MGASA-2019-0334

Advisory lineage Upstream: 4 Downstream: 0
Published: 19 Nov 2019, 21:16
Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Nov 2019, 21:16
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated

Description

Updated microcode packages fix security vulnerabilities This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory (CVE-2019-0117). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135). Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2019-11139). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207). TA Indirect Sharing Erratum (Information Leak) Incomplete fixes for previous MDS mitigations (VERW) SHUF* instruction implementation flaw (DoS) EGETKEY Erratum Conditional Jump Macro-fusion (DoS or Privilege Escalation) For the software side fixes and mitigations of theese issues, the kernel must be updated to 5.3.13-1.mga7 (mga¤25686) or later.

Affected Systems

  • mageiamicrocode

    < 0.20191112-1.mga7.nonfree

References (8)