Oval Definition:oval:com.ubuntu.xenial:def:2019111350000000
Revision Date:2019-11-14Version:1
Title:CVE-2019-11135 on Ubuntu 16.04 LTS (xenial) - high.
Description:TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11135
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • intel-microcode package in xenial was vulnerable but has been fixed (note: '3.20191112-0ubuntu0.16.04.2').
  • OR linux package in xenial was vulnerable but has been fixed (note: '4.4.0-168.197').
  • OR linux-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1098.109').
  • OR linux-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1054.56~16.04.1').
  • OR linux-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1063.68').
  • OR linux-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1049.52').
  • OR linux-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-69.78~16.04.1').
  • OR linux-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1062.69').
  • OR linux-meta package in xenial was vulnerable but has been fixed (note: '4.4.0-168.197').
  • OR linux-meta-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1098.109').
  • OR linux-meta-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1054.56~16.04.1').
  • OR linux-meta-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1063.68').
  • OR linux-meta-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1049.52').
  • OR linux-meta-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-69.78~16.04.1').
  • OR linux-meta-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1062.69').
  • OR linux-meta-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1029.32~16.04.1').
  • OR linux-meta-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1126.135').
  • OR linux-meta-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1130.138').
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needs-triage now end-of-life').
  • OR linux-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1029.32~16.04.1').
  • OR linux-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1126.135').
  • OR linux-signed package in xenial was vulnerable but has been fixed (note: '4.4.0-168.197').
  • OR linux-signed-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1063.68').
  • OR linux-signed-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1049.52').
  • OR linux-signed-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-69.78~16.04.1').
  • OR linux-signed-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1029.32~16.04.1').
  • OR linux-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1130.138').
    • BACK