Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0322 INTEL-SA-00270 - TSX Asynchronous Abort Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Core Processor Intel Xeon Processor Intel Xeon Scalable Processor Intel Pentium Gold Processor Intel Celeron Processor Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11135 Member content until: Friday, December 13 2019 Reference: ESB-2019.4247 ESB-2019.4246 OVERVIEW Intel has discovered vulnerabilities in the following products: o Intel Core Processor o Intel Xeon Processor o Intel Xeon Scalable Processor o Intel Pentium Gold Processor o Intel Celeron Processor  IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00270 Advisory Category: Hardware Impact of vulnerability : Information Disclosure Severity rating : Medium Original release: 11/12/2019 Last revised: 11/12/2019"  "CVEID: CVE-2019-11135 Description: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVSS Base Score: 6.5 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"  MITIGATION Intel recommends: "...that users of the affected Intel Processors listed above, update to the latest firmware version provided by the system manufacturer that addresses these issues." "For additional microcode information, see here." REFERENCES  INTEL-SA-00270 - TSX Asynchronous Abort Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html  Intel microcode update guidance https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.0.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcuJymaOgq3Tt24GAQh8JRAAprudr7k8zQIAZZgOpYI8NFfNtIrMzu2c kMmgpPXYZDYDp3LX93ZnvJyH0lh/91mZHH5D3et7StiCel/tJzzTyb55znfFwAyG Bibhk3QSASFkQWfB4kXJhpp1JsfRvOBcgymJMRCkOtgvoxa1OOXctcmQ7w8QX+xL 8YBrBZCUhMgB3WGaWqld+GmO5W8TTXB/WuqUkUyLe/QMNy8dJtYS8xK0ZR5EVRPO keJpwb12d294HS7c+LJqHAXwCDLuJNTKnVRbB1yytw9Z0KKj/KIXy/OmZJkb4r1e e2nTEhV/woVlNXQfEW+gqIpZPTfEMTi6FpK2lpr/A9OnP8c6nxTXcqaGwAlLrNph hoijTj9q66sqQtl0el5E8NLjfiKNW5uwxcmNHwrY8zcfEsUN0ko7Z7x7DPcELswS HWbAoJ9abPJNlgYetPHYufyW+RMUHAlN9zq3kW1xYT5Xhx2QiE2EZUUoVpXv6ctY gKH1ew9aJauaJL+B2ORp+fYO24RUgWDoTSSIcpTuC1wznqWvyA0iWAmBrSJsZqeS PT6RCRC4HFFuiskGQuJ7QDE0GjbttwRU0XScqZhtPbKIhQPjwvizmqg+KQb2VUZt qgbYdukZmGHOIkMwpNcSVH0pEi6nFiFgWVdeWEN456JK8ndvmG1QlkVmrscEXtLQ zf3pvq0uoLc= =r5zp -----END PGP SIGNATURE-----