CVE-2019-11157
https://notcve.org/view.php?id=CVE-2019-11157
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. Una comprobación de condiciones inapropiadas en la configuración de voltaje para algunos procesadores Intel(R) pueden permitir que un usuario con privilegios pueda permitir la escalada de privilegios y/o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0001 https://support.f5.com/csp/article/K10321239?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html •
CVE-2019-14607
https://notcve.org/view.php?id=CVE-2019-14607
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. La verificación de condiciones inadecuadas en múltiples procesadores Intel® puede permitir a un usuario autenticado habilitar potencialmente la escalada parcial de privilegios, la denegación de servicio y / o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html https://www.synology.com/security/advisory/Synology_SA_19_42 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2019-11135 – hw: TSX Transaction Asynchronous Abort (TAA)
https://notcve.org/view.php?id=CVE-2019-11135
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local. A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12 • CWE-203: Observable Discrepancy •