Oval Definition:oval:com.ubuntu.disco:def:2019111350000000
Revision Date:2019-11-14Version:1
Title:CVE-2019-11135 on Ubuntu 19.04 (disco) - high.
Description:TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11135
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND Package Information
  • intel-microcode package in disco was vulnerable but has been fixed (note: '3.20191112-0ubuntu0.19.04.2').
  • OR linux package in disco was vulnerable but has been fixed (note: '5.0.0-35.38').
  • OR linux-aws package in disco was vulnerable but has been fixed (note: '5.0.0-1021.24').
  • OR linux-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1025.27').
  • OR linux-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1025.26').
  • OR linux-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1022.24').
  • OR linux-meta package in disco was vulnerable but has been fixed (note: '5.0.0-35.38').
  • OR linux-meta-aws package in disco was vulnerable but has been fixed (note: '5.0.0-1021.24').
  • OR linux-meta-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1025.27').
  • OR linux-meta-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1025.26').
  • OR linux-meta-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1022.24').
  • OR linux-meta-oem package in disco is affected and needs fixing.
  • OR linux-meta-oem-osp1 package in disco is affected and needs fixing.
  • OR linux-meta-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1007.12').
  • OR linux-meta-raspi2 package in disco was vulnerable but has been fixed (note: '5.0.0-1022.23').
  • OR linux-oem package in disco is affected and needs fixing.
  • OR linux-oem-osp1 package in disco is affected and needs fixing.
  • OR linux-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1007.12').
  • OR linux-raspi2 package in disco was vulnerable but has been fixed (note: '5.0.0-1022.23').
  • OR linux-signed package in disco was vulnerable but has been fixed (note: '5.0.0-35.38').
  • OR linux-signed-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1025.27').
  • OR linux-signed-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1025.26').
  • OR linux-signed-oem package in disco is affected and needs fixing.
  • OR linux-signed-oem-osp1 package in disco is affected and needs fixing.
  • OR linux-signed-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1007.12').
  • OR linux-snapdragon package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1026.28').
    • BACK