Bug 1753062 (CVE-2019-11135) - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
Summary: CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-11135
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1764049 1764050 1764051 1764052 1764053 1764054 1764055 1764056 1764057 1764058 1764059 1764060 1766530 1766531 1766532 1766533 1766534 1766535 1766536 1766537 1766538 1766539 1766540 1766541 1766543 1766544 1766545 1766546 1766547 1766548 1766550 1766551 1766552 1766553 1766966 1766967 1766980 1766981 1766986 1770156 1770746 1770747 1771649 1771650 1771948 1771949 1771950 1771951 1771952 1771953 1771955 1771956 1771957 1771958 1771959 1771960 1771961 1771962 1771963 1771964 1771965 1771966 1771967 1771968 1771970 1771971 1771972 1771973 1779528 1779529 1779530 1779553 1779676 1779677 1779766 1779767 1779768 1779771 1782069 1782070
Blocks: 1752312 1768825 1768826 1768827 1768828 1768829 1768830
TreeView+ depends on / blocked
 
Reported: 2019-09-18 01:42 UTC by Wade Mealing
Modified: 2020-04-14 13:13 UTC (History)
95 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.
Clone Of:
Environment:
Last Closed: 2019-11-13 00:51:23 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3866 None None None 2019-11-13 15:53:30 UTC
Red Hat Product Errata RHBA-2019:3886 None None None 2019-11-14 15:29:59 UTC
Red Hat Product Errata RHBA-2019:4120 None None None 2019-12-09 21:41:33 UTC
Red Hat Product Errata RHEA-2019:3845 None None None 2019-11-12 21:37:07 UTC
Red Hat Product Errata RHEA-2019:3846 None None None 2019-11-12 22:38:10 UTC
Red Hat Product Errata RHSA-2019:3832 None None None 2019-11-12 19:53:58 UTC
Red Hat Product Errata RHSA-2019:3833 None None None 2019-11-12 19:08:55 UTC
Red Hat Product Errata RHSA-2019:3834 None None None 2019-11-12 20:46:59 UTC
Red Hat Product Errata RHSA-2019:3835 None None None 2019-11-12 19:25:30 UTC
Red Hat Product Errata RHSA-2019:3836 None None None 2019-11-12 20:57:17 UTC
Red Hat Product Errata RHSA-2019:3837 None None None 2019-11-12 20:44:48 UTC
Red Hat Product Errata RHSA-2019:3838 None None None 2019-11-12 20:45:48 UTC
Red Hat Product Errata RHSA-2019:3839 None None None 2019-11-12 21:33:40 UTC
Red Hat Product Errata RHSA-2019:3840 None None None 2019-11-12 21:19:14 UTC
Red Hat Product Errata RHSA-2019:3841 None None None 2019-11-12 20:58:59 UTC
Red Hat Product Errata RHSA-2019:3842 None None None 2019-11-12 21:09:19 UTC
Red Hat Product Errata RHSA-2019:3843 None None None 2019-11-12 21:10:18 UTC
Red Hat Product Errata RHSA-2019:3844 None None None 2019-11-12 21:07:49 UTC
Red Hat Product Errata RHSA-2019:3860 None None None 2019-11-12 20:10:43 UTC
Red Hat Product Errata RHSA-2019:3936 None None None 2019-11-20 20:50:46 UTC
Red Hat Product Errata RHSA-2020:0026 None None None 2020-01-06 14:12:26 UTC
Red Hat Product Errata RHSA-2020:0028 None None None 2020-01-06 14:41:02 UTC
Red Hat Product Errata RHSA-2020:0204 None None None 2020-01-22 21:25:05 UTC
Red Hat Product Errata RHSA-2020:0279 None None None 2020-01-29 14:16:37 UTC
Red Hat Product Errata RHSA-2020:0366 None None None 2020-02-04 19:29:43 UTC
Red Hat Product Errata RHSA-2020:0555 None None None 2020-02-19 18:58:06 UTC
Red Hat Product Errata RHSA-2020:0666 None None None 2020-03-03 15:17:58 UTC
Red Hat Product Errata RHSA-2020:0730 None None None 2020-03-05 15:04:55 UTC

Description Wade Mealing 2019-09-18 01:42:31 UTC
A flaw was found in the implementation of Intel Transactional Synchronization Extensions (TSX) abortion where a local authenticated attacker with the ability to monitor execution time is able to infer TSX memory state by comparing abort execution times.

This could allow information disclosure via this observed sidechannel for any TSX transaction being executed while an attacker is able to observe abort timing.

Comment 16 Prasad J Pandit 2019-11-12 09:05:14 UTC
Mitigation:

For mitigation related information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/solutions/tsx-asynchronousabort

Comment 17 Prasad J Pandit 2019-11-12 09:11:19 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort

Comment 18 Prasad J Pandit 2019-11-12 09:13:09 UTC
Acknowledgments:

Red Hat thanks Intel and industry partners for reporting this issue and collaborating on the mitigations for the same.

Comment 19 Prasad J Pandit 2019-11-12 18:08:27 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1771649]


Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771650]

Comment 21 errata-xmlrpc 2019-11-12 19:08:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3833 https://access.redhat.com/errata/RHSA-2019:3833

Comment 22 errata-xmlrpc 2019-11-12 19:25:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3835 https://access.redhat.com/errata/RHSA-2019:3835

Comment 23 errata-xmlrpc 2019-11-12 19:53:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3832 https://access.redhat.com/errata/RHSA-2019:3832

Comment 24 errata-xmlrpc 2019-11-12 20:10:39 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:3860 https://access.redhat.com/errata/RHSA-2019:3860

Comment 25 errata-xmlrpc 2019-11-12 20:44:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:3837 https://access.redhat.com/errata/RHSA-2019:3837

Comment 26 errata-xmlrpc 2019-11-12 20:45:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3838 https://access.redhat.com/errata/RHSA-2019:3838

Comment 27 errata-xmlrpc 2019-11-12 20:46:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3834 https://access.redhat.com/errata/RHSA-2019:3834

Comment 28 errata-xmlrpc 2019-11-12 20:57:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836

Comment 29 errata-xmlrpc 2019-11-12 20:58:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3841

Comment 30 errata-xmlrpc 2019-11-12 21:07:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:3844 https://access.redhat.com/errata/RHSA-2019:3844

Comment 31 errata-xmlrpc 2019-11-12 21:09:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:3842 https://access.redhat.com/errata/RHSA-2019:3842

Comment 32 errata-xmlrpc 2019-11-12 21:10:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:3843 https://access.redhat.com/errata/RHSA-2019:3843

Comment 33 errata-xmlrpc 2019-11-12 21:19:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:3840 https://access.redhat.com/errata/RHSA-2019:3840

Comment 34 errata-xmlrpc 2019-11-12 21:33:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:3839 https://access.redhat.com/errata/RHSA-2019:3839

Comment 35 Product Security DevOps Team 2019-11-13 00:51:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-11135

Comment 43 errata-xmlrpc 2019-11-20 20:50:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3936

Comment 64 errata-xmlrpc 2020-01-06 14:12:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0026

Comment 65 errata-xmlrpc 2020-01-06 14:40:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0028

Comment 66 errata-xmlrpc 2020-01-22 21:25:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204

Comment 68 errata-xmlrpc 2020-01-29 14:16:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0279 https://access.redhat.com/errata/RHSA-2020:0279

Comment 69 errata-xmlrpc 2020-02-04 19:29:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366

Comment 70 errata-xmlrpc 2020-02-19 18:58:02 UTC
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.1.0

Via RHSA-2020:0555 https://access.redhat.com/errata/RHSA-2020:0555

Comment 71 errata-xmlrpc 2020-03-03 15:17:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0666 https://access.redhat.com/errata/RHSA-2020:0666

Comment 72 errata-xmlrpc 2020-03-05 15:04:50 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730


Note You need to log in before you can comment on or make changes to this bug.