Introduction to this Security Vulnerability
The Days when only the software used to be victims of Malicious Attack are gone. Intel was about to get settled with L1TF vulnerability, when attackers have blown another Hit to the biggest chipset processor manufacturer. This time it came with “TSX Asynchronous Abort” the latest Intel Security Vulnerability. Common Vulnerabilities and Exposures (CVE) have recently registered this as a Intel vulnerability in their website: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 . Where they have mentioned:
” TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side-channel with local access.”
Processors effected by this Intel CPU vulnerability:
As per Intel: 2019.2 IPU – TSX Asynchronous Abort Security Vulnerability Advisory
Following are the processors effected by the above Intel Security Vulnerability.
|
Product Collection |
Product Names |
Vertical Segment |
|
10th Generation Intel® Core™ Processor Family |
Intel® Core™ Processor i7-10510Y, i5-10310Y |
Mobile |
|
|
Intel® Core™ Processor i5-10210Y, i5-10110YIntel® Core™ Processor i7-8500YIntel® Core™ Processor i5-8310Y, i5-8210Y, i5-8200Y |
|
|
|
Intel® Core™ Processor m3-8100Y |
|
|
2nd Generation Intel® Xeon® Scalable Processors |
Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6222V, 6226, 6230, 6230N, 6230T, 6234, 6238, 6238L, 6238M, 6238T, 6240, 6240L, 6240M, 6240Y, 6242, 6244, 6246, 6248, 6252, 6252N, 6254, 6262VIntel® Xeon® Silver Processor 4208, 4208R, 4209T, 4210, 4210R, 4214, 4214C, 4214R, 4214Y, 4215, 4216, 4216RIntel® Xeon® Bronze Processor 3204, 3206R |
Server |
|
Intel® Xeon® W Processor Family |
Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223 |
Workstation |
|
9th Generation Intel® Core™ Processor Family |
Intel® Core™ Processor i9-9980HK, 9880H |
Mobile |
|
|
Intel® Core™ Processor i7-9850H, 9750HF |
|
|
|
Intel® Core™ Processor i5-9400H, 9300H |
|
|
9th Generation Intel® Core™ Processor Family |
Intel® Core™ Processor i9-9900K, i9-9900KFIntel® Core™ Processor i7-9700K, i7-9700KFIntel® Core™ Processor i5-9600K, i5-9600KF, i5-9400, i5-9400F |
Desktop |
|
Intel® Xeon® Processor E Family |
Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G |
Workstation/ Server / AMT Server |
|
10th Generation Intel® Core™ Processor FamilyIntel® Pentium® Gold Processor SeriesIntel® Celeron® Processor 5000 Series |
Intel® Core™ Processor i7-10510UIntel® Core™ Processor i5-10210UIntel® Pentium® Gold Processor 6405UIntel® Celeron® Processor 5305U |
Mobile |
|
8th Generation Intel® Core™ Processors |
Intel® Core™ Processor i7-8565U, i7-8665UIntel® Core™ Processor i5-8365U, i5-8265U |
Mobile |
Recommendation:
Intel recommends that users of the affected Intel® Processors listed above, update to the latest firmware version provided by the system manufacturer that addresses these issues.
Find the Actions taken by the Software Giants against this Security Vulnerability:
VMware Products : VMSA-2019-0020
Microsoft: Windows Kernel Information Disclosure Vulnerability
F5: K02912734: Intel CPU vulnerability CVE-2019-11135
Redhat : CVE-2019-11135 – Transactional Synchronization Extensions (TSX) Asynchronous Abort
For more Vulnerability Updates please visit: https://knowitlikepro.com/category/security-vulnerabilities/
