Bug 1765481 (CVE-2019-11139) - CVE-2019-11139 hw: voltage modulation technical advisory
Summary: CVE-2019-11139 hw: voltage modulation technical advisory
Alias: CVE-2019-11139
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1766862 1766863 1766864 1766865 1766866 1766867 1766868 1766869 1766870 1766871 1766872 1766873 1766960 1767761 1771659
Blocks: 1752312
TreeView+ depends on / blocked
Reported: 2019-10-25 08:35 UTC by Wade Mealing
Modified: 2023-05-12 21:13 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-10-25 22:12:47 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:3845 0 None None None 2019-11-12 21:37:14 UTC
Red Hat Product Errata RHEA-2019:3846 0 None None None 2019-11-12 22:38:16 UTC

Description Wade Mealing 2019-10-25 08:35:12 UTC
A vulnerability in the voltage regulation unit for some Intel scalable processors may allow a denial of service may allow a local privileged user to crash the system.

The CVSSv3 score provided does by Intel does not match the above description and Red Hat would disagree this would be a DOS only under the provided score.  The provided score suggests that data modification is possible but with limited information this can not be proven or disproved.

A microcode update that addresses this issue will be released.

Comment 5 Wade Mealing 2019-11-12 08:25:54 UTC

Red Hat thanks Intel for reporting this issue and collaborating on the mitigations.

Comment 6 Prasad Pandit 2019-11-12 10:26:50 UTC

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov

Comment 8 Prasad Pandit 2019-11-12 10:26:56 UTC

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.

Comment 9 Prasad Pandit 2019-11-12 18:16:39 UTC
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771659]

Note You need to log in before you can comment on or make changes to this bug.