/1100394", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2018-3640", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 1175912 for CVE-2018-3640", url: "https://bugzilla.suse.com/1175912", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2018-3640", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-3640", }, { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11139", }, { cve: "CVE-2020-0543", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-0543", }, ], notes: [ { category: "general", text: "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-0543", url: "https://www.suse.com/security/cve/CVE-2020-0543", }, { category: "external", summary: "SUSE Bug 1154824 for CVE-2020-0543", url: "https://bugzilla.suse.com/1154824", }, { category: "external", summary: "SUSE Bug 1172205 for CVE-2020-0543", url: "https://bugzilla.suse.com/1172205", }, { category: "external", summary: "SUSE Bug 1172206 for CVE-2020-0543", url: "https://bugzilla.suse.com/1172206", }, { category: "external", summary: "SUSE Bug 1172207 for CVE-2020-0543", url: "https://bugzilla.suse.com/1172207", }, { category: "external", summary: "SUSE Bug 1172770 for CVE-2020-0543", url: "https://bugzilla.suse.com/1172770", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-0543", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2020-0543", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-0543", }, { cve: "CVE-2020-0548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-0548", }, ], notes: [ { category: "general", text: "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-0548", url: "https://www.suse.com/security/cve/CVE-2020-0548", }, { category: "external", summary: "SUSE Bug 1156353 for CVE-2020-0548", url: "https://bugzilla.suse.com/1156353", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-0548", }, { cve: "CVE-2020-24489", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24489", }, ], notes: [ { category: "general", text: "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24489", url: "https://www.suse.com/security/cve/CVE-2020-24489", }, { category: "external", summary: "SUSE Bug 1179839 for CVE-2020-24489", url: "https://bugzilla.suse.com/1179839", }, { category: "external", summary: "SUSE Bug 1192359 for CVE-2020-24489", url: "https://bugzilla.suse.com/1192359", }, { category: "external", summary: "SUSE Bug 1199300 for CVE-2020-24489", url: "https://bugzilla.suse.com/1199300", }, { category: "external", summary: "SUSE Bug 1201731 for CVE-2020-24489", url: "https://bugzilla.suse.com/1201731", }, { category: "external", summary: "SUSE Bug 1225680 for CVE-2020-24489", url: "https://bugzilla.suse.com/1225680", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-24489", }, { cve: "CVE-2020-24511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24511", }, ], notes: [ { category: "general", text: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24511", url: "https://www.suse.com/security/cve/CVE-2020-24511", }, { category: "external", summary: "SUSE Bug 1179836 for CVE-2020-24511", url: "https://bugzilla.suse.com/1179836", }, { category: "external", summary: "SUSE Bug 1192360 for CVE-2020-24511", url: "https://bugzilla.suse.com/1192360", }, { category: "external", summary: "SUSE Bug 1199300 for CVE-2020-24511", url: "https://bugzilla.suse.com/1199300", }, { category: "external", summary: "SUSE Bug 1201731 for CVE-2020-24511", url: "https://bugzilla.suse.com/1201731", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24511", }, { cve: "CVE-2020-24512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24512", }, ], notes: [ { category: "general", text: "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24512", url: "https://www.suse.com/security/cve/CVE-2020-24512", }, { category: "external", summary: "SUSE Bug 1179837 for CVE-2020-24512", url: "https://bugzilla.suse.com/1179837", }, { category: "external", summary: "SUSE Bug 1192360 for CVE-2020-24512", url: "https://bugzilla.suse.com/1192360", }, { category: "external", summary: "SUSE Bug 1199300 for CVE-2020-24512", url: "https://bugzilla.suse.com/1199300", }, { category: "external", summary: "SUSE Bug 1201731 for CVE-2020-24512", url: "https://bugzilla.suse.com/1201731", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-24512", }, { cve: "CVE-2020-24513", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24513", }, ], notes: [ { category: "general", text: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24513", url: "https://www.suse.com/security/cve/CVE-2020-24513", }, { category: "external", summary: "SUSE Bug 1179833 for CVE-2020-24513", url: "https://bugzilla.suse.com/1179833", }, { category: "external", summary: "SUSE Bug 1192360 for CVE-2020-24513", url: "https://bugzilla.suse.com/1192360", }, { category: "external", summary: "SUSE Bug 1199300 for CVE-2020-24513", url: "https://bugzilla.suse.com/1199300", }, { category: "external", summary: "SUSE Bug 1201731 for CVE-2020-24513", url: "https://bugzilla.suse.com/1201731", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24513", }, { cve: "CVE-2020-8695", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8695", }, ], notes: [ { category: "general", text: "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8695", url: "https://www.suse.com/security/cve/CVE-2020-8695", }, { category: "external", summary: "SUSE Bug 1170415 for CVE-2020-8695", url: "https://bugzilla.suse.com/1170415", }, { category: "external", summary: "SUSE Bug 1170446 for CVE-2020-8695", url: "https://bugzilla.suse.com/1170446", }, { category: "external", summary: "SUSE Bug 1178591 for CVE-2020-8695", url: "https://bugzilla.suse.com/1178591", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-8695", }, { cve: "CVE-2020-8696", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8696", }, ], notes: [ { category: "general", text: "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8696", url: "https://www.suse.com/security/cve/CVE-2020-8696", }, { category: "external", summary: "SUSE Bug 1173592 for CVE-2020-8696", url: "https://bugzilla.suse.com/1173592", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-8696", }, { cve: "CVE-2020-8698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8698", }, ], notes: [ { category: "general", text: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8698", url: "https://www.suse.com/security/cve/CVE-2020-8698", }, { category: "external", summary: "SUSE Bug 1173594 for CVE-2020-8698", url: "https://bugzilla.suse.com/1173594", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x", "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-8698", }, ], }
opensuse-su-2019:2504-1
Vulnerability from csaf_opensuse
Published
2019-11-14 05:54
Modified
2019-11-14 05:54
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2504
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2504", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2504-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2504-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE/#M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2504-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE/#M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-14T05:54:05Z", generator: { date: "2019-11-14T05:54:05Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2504-1", initial_release_date: "2019-11-14T05:54:05Z", revision_history: [ { date: "2019-11-14T05:54:05Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112-lp150.2.30.1.x86_64", product: { name: "ucode-intel-20191112-lp150.2.30.1.x86_64", product_id: "ucode-intel-20191112-lp150.2.30.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.0", product: { name: "openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-lp150.2.30.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", }, product_reference: "ucode-intel-20191112-lp150.2.30.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-14T05:54:05Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-14T05:54:05Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
opensuse-su-2019:2509-1
Vulnerability from csaf_opensuse
Published
2019-11-14 06:30
Modified
2019-11-14 06:30
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames
openSUSE-2019-2509
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2509", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2509-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2509-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GUK5H34U2XTLAIOJIQ7UDAHEDBJ2QCT/#4GUK5H34U2XTLAIOJIQ7UDAHEDBJ2QCT", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2509-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GUK5H34U2XTLAIOJIQ7UDAHEDBJ2QCT/#4GUK5H34U2XTLAIOJIQ7UDAHEDBJ2QCT", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-14T06:30:51Z", generator: { date: "2019-11-14T06:30:51Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2509-1", initial_release_date: "2019-11-14T06:30:51Z", revision_history: [ { date: "2019-11-14T06:30:51Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112-lp151.2.9.1.x86_64", product: { name: "ucode-intel-20191112-lp151.2.9.1.x86_64", product_id: "ucode-intel-20191112-lp151.2.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", }, product_reference: "ucode-intel-20191112-lp151.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-14T06:30:51Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:ucode-intel-20191112-lp151.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-14T06:30:51Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
opensuse-su-2019:2528-1
Vulnerability from csaf_opensuse
Published
2019-11-18 09:56
Modified
2019-11-18 09:56
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames
openSUSE-2019-2528
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2528", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2528-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2528-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VPYX74HKOHWYW6GOJM3PN5OCIGQS4IP2/#VPYX74HKOHWYW6GOJM3PN5OCIGQS4IP2", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2528-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VPYX74HKOHWYW6GOJM3PN5OCIGQS4IP2/#VPYX74HKOHWYW6GOJM3PN5OCIGQS4IP2", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-18T09:56:36Z", generator: { date: "2019-11-18T09:56:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2528-1", initial_release_date: "2019-11-18T09:56:36Z", revision_history: [ { date: "2019-11-18T09:56:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112a-lp151.2.12.1.x86_64", product: { name: "ucode-intel-20191112a-lp151.2.12.1.x86_64", product_id: "ucode-intel-20191112a-lp151.2.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", }, product_reference: "ucode-intel-20191112a-lp151.2.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-18T09:56:36Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:ucode-intel-20191112a-lp151.2.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-18T09:56:36Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
opensuse-su-2019:2527-1
Vulnerability from csaf_opensuse
Published
2019-11-18 09:56
Modified
2019-11-18 09:56
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2527
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2527", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2527-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2527-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ILHYRTCJV4JB7GTI5KDDGCMTR5BWLJPM/#ILHYRTCJV4JB7GTI5KDDGCMTR5BWLJPM", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2527-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ILHYRTCJV4JB7GTI5KDDGCMTR5BWLJPM/#ILHYRTCJV4JB7GTI5KDDGCMTR5BWLJPM", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-18T09:56:28Z", generator: { date: "2019-11-18T09:56:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2527-1", initial_release_date: "2019-11-18T09:56:28Z", revision_history: [ { date: "2019-11-18T09:56:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112a-lp150.2.33.1.x86_64", product: { name: "ucode-intel-20191112a-lp150.2.33.1.x86_64", product_id: "ucode-intel-20191112a-lp150.2.33.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.0", product: { name: "openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-lp150.2.33.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", }, product_reference: "ucode-intel-20191112a-lp150.2.33.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-18T09:56:28Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-18T09:56:28Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
ghsa-m783-749c-c739
Vulnerability from github
Published
2022-05-24 17:00
Modified
2022-11-11 12:00
Severity ?
Details
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
{ affected: [], aliases: [ "CVE-2019-11139", ], database_specific: { cwe_ids: [ "CWE-754", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2019-11-14T19:15:00Z", severity: "LOW", }, details: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", id: "GHSA-m783-749c-c739", modified: "2022-11-11T12:00:23Z", published: "2022-05-24T17:00:57Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11139", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, { type: "WEB", url: "https://seclists.org/bugtraq/2019/Dec/28", }, { type: "WEB", url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", }, { type: "WEB", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { type: "WEB", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2019-11139
Vulnerability from fkie_nvd
Published
2019-11-14 19:15
Modified
2024-11-21 04:20
Severity ?
Summary
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8153_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A2DFB869-33F8-4459-95CE-04555196776C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8153:-:*:*:*:*:*:*:*", matchCriteriaId: "0D6EBCF2-2DF1-41B8-BA7E-3B576CB653E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8156_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D2219666-0265-4791-B2E0-0F65B526915A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8156:-:*:*:*:*:*:*:*", matchCriteriaId: "1D922C72-5646-4BC9-8554-C350BC489FA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8158_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "66D94CC9-23D3-4FB7-85EA-FB44EE4DA205", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8158:-:*:*:*:*:*:*:*", matchCriteriaId: "0B553518-4B86-4876-84BE-4C77769DA233", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8160_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "39968F90-2D2F-418B-A8A4-BE992DEC1561", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8160:-:*:*:*:*:*:*:*", matchCriteriaId: "D419FED8-FB40-40CE-82BA-A5D79DEB5A02", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8160f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8903A604-1176-45B9-B967-65624E3A6507", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8160f:-:*:*:*:*:*:*:*", matchCriteriaId: "CE0F30B1-3873-4120-8A73-3F93350745BF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8160m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AC4F99BB-52FB-4D1D-B783-F33A7CF99425", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8160m:-:*:*:*:*:*:*:*", matchCriteriaId: "D28BCE14-2F61-4FF5-B3B9-AF60A08D89E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8160t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "81284EE2-526F-42C5-96DB-0DA222C4CCE3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8160t:-:*:*:*:*:*:*:*", matchCriteriaId: "21801FEA-5B52-4297-917C-2BA0EDDF57E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8164_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BB9A22A2-CF28-46EE-992B-42D5142877BD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8164:-:*:*:*:*:*:*:*", matchCriteriaId: "D3931109-5AFA-4C11-9A4A-BC0E2C208E96", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8168_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0D56EAAC-499C-4E5F-895E-3CCC0EBD25C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8168:-:*:*:*:*:*:*:*", matchCriteriaId: "54F9A665-FB0F-4CEB-B3A7-5AEE55EBB676", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8170_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "85FA027A-93B1-4C10-9DAB-16C6BED90D29", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8170:-:*:*:*:*:*:*:*", matchCriteriaId: "FE76F51B-8C7D-42D0-BD4F-AD2C2E8EA0A1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8170m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D4FDA8F4-77B6-4E0A-9891-B323EAEB1A29", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8170m:-:*:*:*:*:*:*:*", matchCriteriaId: "A1941CFA-881E-4863-8E13-49459EF4B6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8176_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5E42B923-8CE9-4669-8AD9-62733DEA6F70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8176:-:*:*:*:*:*:*:*", matchCriteriaId: "5613DF64-FF2F-4A47-BAE0-D2A8152036DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8176f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "35696FDE-A146-437B-A8F8-E23A656FD5FC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8176f:-:*:*:*:*:*:*:*", matchCriteriaId: "A81E98EA-6E25-44A4-A721-8E867DACC5EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8176m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A429F5-4EED-468D-95A6-BC81AAB707EE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8176m:-:*:*:*:*:*:*:*", matchCriteriaId: "8CFBF5AC-88B4-4BE4-AA5F-950A4A62D89D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8180_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6F487028-015D-4BCC-A639-F2DED35FD467", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8180:-:*:*:*:*:*:*:*", matchCriteriaId: "8D28D96F-67C3-4DAD-9A8A-AA0641B43744", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_8180m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F5A67280-25D1-43F0-8CF2-C6C90A312208", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_8180m:-:*:*:*:*:*:*:*", matchCriteriaId: "4A36C0B5-0792-4895-A2E1-5FBB72E5FD76", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5115_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1609E1C0-7A46-4941-996E-5631A8A50B7F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5115:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F88FF7-A45D-4B08-B3D0-B9D6D2CFBAE4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5118_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7DEB7879-90E3-43E8-8B31-34A1245AC25C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5118:-:*:*:*:*:*:*:*", matchCriteriaId: "D7EAF827-76FF-45FF-811B-C26129361DF5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5119t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D689D4C6-FB59-4759-9A08-B18238B99C6E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5119t:-:*:*:*:*:*:*:*", matchCriteriaId: "8CC08EC7-31FC-4A31-BC63-0CDAE900DD4D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5120_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "9B6B2817-3923-4614-8ACD-2570DF3936B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5120:-:*:*:*:*:*:*:*", matchCriteriaId: "31ACA3B7-70AF-4085-A80B-1154AB636EE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5120t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EAD02B5E-7798-4505-B8E3-E1CEEB8C1845", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5120t:-:*:*:*:*:*:*:*", matchCriteriaId: "1703CAB8-306C-4E37-94CA-7DE1B1CC5332", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_5122_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "06BF3352-3208-4EB2-85AC-998354B8DBB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_5122:-:*:*:*:*:*:*:*", matchCriteriaId: "0AEDAE12-BEB4-4BA4-ACB6-CFCAFB346C47", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6126_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F1069193-8BF5-4EB2-B8C8-E11D26562F66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6126:-:*:*:*:*:*:*:*", matchCriteriaId: "C001A4D3-704B-4C51-9025-3EEA74DEC82C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6126f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "9F661978-39C8-460A-A41D-2B0ADD476067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6126f:-:*:*:*:*:*:*:*", matchCriteriaId: "C8894B01-D94B-48BD-A2C5-FC2392E7E1B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6126t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E06283C7-8104-447C-84E7-5AF39C10E2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6126t:-:*:*:*:*:*:*:*", matchCriteriaId: "4BA6456F-708A-47AE-8573-AE2E4D19E5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6128_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4C7E0ED9-684B-4A2F-AFBF-0D84707632F9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6128:-:*:*:*:*:*:*:*", matchCriteriaId: "79514ECE-C041-42CE-BA56-12FE918AEEF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6130_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CA20D328-0D65-47D9-9AC0-74BAED085963", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6130:-:*:*:*:*:*:*:*", matchCriteriaId: "B8E77EF6-A378-481A-A57D-295796DB4694", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6130f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5962DA-4C52-49A2-93A2-B66180EC97E3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6130f:-:*:*:*:*:*:*:*", matchCriteriaId: "DC1995BA-25F4-49CD-AC62-DCC372A0CAE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6130t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CAACFC5A-9659-4BF7-B9FF-1F384EEBF857", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6130t:-:*:*:*:*:*:*:*", matchCriteriaId: "648CEB95-915C-44AA-AA62-57DF6366E0CE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6132_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0E919175-FA64-4AFA-ABB6-23F965603A51", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6132:-:*:*:*:*:*:*:*", matchCriteriaId: "29FCCBDE-DDC6-425C-9EFF-F3420F582D59", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6134_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0697B628-D7F9-4799-97CF-30BDC87BBB36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6134:-:*:*:*:*:*:*:*", matchCriteriaId: "7341AC9C-193A-40C8-ACFA-B95E330A74C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6134m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "98928B31-B2B3-47B0-BF06-B1BE9C801AB3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6134m:-:*:*:*:*:*:*:*", matchCriteriaId: "12062D98-F990-4B1F-ADCE-E76F5F879DFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6136_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "14F68B37-A831-48CF-978D-5B69E36B7DA6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6136:-:*:*:*:*:*:*:*", matchCriteriaId: "7C4FA382-57C9-4C90-91FC-0CCFA7374788", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6138_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EDA239D1-6073-4E2A-A8EA-FDC5172B6017", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6138:-:*:*:*:*:*:*:*", matchCriteriaId: "396BF8C5-C6DE-4E5D-9125-8A36B274F428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6138f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2FF0CD52-3BCA-48DB-AD61-3675F548DA04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6138f:-:*:*:*:*:*:*:*", matchCriteriaId: "0B64F57E-1A40-49FF-AC61-B5CFBC8B59EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6138t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "10A29477-CD74-4BA9-9907-E0DCFE645509", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6138t:-:*:*:*:*:*:*:*", matchCriteriaId: "7CD7263E-7101-4774-9DE2-6EA884ADBB45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6140_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "58138B2C-37AC-48DD-9B45-19B2062EFD39", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6140:-:*:*:*:*:*:*:*", matchCriteriaId: "0BD7D153-24DD-42B8-85DD-BAD9F073DB75", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6140m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "91D8E25B-C91A-408C-BE7E-640518184CA1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6140m:-:*:*:*:*:*:*:*", matchCriteriaId: "AF1ECBC7-BB8A-494E-AF84-4537ED605DFA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6142_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FF6CA76-6747-4AEE-82F4-7ECAF4FA3477", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6142:-:*:*:*:*:*:*:*", matchCriteriaId: "8A4B4211-5D41-489F-90CD-D4433E327B5D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6142f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D987EDBB-1385-4613-9EEE-F2E0E5ECB97E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6142f:-:*:*:*:*:*:*:*", matchCriteriaId: "4D438C9E-657F-406E-8BED-76B8A89CDEF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6144_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A7641D6A-E7DF-4DD5-B7EA-E96FF867209D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6144:-:*:*:*:*:*:*:*", matchCriteriaId: "547F2F51-C9D7-4729-8E77-D6EC9234AE32", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6146_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7C556955-3BB3-46D8-9C59-66318719A8E6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6146:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E2CF69-B958-4833-BD5B-D3FF51FEA5BA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6148_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "351632F2-B56D-421D-ABDA-3F02040B8BA8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6148:-:*:*:*:*:*:*:*", matchCriteriaId: "0D5041FF-046C-4DC5-B943-29024FEFCA3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6148f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "172E3226-074A-4A4A-B4EC-DAE60C2DCB49", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6148f:-:*:*:*:*:*:*:*", matchCriteriaId: "64C9103A-B87D-4906-BE63-9E7CCF549B62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6150_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C59D3154-52AC-41CE-B578-B504D8217E9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6150:-:*:*:*:*:*:*:*", matchCriteriaId: "02356D3B-CF1D-474D-9489-70C783FB240D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6152_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "702469D7-98CA-445F-B0E5-2731E2F834CC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6152:-:*:*:*:*:*:*:*", matchCriteriaId: "2D190CA8-62DD-48C1-A2CF-5E4DD7087724", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_6154_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "97F90DF0-D7E6-4F4B-ADD8-EFF15DF2B8CD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_6154:-:*:*:*:*:*:*:*", matchCriteriaId: "66B557A9-22AA-4231-8181-A048BCDE559D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4108_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4C37AE95-8451-4260-A245-F9867698766C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4108:-:*:*:*:*:*:*:*", matchCriteriaId: "6B73B8B0-2816-4769-AB49-6103C606220C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4109t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "76D77A9E-3271-41CF-9E0A-77237E3CCA27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4109t:-:*:*:*:*:*:*:*", matchCriteriaId: "02DE4F50-1762-43A6-9B23-E777AEAC9BB8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4110_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "31E0AEBC-640B-45DB-8062-9BCBF6F78E23", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4110:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F8AB-65B9-4C1E-AE94-D6354BBB92BF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4112_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4EBF7470-5EE3-48FE-90D4-B18E8902F84A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4112:-:*:*:*:*:*:*:*", matchCriteriaId: "580EE4F4-8F7A-4DEA-A6D5-17EE07223F1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4114_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EF2381BA-717C-465F-ACB2-F751B8DB558B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4114:-:*:*:*:*:*:*:*", matchCriteriaId: "8A77EDB9-F4AF-4F1E-A89B-CC3C8348E3FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4114t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CF44B3B6-CBCD-4F15-A717-8B06EBC737D9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4114t:-:*:*:*:*:*:*:*", matchCriteriaId: "17BB6D83-93B9-4998-AF65-B40C6305CB05", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4116_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4E808ECA-197A-4443-82EF-4A0F8E56D3E3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4116:-:*:*:*:*:*:*:*", matchCriteriaId: "26299DE8-DC9A-491B-B1B6-B8FE2A63C1E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_4116t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "82805C40-0057-4DB2-86B1-CD1BD88A7E46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_4116t:-:*:*:*:*:*:*:*", matchCriteriaId: "2E1FFF6A-6E39-49D6-B9F4-E052D17F2E00", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_3104_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB055DB1-7C17-4D9A-B634-B8306EF82085", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_3104:-:*:*:*:*:*:*:*", matchCriteriaId: "6BFD9456-BCA8-490C-9C5C-5B87740DBF8F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_3106_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "389172DD-3511-42C1-82E8-D3E552EF26CC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_3106:-:*:*:*:*:*:*:*", matchCriteriaId: "F15B3ADD-3D03-48EC-8CE6-31A3DB69AD0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", }, { lang: "es", value: "Una comprobación de condiciones inapropiadas en la interfaz de modulación de voltaje para algunos Intel® Xeon® Scalable Processors, puede habilitar a un usuario privilegiado para permitir potencialmente una denegación de servicio por medio de un acceso local.", }, ], id: "CVE-2019-11139", lastModified: "2024-11-21T04:20:36.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-14T19:15:13.190", references: [ { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/28", }, { source: "secure@intel.com", url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
suse-su-2019:2957-1
Vulnerability from csaf_suse
Published
2019-11-12 18:15
Modified
2019-11-12 18:15
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
SUSE-2019-2957,SUSE-SLE-Module-Basesystem-15-2019-2957
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2957,SUSE-SLE-Module-Basesystem-15-2019-2957", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2957-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2957-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192957-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2957-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006122.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-12T18:15:48Z", generator: { date: "2019-11-12T18:15:48Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2957-1", initial_release_date: "2019-11-12T18:15:48Z", revision_history: [ { date: "2019-11-12T18:15:48Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112-3.28.1.i586", product: { name: "ucode-intel-20191112-3.28.1.i586", product_id: "ucode-intel-20191112-3.28.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112-3.28.1.x86_64", product: { name: "ucode-intel-20191112-3.28.1.x86_64", product_id: "ucode-intel-20191112-3.28.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", }, product_reference: "ucode-intel-20191112-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:15:48Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:15:48Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:2988-1
Vulnerability from csaf_suse
Published
2019-11-15 12:10
Modified
2019-11-15 12:10
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
HPE-Helion-OpenStack-8-2019-2988,SUSE-2019-2988,SUSE-OpenStack-Cloud-7-2019-2988,SUSE-OpenStack-Cloud-8-2019-2988,SUSE-OpenStack-Cloud-Crowbar-8-2019-2988,SUSE-SLE-DESKTOP-12-SP4-2019-2988,SUSE-SLE-SAP-12-SP1-2019-2988,SUSE-SLE-SAP-12-SP2-2019-2988,SUSE-SLE-SAP-12-SP3-2019-2988,SUSE-SLE-SERVER-12-SP1-2019-2988,SUSE-SLE-SERVER-12-SP2-2019-2988,SUSE-SLE-SERVER-12-SP2-BCL-2019-2988,SUSE-SLE-SERVER-12-SP3-2019-2988,SUSE-SLE-SERVER-12-SP3-BCL-2019-2988,SUSE-SLE-SERVER-12-SP4-2019-2988,SUSE-Storage-5-2019-2988
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2019-2988,SUSE-2019-2988,SUSE-OpenStack-Cloud-7-2019-2988,SUSE-OpenStack-Cloud-8-2019-2988,SUSE-OpenStack-Cloud-Crowbar-8-2019-2988,SUSE-SLE-DESKTOP-12-SP4-2019-2988,SUSE-SLE-SAP-12-SP1-2019-2988,SUSE-SLE-SAP-12-SP2-2019-2988,SUSE-SLE-SAP-12-SP3-2019-2988,SUSE-SLE-SERVER-12-SP1-2019-2988,SUSE-SLE-SERVER-12-SP2-2019-2988,SUSE-SLE-SERVER-12-SP2-BCL-2019-2988,SUSE-SLE-SERVER-12-SP3-2019-2988,SUSE-SLE-SERVER-12-SP3-BCL-2019-2988,SUSE-SLE-SERVER-12-SP4-2019-2988,SUSE-Storage-5-2019-2988", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2988-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2988-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192988-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2988-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006148.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-15T12:10:06Z", generator: { date: "2019-11-15T12:10:06Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2988-1", initial_release_date: "2019-11-15T12:10:06Z", revision_history: [ { date: "2019-11-15T12:10:06Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112a-13.56.1.i586", product: { name: "ucode-intel-20191112a-13.56.1.i586", product_id: "ucode-intel-20191112a-13.56.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112a-13.56.1.x86_64", product: { name: "ucode-intel-20191112a-13.56.1.x86_64", product_id: "ucode-intel-20191112a-13.56.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 7", product: { name: "SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:7", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP4", product: { name: "SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 5", product: { name: "SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5", product_identification_helper: { cpe: "cpe:/o:suse:ses:5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-13.56.1.x86_64 as component of SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", }, product_reference: "ucode-intel-20191112a-13.56.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 5", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:10:06Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112a-13.56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112a-13.56.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112a-13.56.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:10:06Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:14217-1
Vulnerability from csaf_suse
Published
2019-11-13 15:16
Modified
2019-11-13 15:16
Summary
Security update for microcode_ctl
Notes
Title of the patch
Security update for microcode_ctl
Description of the patch
This update for microcode_ctl fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
sleposp3-microcode_ctl-14217,slessp4-microcode_ctl-14217
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for microcode_ctl", title: "Title of the patch", }, { category: "description", text: "This update for microcode_ctl fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "sleposp3-microcode_ctl-14217,slessp4-microcode_ctl-14217", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14217-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:14217-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914217-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:14217-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006136.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for microcode_ctl", tracking: { current_release_date: "2019-11-13T15:16:38Z", generator: { date: "2019-11-13T15:16:38Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:14217-1", initial_release_date: "2019-11-13T15:16:38Z", revision_history: [ { date: "2019-11-13T15:16:38Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "microcode_ctl-1.17-102.83.47.1.i586", product: { name: "microcode_ctl-1.17-102.83.47.1.i586", product_id: "microcode_ctl-1.17-102.83.47.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "microcode_ctl-1.17-102.83.47.1.x86_64", product: { name: "microcode_ctl-1.17-102.83.47.1.x86_64", product_id: "microcode_ctl-1.17-102.83.47.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Point of Sale 11 SP3", product: { name: "SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-pos:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.47.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", }, product_reference: "microcode_ctl-1.17-102.83.47.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Point of Sale 11 SP3", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.47.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", }, product_reference: "microcode_ctl-1.17-102.83.47.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.47.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", }, product_reference: "microcode_ctl-1.17-102.83.47.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-13T15:16:38Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.47.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-13T15:16:38Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:2958-1
Vulnerability from csaf_suse
Published
2019-11-12 18:16
Modified
2019-11-12 18:16
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
SUSE-2019-2958,SUSE-SLE-Module-Basesystem-15-SP1-2019-2958
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2958,SUSE-SLE-Module-Basesystem-15-SP1-2019-2958", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2958-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2958-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192958-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2958-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192958-1.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-12T18:16:08Z", generator: { date: "2019-11-12T18:16:08Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2958-1", initial_release_date: "2019-11-12T18:16:08Z", revision_history: [ { date: "2019-11-12T18:16:08Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112-3.9.1.i586", product: { name: "ucode-intel-20191112-3.9.1.i586", product_id: "ucode-intel-20191112-3.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112-3.9.1.x86_64", product: { name: "ucode-intel-20191112-3.9.1.x86_64", product_id: "ucode-intel-20191112-3.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", }, product_reference: "ucode-intel-20191112-3.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:16:08Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:16:08Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:3091-1
Vulnerability from csaf_suse
Published
2019-11-28 14:44
Modified
2019-11-28 14:44
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel to version fixes the following issues:
- Updated to 20191115 official security release (bsc#1157004 and bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
SUSE-2019-3091,SUSE-SLE-SERVER-12-SP5-2019-3091
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel to version fixes the following issues:\n\n- Updated to 20191115 official security release (bsc#1157004 and bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-3091,SUSE-SLE-SERVER-12-SP5-2019-3091", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3091-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:3091-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193091-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:3091-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006195.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE Bug 1157004", url: "https://bugzilla.suse.com/1157004", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-28T14:44:12Z", generator: { date: "2019-11-28T14:44:12Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:3091-1", initial_release_date: "2019-11-28T14:44:12Z", revision_history: [ { date: "2019-11-28T14:44:12Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191115-3.3.1.i586", product: { name: "ucode-intel-20191115-3.3.1.i586", product_id: "ucode-intel-20191115-3.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191115-3.3.1.x86_64", product: { name: "ucode-intel-20191115-3.3.1.x86_64", product_id: "ucode-intel-20191115-3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191115-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", }, product_reference: "ucode-intel-20191115-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191115-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", }, product_reference: "ucode-intel-20191115-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-28T14:44:12Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-28T14:44:12Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:2959-1
Vulnerability from csaf_suse
Published
2019-11-12 18:17
Modified
2019-11-12 18:17
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
- requires coreutils for the %post script (bsc#1154043)
Patchnames
HPE-Helion-OpenStack-8-2019-2959,SUSE-2019-2959,SUSE-OpenStack-Cloud-7-2019-2959,SUSE-OpenStack-Cloud-8-2019-2959,SUSE-OpenStack-Cloud-Crowbar-8-2019-2959,SUSE-SLE-DESKTOP-12-SP4-2019-2959,SUSE-SLE-SAP-12-SP1-2019-2959,SUSE-SLE-SAP-12-SP2-2019-2959,SUSE-SLE-SAP-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP1-2019-2959,SUSE-SLE-SERVER-12-SP2-2019-2959,SUSE-SLE-SERVER-12-SP2-BCL-2019-2959,SUSE-SLE-SERVER-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP3-BCL-2019-2959,SUSE-SLE-SERVER-12-SP4-2019-2959,SUSE-SLE-SERVER-12-SP5-2019-2959,SUSE-Storage-5-2019-2959
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 security release (bsc#1155988)\n - Processor Identifier Version Products\n - Model Stepping F-MO-S/PI Old->New\n - ---- new platforms ----------------------------------------\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n - ---- updated platforms ------------------------------------\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\n- requires coreutils for the %post script (bsc#1154043)\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2019-2959,SUSE-2019-2959,SUSE-OpenStack-Cloud-7-2019-2959,SUSE-OpenStack-Cloud-8-2019-2959,SUSE-OpenStack-Cloud-Crowbar-8-2019-2959,SUSE-SLE-DESKTOP-12-SP4-2019-2959,SUSE-SLE-SAP-12-SP1-2019-2959,SUSE-SLE-SAP-12-SP2-2019-2959,SUSE-SLE-SAP-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP1-2019-2959,SUSE-SLE-SERVER-12-SP2-2019-2959,SUSE-SLE-SERVER-12-SP2-BCL-2019-2959,SUSE-SLE-SERVER-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP3-BCL-2019-2959,SUSE-SLE-SERVER-12-SP4-2019-2959,SUSE-SLE-SERVER-12-SP5-2019-2959,SUSE-Storage-5-2019-2959", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2959-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2959-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2959-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1154043", url: "https://bugzilla.suse.com/1154043", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-12T18:17:15Z", generator: { date: "2019-11-12T18:17:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2959-1", initial_release_date: "2019-11-12T18:17:15Z", revision_history: [ { date: "2019-11-12T18:17:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112-13.53.1.i586", product: { name: "ucode-intel-20191112-13.53.1.i586", product_id: "ucode-intel-20191112-13.53.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112-13.53.1.x86_64", product: { name: "ucode-intel-20191112-13.53.1.x86_64", product_id: "ucode-intel-20191112-13.53.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 7", product: { name: "SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:7", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP4", product: { name: "SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 5", product: { name: "SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5", product_identification_helper: { cpe: "cpe:/o:suse:ses:5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112-13.53.1.x86_64 as component of SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", }, product_reference: "ucode-intel-20191112-13.53.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 5", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:17:15Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1.x86_64", "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-12T18:17:15Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:14220-1
Vulnerability from csaf_suse
Published
2019-11-15 12:09
Modified
2019-11-15 12:09
Summary
Security update for microcode_ctl
Notes
Title of the patch
Security update for microcode_ctl
Description of the patch
This update for microcode_ctl fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
sleposp3-microcode_ctl-14220,slessp4-microcode_ctl-14220
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for microcode_ctl", title: "Title of the patch", }, { category: "description", text: "This update for microcode_ctl fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "sleposp3-microcode_ctl-14220,slessp4-microcode_ctl-14220", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14220-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:14220-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914220-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:14220-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006151.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for microcode_ctl", tracking: { current_release_date: "2019-11-15T12:09:02Z", generator: { date: "2019-11-15T12:09:02Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:14220-1", initial_release_date: "2019-11-15T12:09:02Z", revision_history: [ { date: "2019-11-15T12:09:02Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "microcode_ctl-1.17-102.83.50.1.i586", product: { name: "microcode_ctl-1.17-102.83.50.1.i586", product_id: "microcode_ctl-1.17-102.83.50.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "microcode_ctl-1.17-102.83.50.1.x86_64", product: { name: "microcode_ctl-1.17-102.83.50.1.x86_64", product_id: "microcode_ctl-1.17-102.83.50.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Point of Sale 11 SP3", product: { name: "SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-pos:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.50.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", product_id: "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", }, product_reference: "microcode_ctl-1.17-102.83.50.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Point of Sale 11 SP3", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.50.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", }, product_reference: "microcode_ctl-1.17-102.83.50.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-1.17-102.83.50.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", }, product_reference: "microcode_ctl-1.17-102.83.50.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:02Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.i586", "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.50.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:02Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:2987-1
Vulnerability from csaf_suse
Published
2019-11-15 12:09
Modified
2019-11-15 12:09
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
SUSE-2019-2987,SUSE-SLE-Module-Basesystem-15-SP1-2019-2987
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2987,SUSE-SLE-Module-Basesystem-15-SP1-2019-2987", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2987-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2987-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192987-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2987-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006150.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-15T12:09:24Z", generator: { date: "2019-11-15T12:09:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2987-1", initial_release_date: "2019-11-15T12:09:24Z", revision_history: [ { date: "2019-11-15T12:09:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112a-3.13.2.i586", product: { name: "ucode-intel-20191112a-3.13.2.i586", product_id: "ucode-intel-20191112a-3.13.2.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112a-3.13.2.x86_64", product: { name: "ucode-intel-20191112a-3.13.2.x86_64", product_id: "ucode-intel-20191112a-3.13.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-3.13.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", }, product_reference: "ucode-intel-20191112a-3.13.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:24Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20191112a-3.13.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:24Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
suse-su-2019:2986-1
Vulnerability from csaf_suse
Published
2019-11-15 12:09
Modified
2019-11-15 12:09
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Patchnames
SUSE-2019-2986,SUSE-SLE-Module-Basesystem-15-2019-2986
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Updated to 20191112 official security release (bsc#1155988)\n- Includes security fixes for:\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2986,SUSE-SLE-Module-Basesystem-15-2019-2986", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2986-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2986-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192986-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2986-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006147.html", }, { category: "self", summary: "SUSE Bug 1139073", url: "https://bugzilla.suse.com/1139073", }, { category: "self", summary: "SUSE Bug 1141035", url: "https://bugzilla.suse.com/1141035", }, { category: "self", summary: "SUSE Bug 1155988", url: "https://bugzilla.suse.com/1155988", }, { category: "self", summary: "SUSE CVE CVE-2019-11135 page", url: "https://www.suse.com/security/cve/CVE-2019-11135/", }, { category: "self", summary: "SUSE CVE CVE-2019-11139 page", url: "https://www.suse.com/security/cve/CVE-2019-11139/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2019-11-15T12:09:16Z", generator: { date: "2019-11-15T12:09:16Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2986-1", initial_release_date: "2019-11-15T12:09:16Z", revision_history: [ { date: "2019-11-15T12:09:16Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20191112a-3.31.1.i586", product: { name: "ucode-intel-20191112a-3.31.1.i586", product_id: "ucode-intel-20191112a-3.31.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20191112a-3.31.1.x86_64", product: { name: "ucode-intel-20191112a-3.31.1.x86_64", product_id: "ucode-intel-20191112a-3.31.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20191112a-3.31.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", }, product_reference: "ucode-intel-20191112a-3.31.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11135", }, ], notes: [ { category: "general", text: "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11135", url: "https://www.suse.com/security/cve/CVE-2019-11135", }, { category: "external", summary: "SUSE Bug 1139073 for CVE-2019-11135", url: "https://bugzilla.suse.com/1139073", }, { category: "external", summary: "SUSE Bug 1152497 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152497", }, { category: "external", summary: "SUSE Bug 1152505 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152505", }, { category: "external", summary: "SUSE Bug 1152506 for CVE-2019-11135", url: "https://bugzilla.suse.com/1152506", }, { category: "external", summary: "SUSE Bug 1160120 for CVE-2019-11135", url: "https://bugzilla.suse.com/1160120", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2019-11135", url: "https://bugzilla.suse.com/1201877", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:16Z", details: "moderate", }, ], title: "CVE-2019-11135", }, { cve: "CVE-2019-11139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11139", }, ], notes: [ { category: "general", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11139", url: "https://www.suse.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "SUSE Bug 1141035 for CVE-2019-11139", url: "https://bugzilla.suse.com/1141035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20191112a-3.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-11-15T12:09:16Z", details: "moderate", }, ], title: "CVE-2019-11139", }, ], }
WID-SEC-W-2023-1689
Vulnerability from csaf_certbund
Published
2019-11-12 23:00
Modified
2023-07-09 22:00
Summary
Intel Prozessoren: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- F5 Networks
- BIOS/Firmware
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Der Prozessor ist das zentrale Rechenwerk eines Computers.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- F5 Networks\n- BIOS/Firmware\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1689 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-1689.json", }, { category: "self", summary: "WID-SEC-2023-1689 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1689", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3822 vom 2023-07-08", url: "https://linux.oracle.com/errata/ELSA-2023-3822.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0026 vom 2020-01-06", url: "https://access.redhat.com/errata/RHSA-2020:0026", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0028 vom 2020-01-06", url: "https://access.redhat.com/errata/RHSA-2020:0028", }, { category: "external", summary: "NetApp Security Advisory", url: "https://security.netapp.com/advisory/ntap-20191213-0001/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0334-1 vom 2020-02-06", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200334-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0204 vom 2020-01-22", url: "https://access.redhat.com/errata/RHSA-2020:0204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0328 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0328", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0366 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0366", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0339 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0339", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0093-1 vom 2020-01-14", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0279 vom 2020-01-29", url: "https://access.redhat.com/errata/RHSA-2020:0279", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00164 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00210 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00219 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00220 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00240 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00241 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00242 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00254 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00254.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00260 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00270 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00271 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00280 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html", }, { category: "external", summary: "Debian Security Advisory DSA-4565-1 vom 2019-11-13", url: "https://lists.debian.org/debian-security-announce/2019/msg00219.html", }, { category: "external", summary: "Debian Security Advisory DSA-4564-1 vom 2019-11-13", url: "https://lists.debian.org/debian-security-announce/2019/msg00215.html", }, { category: "external", summary: "Xen Security Advisory XSA-305 vom 2019-11-12", url: "https://xenbits.xen.org/xsa/advisory-305.html", }, { category: "external", summary: "Xen Security Advisory XSA-304 vom 2019-11-12", url: "https://xenbits.xen.org/xsa/advisory-304.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3832 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3832", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3833 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3833", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3834 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3834", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3835 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3835", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3837 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3837", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3838 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3838", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3839 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3839", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3840 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3840", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3842 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3842", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3844 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3844", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3860 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3860", }, { category: "external", summary: "Oraclevm-errata OVMSA-2019-0052 vom 2019-11-12", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000966.html", }, { category: "external", summary: "The FreeBSD Project Security Advisory FreeBSD-SA-19:25.mcepsc vom 2019-11-12", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:25.mcepsc.asc", }, { category: "external", summary: "The FreeBSD Project Security Advisory FreeBSD-SA-19:26.mcu vom 2019-11-12", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:26.mcu.asc", }, { category: "external", summary: "Ubuntu Security Notice USN-4187-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4187-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4188-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4188-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4186-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4186-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4185-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4185-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4184-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4184-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4183-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4183-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4182-2/", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-147 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319429/dsa-2019-147-dell-client-platform-security-update-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-166 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319434/dsa-2019-166-dell-emc-server-platform-security-advisory-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-153 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319438/dsa-2019-153-dell-emc-networking-security-advisory-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2946-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2948-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2949-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2957-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192957-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2958-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192958-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2959-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/", }, { category: "external", summary: "VMware Security Advisories VMSA-2019-0020 vom 2019-11-12", url: "https://www.vmware.com/security/advisories/VMSA-2019-0020.html", }, { category: "external", summary: "Ubuntu Security Notice USN-4186-3 vom 2019-11-13", url: "https://usn.ubuntu.com/4186-3/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:14217-1 vom 2019-11-13", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914217-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3873 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3873", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3872 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3872", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3877 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3877", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3878 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3878", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3872 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3872", }, { category: "external", summary: "Ubuntu Security Notice USN-4184-2 vom 2019-11-13", url: "https://usn.ubuntu.com/4184-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4183-2 vom 2019-11-13", url: "https://usn.ubuntu.com/4183-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4185-3 vom 2019-11-13", url: "https://usn.ubuntu.com/4185-3/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3883 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3883", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201911-14 vom 2019-11-13", url: "https://security.archlinux.org/ASA-201911-14", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3870 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3870", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3871 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3871", }, { category: "external", summary: "Citrix Hypervisor Security Update CTX263684 vom 2019-11-12", url: "https://support.citrix.com/article/CTX263684", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03971 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03971en_us", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03967 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03967en_us", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3872 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3872-Important-CentOS-7-kernel-Security-Update-tp4645757.html", }, { category: "external", summary: "F5 Security Advisory K32412503 vom 2019-11-15", url: "https://support.f5.com/csp/article/K32412503", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3834 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3834-Important-CentOS-7-kernel-Security-Update-tp4645756.html", }, { category: "external", summary: "HP Security Bulletin HPESBHF03963 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03968en_us", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3878 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3878-Important-CentOS-6-kernel-Security-Update-tp4645758.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3887 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3887", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3889 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3889", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-237 vom 2019-11-14", url: "https://downloads.avaya.com/css/P8/documents/101062296", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03969 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03969en_us", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2984-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:14220-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914220-1.html", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-238 vom 2019-11-16", url: "https://downloads.avaya.com/css/P8/documents/101062297", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2988-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192988-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2987-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192987-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2986-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192986-1.html", }, { category: "external", summary: "ORACLE OVMSA-2019-0054 vom 2019-11-18", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000967.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3908 vom 2019-11-19", url: "https://access.redhat.com/errata/RHSA-2019:3908", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3916 vom 2019-11-19", url: "https://access.redhat.com/errata/RHSA-2019:3916", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-242 vom 2019-11-21", url: "https://downloads.avaya.com/css/P8/documents/101062452", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-241 vom 2019-11-21", url: "https://downloads.avaya.com/css/P8/documents/101062451", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3936 vom 2019-11-20", url: "https://access.redhat.com/errata/RHSA-2019:3936", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3941 vom 2019-11-21", url: "https://access.redhat.com/errata/RHSA-2019:3941", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3091-1 vom 2019-11-29", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193091-1.html", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-4 vom 2019-12-04", url: "https://usn.ubuntu.com/4182-4/", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-3 vom 2019-12-04", url: "https://usn.ubuntu.com/4182-3/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3200-1 vom 2019-12-07", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3289-1 vom 2019-12-13", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193289-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3294-1 vom 2019-12-14", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3295-1 vom 2019-12-14", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3317-1 vom 2019-12-18", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3316-1 vom 2019-12-18", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3340-1 vom 2019-12-20", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193340-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3372-1 vom 2019-12-20", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193372-1.html", }, { category: "external", summary: "F5 Security Advisory K54164678 vom 2019-12-27", url: "https://support.f5.com/csp/article/K54164678?utm_source=f5support&utm_medium=RSS", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0555 vom 2020-02-19", url: "https://access.redhat.com/errata/RHSA-2020:0555", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0666 vom 2020-03-03", url: "https://access.redhat.com/errata/RHSA-2020:0666", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0730 vom 2020-03-05", url: "https://access.redhat.com/errata/RHSA-2020:0730", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0839 vom 2020-03-17", url: "https://access.redhat.com/errata/RHSA-2020:0839", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0834 vom 2020-03-17", url: "https://access.redhat.com/errata/RHSA-2020:0834", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0839 vom 2020-03-25", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0839-Important-CentOS-7-kernel-Security-Update-tp4645862.html", }, { category: "external", summary: "AVAYA Security Advisory ASA-2020-026 vom 2020-04-14", url: "https://downloads.avaya.com/css/P8/documents/101065862", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1465 vom 2020-04-14", url: "https://access.redhat.com/errata/RHSA-2020:1465", }, { category: "external", summary: "HPE SECURITY BULLETIN hpesbhf03966en_us vom 2020-05-05", url: "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03966en_us", }, { category: "external", summary: "HPE SECURITY BULLETIN hpesbhf03961en_us vom 2020-05-05", url: "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03961en_us", }, { category: "external", summary: "EMC Security Advisory 538629 vom 2020-06-22", url: "https://www.dell.com/support/security/de-de/details/538629/TSX-Asynchronous-Abort-TAA-CVE-2019-11135-Impact-on-Dell-EMC-Data-Protection-and-Storage-Produc", }, { category: "external", summary: "ORACLE OVMSA-2020-0026 vom 2020-06-22", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000986.html", }, { category: "external", summary: "Juniper Security Advisory JSA11026 vom 2020-07-08", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026", }, { category: "external", summary: "ORACLE OVMSA-2020-0027 vom 2020-07-13", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000990.html", }, { category: "external", summary: "libvirt Security Notice LSN-2019-0008 vom 2020-07-27", url: "http://security.libvirt.org/2019/0008.html", }, { category: "external", summary: "F5 Security Advisory K17269881 vom 2020-08-26", url: "https://support.f5.com/csp/article/K17269881", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2491-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007367.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2505-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007356.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2526-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007365.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2497-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007364.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2021-4386 vom 2021-11-16", url: "https://linux.oracle.com/errata/ELSA-2021-4386.html", }, ], source_lang: "en-US", title: "Intel Prozessoren: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-09T22:00:00.000+00:00", generator: { date: "2024-08-15T17:54:35.478+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1689", initial_release_date: "2019-11-12T23:00:00.000+00:00", revision_history: [ { date: "2019-11-12T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2019-11-13T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Citrix, Ubuntu, SUSE, Red Hat, Arch Linux und Fedora aufgenommen", }, { date: "2019-11-13T23:00:00.000+00:00", number: "3", summary: "Version nicht vorhanden", }, { date: "2019-11-13T23:00:00.000+00:00", number: "4", summary: "Version nicht vorhanden", }, { date: "2019-11-14T23:00:00.000+00:00", number: "5", summary: "Neue Updates von HP, CentOS, F5, Red Hat und AVAYA aufgenommen", }, { date: "2019-11-17T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und AVAYA aufgenommen", }, { date: "2019-11-18T23:00:00.000+00:00", number: "7", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2019-11-18T23:00:00.000+00:00", number: "8", summary: "Version nicht vorhanden", }, { date: "2019-11-19T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2019-11-20T23:00:00.000+00:00", number: "10", summary: "Neue Updates von AVAYA und Red Hat aufgenommen", }, { date: "2019-11-20T23:00:00.000+00:00", number: "11", summary: "Version nicht vorhanden", }, { date: "2019-11-21T23:00:00.000+00:00", number: "12", summary: "Referenz(en) aufgenommen: OVMSA-2019-0056", }, { date: "2019-11-28T23:00:00.000+00:00", number: "13", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-02T23:00:00.000+00:00", number: "14", summary: "Schreibfehler korrigiert", }, { date: "2019-12-03T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2019-12-08T23:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-12T23:00:00.000+00:00", number: "17", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-15T23:00:00.000+00:00", number: "18", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-17T23:00:00.000+00:00", number: "19", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-19T23:00:00.000+00:00", number: "20", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-22T23:00:00.000+00:00", number: "21", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-29T23:00:00.000+00:00", number: "22", summary: "Neue Updates von F5 aufgenommen", }, { date: "2020-01-01T23:00:00.000+00:00", number: "23", summary: "Referenz(en) aufgenommen: DLA 2051", }, { date: "2020-01-06T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-14T23:00:00.000+00:00", number: "25", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-01-22T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-26T23:00:00.000+00:00", number: "27", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2020-01-29T23:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-03T23:00:00.000+00:00", number: "29", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-04T23:00:00.000+00:00", number: "30", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-06T23:00:00.000+00:00", number: "31", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-02-19T23:00:00.000+00:00", number: "32", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-03T23:00:00.000+00:00", number: "33", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-05T23:00:00.000+00:00", number: "34", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-17T23:00:00.000+00:00", number: "35", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-25T23:00:00.000+00:00", number: "36", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2020-04-13T22:00:00.000+00:00", number: "37", summary: "Neue Updates von AVAYA aufgenommen", }, { date: "2020-04-14T22:00:00.000+00:00", number: "38", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-05-05T22:00:00.000+00:00", number: "39", summary: "Neue Updates von HPE", }, { date: "2020-06-21T22:00:00.000+00:00", number: "40", summary: "Neue Updates von EMC aufgenommen", }, { date: "2020-06-22T22:00:00.000+00:00", number: "41", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2020-07-08T22:00:00.000+00:00", number: "42", summary: "Neue Updates von Juniper aufgenommen", }, { date: "2020-07-13T22:00:00.000+00:00", number: "43", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2020-07-27T22:00:00.000+00:00", number: "44", summary: "Neue Updates von libvirt aufgenommen", }, { date: "2020-08-25T22:00:00.000+00:00", number: "45", summary: "Neue Updates von F5 aufgenommen", }, { date: "2020-09-06T22:00:00.000+00:00", number: "46", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2021-11-16T23:00:00.000+00:00", number: "47", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-07-09T22:00:00.000+00:00", number: "48", summary: "Neue Updates von Oracle Linux aufgenommen", }, ], status: "final", version: "48", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Avaya Aura Communication Manager", product: { name: "Avaya Aura Communication Manager", product_id: "T015126", product_identification_helper: { cpe: "cpe:/a:avaya:communication_manager:-", }, }, }, { category: "product_name", name: "Avaya Aura Session Manager", product: { name: "Avaya Aura Session Manager", product_id: "T015127", product_identification_helper: { cpe: "cpe:/a:avaya:session_manager:-", }, }, }, { category: "product_name", name: "Avaya Aura System Manager", product: { name: "Avaya Aura System Manager", product_id: "T015518", product_identification_helper: { cpe: "cpe:/a:avaya:aura_system_manager:-", }, }, }, { category: "product_name", name: "Avaya Media Gateway", product: { name: "Avaya Media Gateway", product_id: "T015276", product_identification_helper: { cpe: "cpe:/h:avaya:media_gateway:-", }, }, }, { category: "product_name", name: "Avaya Web License Manager", product: { name: "Avaya Web License Manager", product_id: "T016243", product_identification_helper: { cpe: "cpe:/a:avaya:web_license_manager:-", }, }, }, ], category: "vendor", name: "Avaya", }, { branches: [ { category: "product_name", name: "Citrix Systems XenServer", product: { name: "Citrix Systems XenServer", product_id: "T004077", product_identification_helper: { cpe: "cpe:/a:citrix:xenserver:-", }, }, }, ], category: "vendor", name: "Citrix Systems", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Dell Computer", product: { name: "Dell Computer", product_id: "T006498", product_identification_helper: { cpe: "cpe:/o:dell:dell_computer:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "F5 BIG-IP", product: { name: "F5 BIG-IP", product_id: "T001663", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "FreeBSD Project FreeBSD OS", product: { name: "FreeBSD Project FreeBSD OS", product_id: "4035", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:-", }, }, }, ], category: "vendor", name: "FreeBSD Project", }, { branches: [ { category: "product_name", name: "HP BIOS", product: { name: "HP BIOS", product_id: "T007117", product_identification_helper: { cpe: "cpe:/h:hp:bios:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { category: "product_name", name: "HPE ProLiant", product: { name: "HPE ProLiant", product_id: "T009310", product_identification_helper: { cpe: "cpe:/h:hp:proliant:-", }, }, }, ], category: "vendor", name: "HPE", }, { branches: [ { category: "product_name", name: "Intel AMT SDK", product: { name: "Intel AMT SDK", product_id: "T011597", product_identification_helper: { cpe: "cpe:/a:intel:active_management_technology_software_development_kit:-", }, }, }, { category: "product_name", name: "Intel Prozessor", product: { name: "Intel Prozessor", product_id: "T011586", product_identification_helper: { cpe: "cpe:/h:intel:intel_prozessor:-", }, }, }, { category: "product_name", name: "Intel Xeon", product: { name: "Intel Xeon", product_id: "T011286", product_identification_helper: { cpe: "cpe:/h:intel:xeon:-", }, }, }, ], category: "vendor", name: "Intel", }, { branches: [ { category: "product_name", name: "Juniper Junos Space < 20.1R1", product: { name: "Juniper Junos Space < 20.1R1", product_id: "T016874", product_identification_helper: { cpe: "cpe:/a:juniper:junos_space:20.1r1", }, }, }, ], category: "vendor", name: "Juniper", }, { branches: [ { category: "product_name", name: "NetApp Data ONTAP", product: { name: "NetApp Data ONTAP", product_id: "7654", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:-", }, }, }, { category: "product_name", name: "NetApp FAS", product: { name: "NetApp FAS", product_id: "T011540", product_identification_helper: { cpe: "cpe:/h:netapp:fas:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { category: "product_name", name: "Open Source Arch Linux", product: { name: "Open Source Arch Linux", product_id: "T013312", product_identification_helper: { cpe: "cpe:/o:archlinux:archlinux:-", }, }, }, { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source Xen", product: { name: "Open Source Xen", product_id: "T000611", product_identification_helper: { cpe: "cpe:/o:xen:xen:-", }, }, }, { category: "product_name", name: "Open Source libvirt < 6.0.0", product: { name: "Open Source libvirt < 6.0.0", product_id: "712004", product_identification_helper: { cpe: "cpe:/a:redhat:libvirt:6.0.0", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, { category: "product_name", name: "Oracle VM", product: { name: "Oracle VM", product_id: "T011119", product_identification_helper: { cpe: "cpe:/a:oracle:vm:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server EUS", product: { name: "Red Hat Enterprise Linux Server EUS", product_id: "T015361", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { category: "product_name", name: "Red Hat Enterprise MRG", product: { name: "Red Hat Enterprise MRG", product_id: "T003513", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_mrg:-", }, }, }, { category: "product_name", name: "Red Hat Fedora", product: { name: "Red Hat Fedora", product_id: "T007849", product_identification_helper: { cpe: "cpe:/o:redhat:fedora:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { category: "product_name", name: "VMware ESXi", product: { name: "VMware ESXi", product_id: "T009575", product_identification_helper: { cpe: "cpe:/o:vmware:esxi:-", }, }, }, { category: "product_name", name: "VMware Fusion", product: { name: "VMware Fusion", product_id: "T009574", product_identification_helper: { cpe: "cpe:/a:vmware:fusion:-", }, }, }, { category: "product_name", name: "VMware Workstation", product: { name: "VMware Workstation", product_id: "11768", product_identification_helper: { cpe: "cpe:/a:vmware:workstation:-", }, }, }, ], category: "vendor", name: "VMware", }, { branches: [ { category: "product_name", name: "Intel System Management Software", product: { name: "Intel System Management Software", product_id: "T014240", product_identification_helper: { cpe: "cpe:/a:intel:system_management_software:-", }, }, }, ], category: "vendor", name: "intel", }, ], }, vulnerabilities: [ { cve: "CVE-2018-12207", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2018-12207", }, { cve: "CVE-2019-0117", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0117", }, { cve: "CVE-2019-0123", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0123", }, { cve: "CVE-2019-0124", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0124", }, { cve: "CVE-2019-0131", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0131", }, { cve: "CVE-2019-0151", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0151", }, { cve: "CVE-2019-0152", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0152", }, { cve: "CVE-2019-0154", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0154", }, { cve: "CVE-2019-0155", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0155", }, { cve: "CVE-2019-0165", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0165", }, { cve: "CVE-2019-0166", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0166", }, { cve: "CVE-2019-0168", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0168", }, { cve: "CVE-2019-0169", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0169", }, { cve: "CVE-2019-0184", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0184", }, { cve: "CVE-2019-0185", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0185", }, { cve: "CVE-2019-11086", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11086", }, { cve: "CVE-2019-11087", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11087", }, { cve: "CVE-2019-11088", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11088", }, { cve: "CVE-2019-11089", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11089", }, { cve: "CVE-2019-11090", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11090", }, { cve: "CVE-2019-11097", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11097", }, { cve: "CVE-2019-11100", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11100", }, { cve: "CVE-2019-11101", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11101", }, { cve: "CVE-2019-11102", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11102", }, { cve: "CVE-2019-11103", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11103", }, { cve: "CVE-2019-11104", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11104", }, { cve: "CVE-2019-11105", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11105", }, { cve: "CVE-2019-11106", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11106", }, { cve: "CVE-2019-11107", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11107", }, { cve: "CVE-2019-11108", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11108", }, { cve: "CVE-2019-11109", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11109", }, { cve: "CVE-2019-11110", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11110", }, { cve: "CVE-2019-11111", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11111", }, { cve: "CVE-2019-11112", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11112", }, { cve: "CVE-2019-11113", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11113", }, { cve: "CVE-2019-11131", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11131", }, { cve: "CVE-2019-11132", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11132", }, { cve: "CVE-2019-11135", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11135", }, { cve: "CVE-2019-11136", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11136", }, { cve: "CVE-2019-11137", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11137", }, { cve: "CVE-2019-11139", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11139", }, { cve: "CVE-2019-11147", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11147", }, { cve: "CVE-2019-14574", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14574", }, { cve: "CVE-2019-14590", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14590", }, { cve: "CVE-2019-14591", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14591", }, ], }
wid-sec-w-2023-1689
Vulnerability from csaf_certbund
Published
2019-11-12 23:00
Modified
2023-07-09 22:00
Summary
Intel Prozessoren: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- F5 Networks
- BIOS/Firmware
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Der Prozessor ist das zentrale Rechenwerk eines Computers.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- F5 Networks\n- BIOS/Firmware\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1689 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-1689.json", }, { category: "self", summary: "WID-SEC-2023-1689 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1689", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3822 vom 2023-07-08", url: "https://linux.oracle.com/errata/ELSA-2023-3822.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0026 vom 2020-01-06", url: "https://access.redhat.com/errata/RHSA-2020:0026", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0028 vom 2020-01-06", url: "https://access.redhat.com/errata/RHSA-2020:0028", }, { category: "external", summary: "NetApp Security Advisory", url: "https://security.netapp.com/advisory/ntap-20191213-0001/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0334-1 vom 2020-02-06", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200334-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0204 vom 2020-01-22", url: "https://access.redhat.com/errata/RHSA-2020:0204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0328 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0328", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0366 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0366", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0339 vom 2020-02-04", url: "https://access.redhat.com/errata/RHSA-2020:0339", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0093-1 vom 2020-01-14", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0279 vom 2020-01-29", url: "https://access.redhat.com/errata/RHSA-2020:0279", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00164 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00210 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00219 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00220 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00240 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00241 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00242 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00254 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00254.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00260 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00270 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00271 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { category: "external", summary: "Intel Security Advisory INTEL-SA-00280 vom 2019-11-12", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html", }, { category: "external", summary: "Debian Security Advisory DSA-4565-1 vom 2019-11-13", url: "https://lists.debian.org/debian-security-announce/2019/msg00219.html", }, { category: "external", summary: "Debian Security Advisory DSA-4564-1 vom 2019-11-13", url: "https://lists.debian.org/debian-security-announce/2019/msg00215.html", }, { category: "external", summary: "Xen Security Advisory XSA-305 vom 2019-11-12", url: "https://xenbits.xen.org/xsa/advisory-305.html", }, { category: "external", summary: "Xen Security Advisory XSA-304 vom 2019-11-12", url: "https://xenbits.xen.org/xsa/advisory-304.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3832 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3832", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3833 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3833", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3834 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3834", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3835 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3835", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3837 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3837", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3838 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3838", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3839 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3839", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3840 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3840", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3842 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3842", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3844 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3844", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3860 vom 2019-11-12", url: "https://access.redhat.com/errata/RHSA-2019:3860", }, { category: "external", summary: "Oraclevm-errata OVMSA-2019-0052 vom 2019-11-12", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000966.html", }, { category: "external", summary: "The FreeBSD Project Security Advisory FreeBSD-SA-19:25.mcepsc vom 2019-11-12", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:25.mcepsc.asc", }, { category: "external", summary: "The FreeBSD Project Security Advisory FreeBSD-SA-19:26.mcu vom 2019-11-12", url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:26.mcu.asc", }, { category: "external", summary: "Ubuntu Security Notice USN-4187-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4187-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4188-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4188-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4186-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4186-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4185-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4185-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4184-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4184-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4183-1 vom 2019-11-12", url: "https://usn.ubuntu.com/4183-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-2 vom 2019-11-12", url: "https://usn.ubuntu.com/4182-2/", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-147 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319429/dsa-2019-147-dell-client-platform-security-update-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-166 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319434/dsa-2019-166-dell-emc-server-platform-security-advisory-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "Dell Securiy Advisory DSA-2019-153 vom 2019-11-12", url: "https://www.dell.com/support/article/de/de/debsdt1/sln319438/dsa-2019-153-dell-emc-networking-security-advisory-for-intel-platform-updates-2019-2?lang=en", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2946-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2948-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2949-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2957-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192957-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2958-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192958-1/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2959-1 vom 2019-11-12", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/", }, { category: "external", summary: "VMware Security Advisories VMSA-2019-0020 vom 2019-11-12", url: "https://www.vmware.com/security/advisories/VMSA-2019-0020.html", }, { category: "external", summary: "Ubuntu Security Notice USN-4186-3 vom 2019-11-13", url: "https://usn.ubuntu.com/4186-3/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:14217-1 vom 2019-11-13", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914217-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3873 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3873", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3872 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3872", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3877 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3877", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3878 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3878", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3872 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3872", }, { category: "external", summary: "Ubuntu Security Notice USN-4184-2 vom 2019-11-13", url: "https://usn.ubuntu.com/4184-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4183-2 vom 2019-11-13", url: "https://usn.ubuntu.com/4183-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-4185-3 vom 2019-11-13", url: "https://usn.ubuntu.com/4185-3/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3883 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3883", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201911-14 vom 2019-11-13", url: "https://security.archlinux.org/ASA-201911-14", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3870 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3870", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3871 vom 2019-11-13", url: "https://access.redhat.com/errata/RHSA-2019:3871", }, { category: "external", summary: "Citrix Hypervisor Security Update CTX263684 vom 2019-11-12", url: "https://support.citrix.com/article/CTX263684", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03971 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03971en_us", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03967 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03967en_us", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3872 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3872-Important-CentOS-7-kernel-Security-Update-tp4645757.html", }, { category: "external", summary: "F5 Security Advisory K32412503 vom 2019-11-15", url: "https://support.f5.com/csp/article/K32412503", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3834 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3834-Important-CentOS-7-kernel-Security-Update-tp4645756.html", }, { category: "external", summary: "HP Security Bulletin HPESBHF03963 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03968en_us", }, { category: "external", summary: "CentOS Security Advisory CESA-2019:3878 vom 2019-11-14", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-3878-Important-CentOS-6-kernel-Security-Update-tp4645758.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3887 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3887", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3889 vom 2019-11-14", url: "https://access.redhat.com/errata/RHSA-2019:3889", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-237 vom 2019-11-14", url: "https://downloads.avaya.com/css/P8/documents/101062296", }, { category: "external", summary: "HPE Security Bulletin HPESBHF03969 rev.1 vom 2019-11-13", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03969en_us", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2984-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:14220-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914220-1.html", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-238 vom 2019-11-16", url: "https://downloads.avaya.com/css/P8/documents/101062297", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2988-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192988-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2987-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192987-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:2986-1 vom 2019-11-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192986-1.html", }, { category: "external", summary: "ORACLE OVMSA-2019-0054 vom 2019-11-18", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000967.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3908 vom 2019-11-19", url: "https://access.redhat.com/errata/RHSA-2019:3908", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3916 vom 2019-11-19", url: "https://access.redhat.com/errata/RHSA-2019:3916", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-242 vom 2019-11-21", url: "https://downloads.avaya.com/css/P8/documents/101062452", }, { category: "external", summary: "AVAYA Security Advisory ASA-2019-241 vom 2019-11-21", url: "https://downloads.avaya.com/css/P8/documents/101062451", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3936 vom 2019-11-20", url: "https://access.redhat.com/errata/RHSA-2019:3936", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:3941 vom 2019-11-21", url: "https://access.redhat.com/errata/RHSA-2019:3941", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3091-1 vom 2019-11-29", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193091-1.html", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-4 vom 2019-12-04", url: "https://usn.ubuntu.com/4182-4/", }, { category: "external", summary: "Ubuntu Security Notice USN-4182-3 vom 2019-12-04", url: "https://usn.ubuntu.com/4182-3/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3200-1 vom 2019-12-07", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3289-1 vom 2019-12-13", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193289-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3294-1 vom 2019-12-14", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3295-1 vom 2019-12-14", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3317-1 vom 2019-12-18", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3316-1 vom 2019-12-18", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3340-1 vom 2019-12-20", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193340-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3372-1 vom 2019-12-20", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193372-1.html", }, { category: "external", summary: "F5 Security Advisory K54164678 vom 2019-12-27", url: "https://support.f5.com/csp/article/K54164678?utm_source=f5support&utm_medium=RSS", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0555 vom 2020-02-19", url: "https://access.redhat.com/errata/RHSA-2020:0555", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0666 vom 2020-03-03", url: "https://access.redhat.com/errata/RHSA-2020:0666", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0730 vom 2020-03-05", url: "https://access.redhat.com/errata/RHSA-2020:0730", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0839 vom 2020-03-17", url: "https://access.redhat.com/errata/RHSA-2020:0839", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0834 vom 2020-03-17", url: "https://access.redhat.com/errata/RHSA-2020:0834", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0839 vom 2020-03-25", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0839-Important-CentOS-7-kernel-Security-Update-tp4645862.html", }, { category: "external", summary: "AVAYA Security Advisory ASA-2020-026 vom 2020-04-14", url: "https://downloads.avaya.com/css/P8/documents/101065862", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1465 vom 2020-04-14", url: "https://access.redhat.com/errata/RHSA-2020:1465", }, { category: "external", summary: "HPE SECURITY BULLETIN hpesbhf03966en_us vom 2020-05-05", url: "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03966en_us", }, { category: "external", summary: "HPE SECURITY BULLETIN hpesbhf03961en_us vom 2020-05-05", url: "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03961en_us", }, { category: "external", summary: "EMC Security Advisory 538629 vom 2020-06-22", url: "https://www.dell.com/support/security/de-de/details/538629/TSX-Asynchronous-Abort-TAA-CVE-2019-11135-Impact-on-Dell-EMC-Data-Protection-and-Storage-Produc", }, { category: "external", summary: "ORACLE OVMSA-2020-0026 vom 2020-06-22", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000986.html", }, { category: "external", summary: "Juniper Security Advisory JSA11026 vom 2020-07-08", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026", }, { category: "external", summary: "ORACLE OVMSA-2020-0027 vom 2020-07-13", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000990.html", }, { category: "external", summary: "libvirt Security Notice LSN-2019-0008 vom 2020-07-27", url: "http://security.libvirt.org/2019/0008.html", }, { category: "external", summary: "F5 Security Advisory K17269881 vom 2020-08-26", url: "https://support.f5.com/csp/article/K17269881", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2491-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007367.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2505-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007356.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2526-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007365.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:2497-1 vom 2020-09-04", url: "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007364.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2021-4386 vom 2021-11-16", url: "https://linux.oracle.com/errata/ELSA-2021-4386.html", }, ], source_lang: "en-US", title: "Intel Prozessoren: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-09T22:00:00.000+00:00", generator: { date: "2024-08-15T17:54:35.478+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1689", initial_release_date: "2019-11-12T23:00:00.000+00:00", revision_history: [ { date: "2019-11-12T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2019-11-13T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Citrix, Ubuntu, SUSE, Red Hat, Arch Linux und Fedora aufgenommen", }, { date: "2019-11-13T23:00:00.000+00:00", number: "3", summary: "Version nicht vorhanden", }, { date: "2019-11-13T23:00:00.000+00:00", number: "4", summary: "Version nicht vorhanden", }, { date: "2019-11-14T23:00:00.000+00:00", number: "5", summary: "Neue Updates von HP, CentOS, F5, Red Hat und AVAYA aufgenommen", }, { date: "2019-11-17T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE und AVAYA aufgenommen", }, { date: "2019-11-18T23:00:00.000+00:00", number: "7", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2019-11-18T23:00:00.000+00:00", number: "8", summary: "Version nicht vorhanden", }, { date: "2019-11-19T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2019-11-20T23:00:00.000+00:00", number: "10", summary: "Neue Updates von AVAYA und Red Hat aufgenommen", }, { date: "2019-11-20T23:00:00.000+00:00", number: "11", summary: "Version nicht vorhanden", }, { date: "2019-11-21T23:00:00.000+00:00", number: "12", summary: "Referenz(en) aufgenommen: OVMSA-2019-0056", }, { date: "2019-11-28T23:00:00.000+00:00", number: "13", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-02T23:00:00.000+00:00", number: "14", summary: "Schreibfehler korrigiert", }, { date: "2019-12-03T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2019-12-08T23:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-12T23:00:00.000+00:00", number: "17", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-15T23:00:00.000+00:00", number: "18", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-17T23:00:00.000+00:00", number: "19", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-19T23:00:00.000+00:00", number: "20", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-22T23:00:00.000+00:00", number: "21", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-29T23:00:00.000+00:00", number: "22", summary: "Neue Updates von F5 aufgenommen", }, { date: "2020-01-01T23:00:00.000+00:00", number: "23", summary: "Referenz(en) aufgenommen: DLA 2051", }, { date: "2020-01-06T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-14T23:00:00.000+00:00", number: "25", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-01-22T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-26T23:00:00.000+00:00", number: "27", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2020-01-29T23:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-03T23:00:00.000+00:00", number: "29", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-04T23:00:00.000+00:00", number: "30", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-02-06T23:00:00.000+00:00", number: "31", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-02-19T23:00:00.000+00:00", number: "32", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-03T23:00:00.000+00:00", number: "33", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-05T23:00:00.000+00:00", number: "34", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-17T23:00:00.000+00:00", number: "35", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-03-25T23:00:00.000+00:00", number: "36", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2020-04-13T22:00:00.000+00:00", number: "37", summary: "Neue Updates von AVAYA aufgenommen", }, { date: "2020-04-14T22:00:00.000+00:00", number: "38", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-05-05T22:00:00.000+00:00", number: "39", summary: "Neue Updates von HPE", }, { date: "2020-06-21T22:00:00.000+00:00", number: "40", summary: "Neue Updates von EMC aufgenommen", }, { date: "2020-06-22T22:00:00.000+00:00", number: "41", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2020-07-08T22:00:00.000+00:00", number: "42", summary: "Neue Updates von Juniper aufgenommen", }, { date: "2020-07-13T22:00:00.000+00:00", number: "43", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2020-07-27T22:00:00.000+00:00", number: "44", summary: "Neue Updates von libvirt aufgenommen", }, { date: "2020-08-25T22:00:00.000+00:00", number: "45", summary: "Neue Updates von F5 aufgenommen", }, { date: "2020-09-06T22:00:00.000+00:00", number: "46", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2021-11-16T23:00:00.000+00:00", number: "47", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-07-09T22:00:00.000+00:00", number: "48", summary: "Neue Updates von Oracle Linux aufgenommen", }, ], status: "final", version: "48", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Avaya Aura Communication Manager", product: { name: "Avaya Aura Communication Manager", product_id: "T015126", product_identification_helper: { cpe: "cpe:/a:avaya:communication_manager:-", }, }, }, { category: "product_name", name: "Avaya Aura Session Manager", product: { name: "Avaya Aura Session Manager", product_id: "T015127", product_identification_helper: { cpe: "cpe:/a:avaya:session_manager:-", }, }, }, { category: "product_name", name: "Avaya Aura System Manager", product: { name: "Avaya Aura System Manager", product_id: "T015518", product_identification_helper: { cpe: "cpe:/a:avaya:aura_system_manager:-", }, }, }, { category: "product_name", name: "Avaya Media Gateway", product: { name: "Avaya Media Gateway", product_id: "T015276", product_identification_helper: { cpe: "cpe:/h:avaya:media_gateway:-", }, }, }, { category: "product_name", name: "Avaya Web License Manager", product: { name: "Avaya Web License Manager", product_id: "T016243", product_identification_helper: { cpe: "cpe:/a:avaya:web_license_manager:-", }, }, }, ], category: "vendor", name: "Avaya", }, { branches: [ { category: "product_name", name: "Citrix Systems XenServer", product: { name: "Citrix Systems XenServer", product_id: "T004077", product_identification_helper: { cpe: "cpe:/a:citrix:xenserver:-", }, }, }, ], category: "vendor", name: "Citrix Systems", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Dell Computer", product: { name: "Dell Computer", product_id: "T006498", product_identification_helper: { cpe: "cpe:/o:dell:dell_computer:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "F5 BIG-IP", product: { name: "F5 BIG-IP", product_id: "T001663", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "FreeBSD Project FreeBSD OS", product: { name: "FreeBSD Project FreeBSD OS", product_id: "4035", product_identification_helper: { cpe: "cpe:/o:freebsd:freebsd:-", }, }, }, ], category: "vendor", name: "FreeBSD Project", }, { branches: [ { category: "product_name", name: "HP BIOS", product: { name: "HP BIOS", product_id: "T007117", product_identification_helper: { cpe: "cpe:/h:hp:bios:-", }, }, }, ], category: "vendor", name: "HP", }, { branches: [ { category: "product_name", name: "HPE ProLiant", product: { name: "HPE ProLiant", product_id: "T009310", product_identification_helper: { cpe: "cpe:/h:hp:proliant:-", }, }, }, ], category: "vendor", name: "HPE", }, { branches: [ { category: "product_name", name: "Intel AMT SDK", product: { name: "Intel AMT SDK", product_id: "T011597", product_identification_helper: { cpe: "cpe:/a:intel:active_management_technology_software_development_kit:-", }, }, }, { category: "product_name", name: "Intel Prozessor", product: { name: "Intel Prozessor", product_id: "T011586", product_identification_helper: { cpe: "cpe:/h:intel:intel_prozessor:-", }, }, }, { category: "product_name", name: "Intel Xeon", product: { name: "Intel Xeon", product_id: "T011286", product_identification_helper: { cpe: "cpe:/h:intel:xeon:-", }, }, }, ], category: "vendor", name: "Intel", }, { branches: [ { category: "product_name", name: "Juniper Junos Space < 20.1R1", product: { name: "Juniper Junos Space < 20.1R1", product_id: "T016874", product_identification_helper: { cpe: "cpe:/a:juniper:junos_space:20.1r1", }, }, }, ], category: "vendor", name: "Juniper", }, { branches: [ { category: "product_name", name: "NetApp Data ONTAP", product: { name: "NetApp Data ONTAP", product_id: "7654", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:-", }, }, }, { category: "product_name", name: "NetApp FAS", product: { name: "NetApp FAS", product_id: "T011540", product_identification_helper: { cpe: "cpe:/h:netapp:fas:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { category: "product_name", name: "Open Source Arch Linux", product: { name: "Open Source Arch Linux", product_id: "T013312", product_identification_helper: { cpe: "cpe:/o:archlinux:archlinux:-", }, }, }, { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source Xen", product: { name: "Open Source Xen", product_id: "T000611", product_identification_helper: { cpe: "cpe:/o:xen:xen:-", }, }, }, { category: "product_name", name: "Open Source libvirt < 6.0.0", product: { name: "Open Source libvirt < 6.0.0", product_id: "712004", product_identification_helper: { cpe: "cpe:/a:redhat:libvirt:6.0.0", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, { category: "product_name", name: "Oracle VM", product: { name: "Oracle VM", product_id: "T011119", product_identification_helper: { cpe: "cpe:/a:oracle:vm:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server EUS", product: { name: "Red Hat Enterprise Linux Server EUS", product_id: "T015361", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { category: "product_name", name: "Red Hat Enterprise MRG", product: { name: "Red Hat Enterprise MRG", product_id: "T003513", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_mrg:-", }, }, }, { category: "product_name", name: "Red Hat Fedora", product: { name: "Red Hat Fedora", product_id: "T007849", product_identification_helper: { cpe: "cpe:/o:redhat:fedora:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { category: "product_name", name: "VMware ESXi", product: { name: "VMware ESXi", product_id: "T009575", product_identification_helper: { cpe: "cpe:/o:vmware:esxi:-", }, }, }, { category: "product_name", name: "VMware Fusion", product: { name: "VMware Fusion", product_id: "T009574", product_identification_helper: { cpe: "cpe:/a:vmware:fusion:-", }, }, }, { category: "product_name", name: "VMware Workstation", product: { name: "VMware Workstation", product_id: "11768", product_identification_helper: { cpe: "cpe:/a:vmware:workstation:-", }, }, }, ], category: "vendor", name: "VMware", }, { branches: [ { category: "product_name", name: "Intel System Management Software", product: { name: "Intel System Management Software", product_id: "T014240", product_identification_helper: { cpe: "cpe:/a:intel:system_management_software:-", }, }, }, ], category: "vendor", name: "intel", }, ], }, vulnerabilities: [ { cve: "CVE-2018-12207", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2018-12207", }, { cve: "CVE-2019-0117", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0117", }, { cve: "CVE-2019-0123", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0123", }, { cve: "CVE-2019-0124", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0124", }, { cve: "CVE-2019-0131", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0131", }, { cve: "CVE-2019-0151", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0151", }, { cve: "CVE-2019-0152", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0152", }, { cve: "CVE-2019-0154", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0154", }, { cve: "CVE-2019-0155", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0155", }, { cve: "CVE-2019-0165", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0165", }, { cve: "CVE-2019-0166", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0166", }, { cve: "CVE-2019-0168", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0168", }, { cve: "CVE-2019-0169", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0169", }, { cve: "CVE-2019-0184", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0184", }, { cve: "CVE-2019-0185", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-0185", }, { cve: "CVE-2019-11086", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11086", }, { cve: "CVE-2019-11087", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11087", }, { cve: "CVE-2019-11088", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11088", }, { cve: "CVE-2019-11089", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11089", }, { cve: "CVE-2019-11090", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11090", }, { cve: "CVE-2019-11097", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11097", }, { cve: "CVE-2019-11100", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11100", }, { cve: "CVE-2019-11101", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11101", }, { cve: "CVE-2019-11102", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11102", }, { cve: "CVE-2019-11103", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11103", }, { cve: "CVE-2019-11104", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11104", }, { cve: "CVE-2019-11105", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11105", }, { cve: "CVE-2019-11106", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11106", }, { cve: "CVE-2019-11107", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11107", }, { cve: "CVE-2019-11108", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11108", }, { cve: "CVE-2019-11109", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11109", }, { cve: "CVE-2019-11110", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11110", }, { cve: "CVE-2019-11111", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11111", }, { cve: "CVE-2019-11112", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11112", }, { cve: "CVE-2019-11113", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11113", }, { cve: "CVE-2019-11131", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11131", }, { cve: "CVE-2019-11132", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11132", }, { cve: "CVE-2019-11135", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11135", }, { cve: "CVE-2019-11136", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11136", }, { cve: "CVE-2019-11137", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11137", }, { cve: "CVE-2019-11139", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11139", }, { cve: "CVE-2019-11147", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-11147", }, { cve: "CVE-2019-14574", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14574", }, { cve: "CVE-2019-14590", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14590", }, { cve: "CVE-2019-14591", notes: [ { category: "description", text: "In Intel Prozessoren existieren mehrere Schwachstellen. Diese befinden sich in der Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), System Management Mode (SMM), Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL), Intel Graphics Treiber für Windows und Linux, Intel Processor Graphics, TSX Asynchronous Abort (TAA) und den Intel Xeon Scalable Prozessoren. Sie basieren auf einer unzureichenden Zugriffskontrolle des Speichers und des geschützten Speicher-Subsystems, Puffer Überläufen, Cross-Site Scripting Schwachstellen, unzureichender Zugriffskontrolle der Hardware Abstraktionstreiber, Logikfehlern, Fehlern bei der Eingabevalidierung, Fehlern bei der Verwaltung von Zugriffsprivilegien, Zeitproblemen im Bereich der Kryptografie, Fehlern bzgl. der Authentisierung, Speicherfehlern, Zeigerfehlern, Fehlern bei der Speicherverwaltung und Fehlern bei der Vorausberechnung von Prozessschritten. Ein Angreifer kann dieses nutzen und seine Privilegien erweitern, einen Denial of Service Angriff durchführen oder vertrauliche Daten einsehen. Die erfolgreiche Ausnutzung einiger Schwachstellen erfordert eine Benutzeraktion.", }, ], product_status: { known_affected: [ "T004077", "T006498", "67646", "4035", "T007849", "T011540", "T011286", "T015127", "T011586", "T015126", "T004914", "11768", "T015361", "T000611", "T001663", "T011119", "T015518", "T007117", "7654", "T003513", "T013312", "T011597", "T015276", "T016243", "T014240", "2951", "T002207", "T000126", "1727", "T009575", "T009310", "T009574", ], }, release_date: "2019-11-12T23:00:00.000+00:00", title: "CVE-2019-14591", }, ], }
gsd-2019-11139
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-11139", description: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", id: "GSD-2019-11139", references: [ "https://www.suse.com/security/cve/CVE-2019-11139.html", "https://www.debian.org/security/2019/dsa-4565", "https://ubuntu.com/security/CVE-2019-11139", "https://advisories.mageia.org/CVE-2019-11139.html", "https://security.archlinux.org/CVE-2019-11139", "https://alas.aws.amazon.com/cve/html/CVE-2019-11139.html", "https://linux.oracle.com/cve/CVE-2019-11139.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-11139", ], details: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", id: "GSD-2019-11139", modified: "2023-12-13T01:24:02.152230Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-11139", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "2019.2 IPU – Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation", version: { version_data: [ { version_value: "See provided reference", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { name: "openSUSE-SU-2019:2527", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { name: "openSUSE-SU-2019:2528", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { name: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", }, { name: "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/28", }, { name: "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8153_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8153:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8156_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8156:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8158_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8158:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8160_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8160:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8160f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8160f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8160m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8160m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8160t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8160t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8164_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8164:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8168_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8168:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8170_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8170:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8170m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8170m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8176_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8176:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8176f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8176f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8176m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8176m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8180_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8180:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_8180m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_8180m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5115_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5115:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5118_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5118:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5119t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5119t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5120_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5120:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5120t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5120t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_5122_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_5122:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6126_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6126:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6126f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6126f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6126t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6126t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6128_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6128:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6130_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6130:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6130f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6130f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6130t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6130t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6132_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6132:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6134_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6134:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6134m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6134m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6136_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6136:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6138_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6138:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6138f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6138f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6138t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6138t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6140_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6140:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6140m_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6140m:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6142_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6142:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6142f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6142f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6144_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6144:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6146_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6146:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6148_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6148:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6148f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6148f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6150_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6150:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6152_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6152:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_6154_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_6154:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4108_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4108:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4109t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4109t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4110_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4110:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4112_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4112:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4114_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4114:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4114t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4114t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4116_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4116:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_4116t_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_4116t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_3104_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_3104:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:xeon_3106_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:xeon_3106:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-11139", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-754", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, { name: "openSUSE-SU-2019:2527", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html", }, { name: "openSUSE-SU-2019:2528", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us", }, { name: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS", }, { name: "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update", refsource: "BUGTRAQ", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/28", }, { name: "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4, }, }, lastModifiedDate: "2022-11-11T02:39Z", publishedDate: "2019-11-14T19:15Z", }, }, }
rhea-2020:0635
Vulnerability from csaf_redhat
Published
2020-02-27 15:27
Modified
2025-03-19 15:01
Summary
Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update
Notes
Topic
An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.
Details
The microcode_ctl packages provide microcode updates for Intel x86 processors.
With this update, the Intel microcode version has been updated to microcode-20191112.
Users of microcode_ctl are advised to upgrade to these updated packages, which
add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "The microcode_ctl packages provide microcode updates for Intel x86 processors.\n\nWith this update, the Intel microcode version has been updated to microcode-20191112.\n\nUsers of microcode_ctl are advised to upgrade to these updated packages, which\nadd this enhancement.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHEA-2020:0635", url: "https://access.redhat.com/errata/RHEA-2020:0635", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_0635.json", }, ], title: "Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update", tracking: { current_release_date: "2025-03-19T15:01:55+00:00", generator: { date: "2025-03-19T15:01:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHEA-2020:0635", initial_release_date: "2020-02-27T15:27:50+00:00", revision_history: [ { date: "2020-02-27T15:27:50+00:00", number: "1", summary: "Initial version", }, { date: "2020-02-27T15:27:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:01:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)", product_id: "BaseOS-8.0.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.0::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", product: { name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", product_id: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/microcode_ctl@20180807a-2.20191112.1.el8_0?arch=x86_64&epoch=4", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", product: { name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", product_id: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", product_identification_helper: { purl: "pkg:rpm/redhat/microcode_ctl@20180807a-2.20191112.1.el8_0?arch=src&epoch=4", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)", product_id: "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", }, product_reference: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", relates_to_product_reference: "BaseOS-8.0.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)", product_id: "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", }, product_reference: "microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", relates_to_product_reference: "BaseOS-8.0.0.Z.E4S", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Intel", ], }, ], cve: "CVE-2019-0117", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-10-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1758414", }, ], notes: [ { category: "description", text: "A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory.", title: "Vulnerability description", }, { category: "summary", text: "hw: Intel SGX information leak", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0117", }, { category: "external", summary: "RHBZ#1758414", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758414", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0117", url: "https://www.cve.org/CVERecord?id=CVE-2019-0117", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0117", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0117", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "external", summary: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", }, ], release_date: "2019-11-12T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-27T15:27:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nNote: a system reboot is necessary for this update to take effect.", product_ids: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2020:0635", }, { category: "workaround", details: "As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.", product_ids: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hw: Intel SGX information leak", }, { acknowledgments: [ { names: [ "Intel", ], }, ], cve: "CVE-2019-11139", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2019-10-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1765481", }, ], notes: [ { category: "description", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "Vulnerability description", }, { category: "summary", text: "hw: voltage modulation technical advisory", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "RHBZ#1765481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1765481", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11139", url: "https://www.cve.org/CVERecord?id=CVE-2019-11139", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11139", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11139", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "external", summary: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, ], release_date: "2019-11-12T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2020-02-27T15:27:50+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nNote: a system reboot is necessary for this update to take effect.", product_ids: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2020:0635", }, { category: "workaround", details: "As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.", product_ids: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H", version: "3.0", }, products: [ "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.src", "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20191112.1.el8_0.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "hw: voltage modulation technical advisory", }, ], }
rhea-2019:3845
Vulnerability from csaf_redhat
Published
2019-11-12 22:17
Modified
2025-03-19 15:01
Summary
Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update
Notes
Topic
An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.
Details
The microcode_ctl packages provide microcode updates for Intel x86 processors.
With this update, the Intel microcode version has been updated to microcode-20191112.
Users of microcode_ctl are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "The microcode_ctl packages provide microcode updates for Intel x86 processors.\n\nWith this update, the Intel microcode version has been updated to microcode-20191112.\n\nUsers of microcode_ctl are advised to upgrade to these updated packages, which add this enhancement.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHEA-2019:3845", url: "https://access.redhat.com/errata/RHEA-2019:3845", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "external", summary: "1753062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753062", }, { category: "external", summary: "1753064", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753064", }, { category: "external", summary: "1753065", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753065", }, { category: "external", summary: "1753066", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753066", }, { category: "external", summary: "1753068", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753068", }, { category: "external", summary: "1753113", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1753113", }, { category: "external", summary: "1758414", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758414", }, { category: "external", summary: "1760200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1760200", }, { category: "external", summary: "1765481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1765481", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhea-2019_3845.json", }, ], title: "Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update", tracking: { current_release_date: "2025-03-19T15:01:25+00:00", generator: { date: "2025-03-19T15:01:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHEA-2019:3845", initial_release_date: "2019-11-12T22:17:24+00:00", revision_history: [ { date: "2019-11-12T22:17:24+00:00", number: "1", summary: "Initial version", }, { date: "2019-11-12T22:17:24+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:01:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.1.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", product: { name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", product_id: "microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/microcode_ctl@20190618-1.20191112.1.el8_1?arch=x86_64&epoch=4", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.src", product: { name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.src", product_id: "microcode_ctl-4:20190618-1.20191112.1.el8_1.src", product_identification_helper: { purl: "pkg:rpm/redhat/microcode_ctl@20190618-1.20191112.1.el8_1?arch=src&epoch=4", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", }, product_reference: "microcode_ctl-4:20190618-1.20191112.1.el8_1.src", relates_to_product_reference: "BaseOS-8.1.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", }, product_reference: "microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Intel", ], }, ], cve: "CVE-2019-0117", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2019-10-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1758414", }, ], notes: [ { category: "description", text: "A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory.", title: "Vulnerability description", }, { category: "summary", text: "hw: Intel SGX information leak", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0117", }, { category: "external", summary: "RHBZ#1758414", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1758414", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0117", url: "https://www.cve.org/CVERecord?id=CVE-2019-0117", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0117", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0117", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "external", summary: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html", }, ], release_date: "2019-11-12T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-12T22:17:24+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2019:3845", }, { category: "workaround", details: "As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.", product_ids: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hw: Intel SGX information leak", }, { acknowledgments: [ { names: [ "Intel", ], }, ], cve: "CVE-2019-11139", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2019-10-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1765481", }, ], notes: [ { category: "description", text: "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.", title: "Vulnerability description", }, { category: "summary", text: "hw: voltage modulation technical advisory", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11139", }, { category: "external", summary: "RHBZ#1765481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1765481", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11139", url: "https://www.cve.org/CVERecord?id=CVE-2019-11139", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11139", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11139", }, { category: "external", summary: "https://access.redhat.com/solutions/2019-microcode-nov", url: "https://access.redhat.com/solutions/2019-microcode-nov", }, { category: "external", summary: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", }, ], release_date: "2019-11-12T18:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-11-12T22:17:24+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2019:3845", }, { category: "workaround", details: "As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.", product_ids: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H", version: "3.0", }, products: [ "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.src", "BaseOS-8.1.0.Z.MAIN.EUS:microcode_ctl-4:20190618-1.20191112.1.el8_1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "hw: voltage modulation technical advisory", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.