Bug 1753062 (CVE-2019-11135)
| Summary: | CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aarapov, acaringi, airlied, areis, asavkov, berrange, bhu, blc, brdeoliv, bskeggs, chayang, dblechte, dfediuck, dhoward, dvlasenk, eblake, eedri, ehabkost, esammons, esyr, fhrbata, gsuckevi, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jdenemar, jen, jeremy, jferlan, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jsuchane, jthierry, jwboyer, kernel-maint, kernel-mgr, kgrant, knoel, labbott, lgoncalv, libvirt-maint, lilu, linville, masami256, matt, mchehab, mcressma, mgoldboi, michal.skrivanek, mikedep333, mjg59, mkenneth, mlangsdo, mprpic, mrezanin, mst, mvanderw, nmurray, osoukup, pbonzini, pkrempa, plougher, pmatouse, poros, ppandit, qzhao, rbalakri, rhandlin, ribarry, rt-maint, rvrbovsk, sbonazzo, security-response-team, sherold, skozina, steved, trix, virt-maint, williams, ycote, ykopkova, yozone, yturgema, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing.
Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution.
While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-11-13 00:51:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1764049, 1764050, 1764051, 1764052, 1764053, 1764054, 1764055, 1764056, 1764057, 1764058, 1764059, 1764060, 1766530, 1766531, 1766532, 1766533, 1766534, 1766535, 1766536, 1766537, 1766538, 1766539, 1766540, 1766541, 1766543, 1766544, 1766545, 1766546, 1766547, 1766548, 1766550, 1766551, 1766552, 1766553, 1766966, 1766967, 1766980, 1766981, 1766986, 1770156, 1770746, 1770747, 1771649, 1771650, 1771948, 1771949, 1771950, 1771951, 1771952, 1771953, 1771955, 1771956, 1771957, 1771958, 1771959, 1771960, 1771961, 1771962, 1771963, 1771964, 1771965, 1771966, 1771967, 1771968, 1771970, 1771971, 1771972, 1771973, 1779528, 1779529, 1779530, 1779553, 1779676, 1779677, 1779766, 1779767, 1779768, 1779771, 1782069, 1782070 | ||
| Bug Blocks: | 1752312, 1768825, 1768826, 1768827, 1768828, 1768829, 1768830 | ||
|
Description
Wade Mealing
2019-09-18 01:42:31 UTC
Mitigation: For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1771649] Created microcode_ctl tracking bugs for this issue: Affects: fedora-all [bug 1771650] External References: https://access.redhat.com/solutions/tsx-asynchronousabort https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3833 https://access.redhat.com/errata/RHSA-2019:3833 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3835 https://access.redhat.com/errata/RHSA-2019:3835 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3832 https://access.redhat.com/errata/RHSA-2019:3832 This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:3860 https://access.redhat.com/errata/RHSA-2019:3860 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3837 https://access.redhat.com/errata/RHSA-2019:3837 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3838 https://access.redhat.com/errata/RHSA-2019:3838 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3834 https://access.redhat.com/errata/RHSA-2019:3834 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3841 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:3844 https://access.redhat.com/errata/RHSA-2019:3844 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:3842 https://access.redhat.com/errata/RHSA-2019:3842 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:3843 https://access.redhat.com/errata/RHSA-2019:3843 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:3840 https://access.redhat.com/errata/RHSA-2019:3840 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:3839 https://access.redhat.com/errata/RHSA-2019:3839 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11135 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3936 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0026 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0028 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0279 https://access.redhat.com/errata/RHSA-2020:0279 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.1.0 Via RHSA-2020:0555 https://access.redhat.com/errata/RHSA-2020:0555 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:0666 https://access.redhat.com/errata/RHSA-2020:0666 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730 Statement: libvirt and qemu-kvm on Red Hat Enterprise Linux 6 are not affected by this vulnerability as they do not support MSR-based CPU features. |