Bug 1765481 (CVE-2019-11139) - CVE-2019-11139 hw: voltage modulation technical advisory
Summary: CVE-2019-11139 hw: voltage modulation technical advisory
Keywords:
Status: NEW
Alias: CVE-2019-11139
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1766871 1766873 1766862 1766863 1766864 1766865 1766866 1766867 1766868 1766869 1766870 1766872 1766960 1767761 1771659
Blocks: 1752312
TreeView+ depends on / blocked
 
Reported: 2019-10-25 08:35 UTC by Wade Mealing
Modified: 2019-11-12 22:38 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:3845 None None None 2019-11-12 21:37:14 UTC
Red Hat Product Errata RHEA-2019:3846 None None None 2019-11-12 22:38:16 UTC

Description Wade Mealing 2019-10-25 08:35:12 UTC
A vulnerability in the voltage regulation unit for some Intel scalable processors may allow a denial of service may allow a local privileged user to crash the system.

The CVSSv3 score provided does by Intel does not match the above description and Red Hat would disagree this would be a DOS only under the provided score.  The provided score suggests that data modification is possible but with limited information this can not be proven or disproved.

A microcode update that addresses this issue will be released.

Comment 5 Wade Mealing 2019-11-12 08:25:54 UTC
Acknowledgements:

Red Hat thanks Intel for reporting this issue and collaborating on the mitigations.

Comment 6 Prasad J Pandit 2019-11-12 10:26:50 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov

Comment 8 Prasad J Pandit 2019-11-12 10:26:56 UTC
Mitigation:

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.

Comment 9 Prasad J Pandit 2019-11-12 18:16:39 UTC
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771659]


Note You need to log in before you can comment on or make changes to this bug.