Intel CPU Speculative Execution Issue in Linux Kernel
CVE-2019-19338

5.5MEDIUM

Key Information:

Vendor: [unknown]
Status: Linux Kernel
Vendor: CVE Published:; 13 July 2020

What is CVE-2019-19338?

A flaw exists in the way Intel CPUs handle speculative execution during a TSX Asynchronous Abort (TAA) error, specifically in Linux kernel versions prior to 5.5. This vulnerability impacts guests running on Cascade Lake CPUs, especially when the host has 'TSX' enabled. If the guest is not affected by the Microarchitectural Data Sampling (MDS) issue, it may fail to properly utilize a mechanism called VERW to clear the sensitive buffers during a TAA event. Consequently, this oversight poses a significant risk to data confidentiality.

Affected Version(s)

Linux Kernel before 5.5

References

https://www.openwall.com/lists/oss-security/2019/12/10/3

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338

x_refsource_CONFIRM

https://software.intel.com/security-software-guidance/ins...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2020
Vulnerability Reserved
Nov 27, 2019

[unknown]

What is CVE-2019-19338?

Affected Version(s)

References

CVSS V3.1

Timeline