Intel CPU Speculative Execution Issue in Linux Kernel
CVE-2019-19338

5.5MEDIUM

Key Information:

Vendor

[unknown]

Status
Linux Kernel
Vendor
CVE Published:
13 July 2020

What is CVE-2019-19338?

A flaw exists in the way Intel CPUs handle speculative execution during a TSX Asynchronous Abort (TAA) error, specifically in Linux kernel versions prior to 5.5. This vulnerability impacts guests running on Cascade Lake CPUs, especially when the host has 'TSX' enabled. If the guest is not affected by the Microarchitectural Data Sampling (MDS) issue, it may fail to properly utilize a mechanism called VERW to clear the sensitive buffers during a TAA event. Consequently, this oversight poses a significant risk to data confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux Kernel before 5.5

References

https://www.openwall.com/lists/oss-security/2019/12/10/3
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338
x_refsource_CONFIRM
https://software.intel.com/security-software-guidance/ins...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.