{"vulnerability": "CVE-2019-1113", "sightings": [{"uuid": "676ad2dd-efcc-4efc-8663-ab660e680317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "published-proof-of-concept", "source": "https://t.me/QubesOS/372", "content": "QSB #053: TSX Asynchronous Abort speculative side channel (XSA-305)\nhttps://www.qubes-os.org/news/2019/11/13/qsb-053/\n\nWe have just published Qubes Security Bulletin (QSB) #053: \nTSX Asynchronous Abort speculative side channel (XSA-305).\nThe text of this QSB is reproduced below. This QSB and its accompanying\nsignatures will always be available in the Qubes Security Pack (qubes-secpack).\n\nView QSB #053 in the qubes-secpack:\n\nhttps://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-053-2019.txt\n\nLearn about the qubes-secpack, including how to obtain, verify, and read it:\n\nhttps://www.qubes-os.org/security/pack/\n\nView all past QSBs:\n\nhttps://www.qubes-os.org/security/bulletins/\n\nNote: Typically, XSAs have a predisclosure period, during which the XSA is\nembargoed, which gives the Qubes Security Team time to analyze it and\nprepare patches and an announcement. However, XSA-305 had no embargo period,\nso the Qubes Security Team had no advance notice of it before it was publicly\nannounced. For this reason, QSB #053 is being initially published without\ndetached signatures from the Qubes Security Team. These signatures will be added\nshortly after publication, as soon as Qubes Security Team members have a chance\nto create them. Readers who wish to verify the authenticity of this QSB can\nstill check the signed tag on the commit that added this QSB to the\nqubes-secpack repo:\n\nhttps://github.com/QubesOS/qubes-secpack/commit/59b39c645015c3d1bfce5d633ab55d8ed88aeb0b\n\n\n\n             ---===[ Qubes Security Bulletin #53 ]===---\n\n                             2019-11-13\n\n\n    TSX Asynchronous Abort speculative side channel (XSA-305)\n\nSummary\n========\n\nOn 2019-11-12, the Xen Security Team published Xen Security Advisory\n305 (CVE-2019-11135 / XSA-305) [1] with the following description:\n\n| This is very closely related to the Microarchitectural Data Sampling\n| vulnerabilities from May 2019.\n| \n| Please see https://xenbits.xen.org/xsa/advisory-297.html for details\n| about MDS.\n| \n| A new way to sample data from microarchitectural structures has been\n| identified.  A TSX Asynchronous Abort is a state which occurs between a\n| transaction definitely aborting (usually for reasons outside of the\n| pipeline's control e.g. receiving an interrupt), and architectural state\n| being rolled back to start of the transaction.\n| \n| During this period, speculative execution may be able to infer the value\n| of data in the microarchitectural structures.\n| \n| For more details, see:\n|   https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort\n| \n| An attacker, which could include a malicious untrusted user process on a\n| trusted guest, or an untrusted guest, can sample the content of\n| recently-used memory operands and IO Port writes.\n| \n| This can include data from:\n| \n|  * A previously executing context (process, or guest, or\n|    hypervisor/toolstack) at the same privilege level.\n|  * A higher privilege context (kernel, hypervisor, SMM) which\n|    interrupted the attacker's execution.\n| \n| Vulnerable data is that on the same physical core as the attacker.  This\n| includes, when hyper-threading is enabled, adjacent threads.\n| \n| An attacker cannot use this vulnerability to target specific data.  An\n| attack would likely require sampling over a period of time and the\n| application of statistical methods to reconstruct interesting data.\n\nThis is yet another CPU hardware bug related to speculative execution.\n\nOnly Intel processors are affected.\n\nNote: There was no embargo period for this XSA.\n\nPatching\n=========\n\nThe Xen Project has provided patches that mitigate this issue. A CPU\nmicrocode update is required to take advantage of them. Note that\nmicrocode updates may not be available for older CPUs. (See the Intel\nadvisory linked above for details.)\n\nThe specific packages that resolve the problems discussed in this\nbulletin are as follows:\n\n  For Qubes 4.0:", "creation_timestamp": "2019-11-14T14:03:02.000000Z"}, {"uuid": "e66f8dca-38ce-41d8-87f8-6d05cd12238c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11139", "type": "seen", "source": "https://t.me/ctinow/184558", "content": "https://ift.tt/xJnDIKQ\nCVE-2019-11139 | Intel Xeon Voltage Modulation Interface unusual condition (K42433061)", "creation_timestamp": "2024-02-14T11:51:16.000000Z"}, {"uuid": "deb77f02-fd9a-4f8d-b33c-1b97c8bcf741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "seen", "source": "https://t.me/antichat/7025", "content": "RED HAT VULNERABILITY RESPONSE\nRed Hat Product Security is aware of a series of vulnerabilities - CVE-2018-12207 - Machine Check Error on Page Size Change, CVE-2019-11135 - TSX Asynchronous Abort, and CVE-2019-0155, CVE-2019-0154 - i915 graphics driver.\n\nToday, a series of three Common Exposures and Vulnerabilities (CVE-2018-12207 - Machine Check Error on Page Size Change, CVE-2019-11135 - TSX Asynchronous Abort, and CVE-2019-0155, CVE-2019-0154 - i915 graphics driver) affecting Intel CPUs were made public. If exploited, these CVEs could potentially allow malicious actors to gain read access to sensitive data. To help provide more context around this vulnerability from an open source technology perspective, Red Hat Product Security is providing several resources around the impact of these three CVEs on our customers and the enterprise IT community.\nSeverity:\n \u2022 Red Hat rates CVE-2018-12207, Machine Check Error on Page Size Change, as having a security impact of IMPORTANT severity.\n \u2022 Red Hat rates CVE-2019-11135, TSX Asynchronous Abort, as having a security impact of MODERATE severity.\n \u2022 Red Hat rates CVE-2019-0155 as IMPORTANT and CVE-2019-0154, both i915 graphics driver, as having a security impact of MODERATE .\nMore detailed overviews of these vulnerabilities have been published by Red Hat and are available publicly via the Red Hat Customer Portal:\n \u2022 https://access.redhat.com/security/vulnerabilities/ifu-page-mce\n \u2022 https://access.redhat.com/solutions/tsx-asynchronousabort\n \u2022 https://access.redhat.com/solutions/i915-graphics\n\nCustomer Action:\nRed Hat customers running affected versions of these Red Hat products are strongly recommended to update them as soon as the erratas are available. Customers are urged to apply the available updates immediately and enable the mitigations as they feel appropriate. Customers running Red Hat products with our Certified Cloud Provider Partners should contact their Cloud provider for further details.", "creation_timestamp": "2019-11-12T23:17:42.000000Z"}, {"uuid": "bf5d400a-dbc2-4f5d-b6c4-ad790eebc541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "seen", "source": "https://t.me/alexmakus/3138", "content": "RED HAT VULNERABILITY RESPONSE\nRed Hat Product Security is aware of a series of vulnerabilities - CVE-2018-12207 - Machine Check Error on Page Size Change, CVE-2019-11135 - TSX Asynchronous Abort, and CVE-2019-0155, CVE-2019-0154 - i915 graphics driver.\n\nToday, a series of three Common Exposures and Vulnerabilities (CVE-2018-12207 - Machine Check Error on Page Size Change, CVE-2019-11135 - TSX Asynchronous Abort, and CVE-2019-0155, CVE-2019-0154 - i915 graphics driver) affecting Intel CPUs were made public. If exploited, these CVEs could potentially allow malicious actors to gain read access to sensitive data. To help provide more context around this vulnerability from an open source technology perspective, Red Hat Product Security is providing several resources around the impact of these three CVEs on our customers and the enterprise IT community.\nSeverity:\n \u2022 Red Hat rates CVE-2018-12207, Machine Check Error on Page Size Change, as having a security impact of IMPORTANT severity.\n \u2022 Red Hat rates CVE-2019-11135, TSX Asynchronous Abort, as having a security impact of MODERATE severity.\n \u2022 Red Hat rates CVE-2019-0155 as IMPORTANT and CVE-2019-0154, both i915 graphics driver, as having a security impact of MODERATE .\nMore detailed overviews of these vulnerabilities have been published by Red Hat and are available publicly via the Red Hat Customer Portal:\n \u2022 https://access.redhat.com/security/vulnerabilities/ifu-page-mce\n \u2022 https://access.redhat.com/solutions/tsx-asynchronousabort\n \u2022 https://access.redhat.com/solutions/i915-graphics\n\nCustomer Action:\nRed Hat customers running affected versions of these Red Hat products are strongly recommended to update them as soon as the erratas are available. Customers are urged to apply the available updates immediately and enable the mitigations as they feel appropriate. Customers running Red Hat products with our Certified Cloud Provider Partners should contact their Cloud provider for further details.\n\n\u0410\u041f\u0414 \u043f\u043e\u0447\u0438\u043d\u0438\u043b \u0441\u0441\u044b\u043b\u043a\u0438", "creation_timestamp": "2019-11-13T14:55:03.000000Z"}, {"uuid": "c98d3730-dc2d-4040-b2bc-94710cd65e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5977", "content": "|       CVE-2021-3569   2.1     https://vulners.com/cve/CVE-2021-3569\n|       CVE-2021-3527   2.1     https://vulners.com/cve/CVE-2021-3527                               |       CVE-2021-3446   2.1     https://vulners.com/cve/CVE-2021-3446                               |       CVE-2021-3416   2.1     https://vulners.com/cve/CVE-2021-3416                               |       CVE-2021-20320  2.1     https://vulners.com/cve/CVE-2021-20320\n|       CVE-2021-20297  2.1     https://vulners.com/cve/CVE-2021-20297                              |       CVE-2021-20257  2.1     https://vulners.com/cve/CVE-2021-20257                              |       CVE-2021-20239  2.1     https://vulners.com/cve/CVE-2021-20239                              |       CVE-2021-20221  2.1     https://vulners.com/cve/CVE-2021-20221\n|       CVE-2020-25743  2.1     https://vulners.com/cve/CVE-2020-25743\n|       CVE-2020-12458  2.1     https://vulners.com/cve/CVE-2020-12458\n|       CVE-2020-10756  2.1     https://vulners.com/cve/CVE-2020-10756\n|       CVE-2019-18391  2.1     https://vulners.com/cve/CVE-2019-18391\n|       CVE-2019-14826  2.1     https://vulners.com/cve/CVE-2019-14826\n|       CVE-2019-13313  2.1     https://vulners.com/cve/CVE-2019-13313                              |       CVE-2019-12067  2.1     https://vulners.com/cve/CVE-2019-12067                              |       CVE-2019-11884  2.1     https://vulners.com/cve/CVE-2019-11884                              |       CVE-2019-11833  2.1     https://vulners.com/cve/CVE-2019-11833                              |       CVE-2019-11135  2.1     https://vulners.com/cve/CVE-2019-11135                              |       CVE-2019-10183  2.1     https://vulners.com/cve/CVE-2019-10183                              |       CVE-2018-16878  2.1     https://vulners.com/cve/CVE-2018-16878                              |       CVE-2004-0554   2.1     https://vulners.com/cve/CVE-2004-0554                               |       1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    2.1       https://vulners.com/githubexploit/1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    *EXPLOIT*\n|       CVE-2023-1289   1.9     https://vulners.com/cve/CVE-2023-1289\n|       CVE-2022-25310  1.9     https://vulners.com/cve/CVE-2022-25310                              |       CVE-2022-25309  1.9     https://vulners.com/cve/CVE-2022-25309                              |       CVE-2021-4217   1.9     https://vulners.com/cve/CVE-2021-4217                               |       CVE-2021-3753   1.9     https://vulners.com/cve/CVE-2021-3753                               |       CVE-2021-3602   1.9     https://vulners.com/cve/CVE-2021-3602                               |       CVE-2020-25656  1.9     https://vulners.com/cve/CVE-2020-25656                              |       CVE-2019-2634   1.9     https://vulners.com/cve/CVE-2019-2634                               |       CVE-2019-2535   1.9     https://vulners.com/cve/CVE-2019-2535                               |       CVE-2019-18660  1.9     https://vulners.com/cve/CVE-2019-18660\n|       PRION:CVE-2023-22024    1.7     https://vulners.com/prion/PRION:CVE-2023-22024\n|       CVE-2023-3161   1.7     https://vulners.com/cve/CVE-2023-3161\n|       CVE-2023-28328  1.7     https://vulners.com/cve/CVE-2023-28328\n|       CVE-2023-28327  1.7     https://vulners.com/cve/CVE-2023-28327\n|       CVE-2023-2700   1.7     https://vulners.com/cve/CVE-2023-2700\n|       CVE-2023-2602   1.7     https://vulners.com/cve/CVE-2023-2602\n|       CVE-2023-1981   1.7     https://vulners.com/cve/CVE-2023-1981\n|       CVE-2023-1095   1.7     https://vulners.com/cve/CVE-2023-1095                               |       CVE-2022-2153   1.7     https://vulners.com/cve/CVE-2022-2153\n|       CVE-2022-1263   1.7     https://vulners.com/cve/CVE-2022-1263", "creation_timestamp": "2023-11-15T16:53:03.000000Z"}, {"uuid": "58bbc81c-4520-4a26-b09a-8489bc465c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11132", "type": "seen", "source": "https://t.me/ctinow/208815", "content": "https://ift.tt/CIBnXcJ\nCVE-2019-11132 | Intel AMT up to 11.8.69/11.11.69/11.22.69/12.0.44 Subsystem cross site scripting", "creation_timestamp": "2024-03-15T14:52:13.000000Z"}, {"uuid": "11483e2a-a2a1-4884-a3dd-d63415aaef44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11131", "type": "seen", "source": "https://t.me/ctinow/208771", "content": "https://ift.tt/a4ydpRM\nCVE-2019-11131 | Intel AMT up to 11.8.69/11.11.69/11.22.69/12.0.44 Subsystem privileges management", "creation_timestamp": "2024-03-15T14:21:57.000000Z"}, {"uuid": "40827570-9c80-4584-bb58-39e617c70e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11136", "type": "seen", "source": "https://t.me/ctinow/184552", "content": "https://ift.tt/r9oUD4N\nCVE-2019-11136 | Intel Xeon Access Control privileges management (K56215245)", "creation_timestamp": "2024-02-14T11:21:35.000000Z"}, {"uuid": "19ffa380-a13f-4df7-9322-98a7ab30de08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11137", "type": "seen", "source": "https://t.me/ctinow/184557", "content": "https://ift.tt/NhJMadC\nCVE-2019-11137 | Intel Xeon/Atom System Firmware input validation (K56215245)", "creation_timestamp": "2024-02-14T11:51:15.000000Z"}, {"uuid": "895e315f-e5d7-413c-b88a-7e2b583098de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "seen", "source": "https://t.me/VulnerabilityNews/15857", "content": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\nPublished at: July 13, 2020 at 07:15PM\nView on website", "creation_timestamp": "2020-07-13T20:46:13.000000Z"}, {"uuid": "c9c8b86a-3720-49f1-9530-f4dbad1b2213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "seen", "source": "https://t.me/ctinow/182790", "content": "https://ift.tt/wcveaVu\nCVE-2019-11135 | Microsoft Windows up to Server 2019 Kernel information disclosure (RHSA-2019:3936)", "creation_timestamp": "2024-02-11T14:36:29.000000Z"}, {"uuid": "5823cb38-526b-41b6-b0ca-347410069cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11135", "type": "seen", "source": "https://t.me/cibsecurity/13429", "content": "ATENTION\u203c New - CVE-2019-19338\n\nA flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-13T20:55:10.000000Z"}]}