Bug 1758414 (CVE-2019-0117)

Summary: CVE-2019-0117 hw: Intel SGX information leak
Product: [Other] Security Response Reporter: Wade Mealing <wmealing>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aarapov, esyr, jarodwilson, jonathan, mikedep333, pmatouse, poros, security-response-team, skozina, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:12:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1766434, 1766435, 1766436, 1766437, 1766438, 1766439, 1766440, 1766441, 1766442, 1766443, 1766444, 1766923, 1767753, 1771648    
Bug Blocks: 1752312    

Description Wade Mealing 2019-10-04 05:13:57 UTC 
A flaw was found in the implementation of SGX around the access control of protected memory.  A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory.
Comment 7 Wade Mealing 2019-11-12 08:25:15 UTC 
Acknowledgements:

Red Hat thanks Intel for reporting this issue and collaborating on the mitigations.
Comment 8 Prasad Pandit 2019-11-12 09:32:37 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov
Comment 10 Prasad Pandit 2019-11-12 09:32:41 UTC 
Mitigation:

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.
Comment 11 Prasad Pandit 2019-11-12 18:08:15 UTC 
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771648]
Comment 12 Prasad Pandit 2019-11-12 18:38:38 UTC 
External References:

https://access.redhat.com/solutions/2019-microcode-nov
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html