CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

medium 6.5 CVSS 3.1

Published: Nov 14, 2019

Modified: May 28, 2026

Vendor: Opensuse

Product: Leap

Versions: 15.0,15.1,30,31,14.2,gen10,14.04,8.0,9.0,10.0

Description

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html
http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://www.openwall.com/lists/oss-security/2019/12/10/3
http://www.openwall.com/lists/oss-security/2019/12/10/4
http://www.openwall.com/lists/oss-security/2019/12/11/1
https://access.redhat.com/errata/RHSA-2019:3936
https://access.redhat.com/errata/RHSA-2020:0026
https://access.redhat.com/errata/RHSA-2020:0028

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.5 / 10
Severity	medium

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Product

Vendor	Opensuse
Product	Leap
Versions	15.0,15.1,30,31,14.2,gen10,14.04,8.0,9.0,10.0