- Vulnerability/
- USN-4182-1
USN-4182-1: Intel Microcode update
First published: Tue Nov 12 2019(Updated: )
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/intel-microcode | <3.20191112-0ubuntu0.19.10.2 | 3.20191112-0ubuntu0.19.10.2 |
| Ubuntu Ubuntu | =19.10 | |
| All of | ||
| ubuntu/intel-microcode | <3.20191112-0ubuntu0.19.04.2 | 3.20191112-0ubuntu0.19.04.2 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/intel-microcode | <3.20191112-0ubuntu0.18.04.2 | 3.20191112-0ubuntu0.18.04.2 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/intel-microcode | <3.20191112-0ubuntu0.16.04.2 | 3.20191112-0ubuntu0.16.04.2 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-11135
- https://ubuntu.com/security/CVE-2019-11139
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
- https://ubuntu.com/security/notices/USN-4186-1
- https://ubuntu.com/security/notices/USN-4182-2
- https://ubuntu.com/security/notices/USN-4186-2
- https://ubuntu.com/security/notices/USN-4187-1
- https://ubuntu.com/security/notices/USN-4188-1
- https://ubuntu.com/security/notices/USN-4184-1
- https://ubuntu.com/security/notices/USN-4185-2
- https://ubuntu.com/security/notices/USN-4185-1
- https://ubuntu.com/security/notices/USN-4183-1
- https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.19.10.2
- https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.19.04.2
- https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.18.04.2
- https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.16.04.2
- https://ubuntu.com/security/notices/USN-4182-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-4182-1?
The severity of USN-4182-1 is high.
How do I fix USN-4182-1?
To fix USN-4182-1, update the intel-microcode package to version 3.20191112-0ubuntu0.19.10.2 (for Ubuntu 19.10), 3.20191112-0ubuntu0.19.04.2 (for Ubuntu 19.04), 3.20191112-0ubuntu0.18.04.2 (for Ubuntu 18.04), or 3.20191112-0ubuntu0.16.04.2 (for Ubuntu 16.04).
Which processors are affected by USN-4182-1?
USN-4182-1 affects Intel processors using Transactional Synchronization Extensions (TSX).
What is the CVE identifier for the vulnerability addressed in USN-4182-1?
The CVE identifier for the vulnerability addressed in USN-4182-1 is CVE-2019-11135.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/usn
- source/Ubuntu
- anchor-related/USN-4186-1
- anchor-related/USN-4182-2
- anchor-related/USN-4186-2
- anchor-related/USN-4187-1
- anchor-related/USN-4188-1
- anchor-related/USN-4184-1
- anchor-related/USN-4185-2
- anchor-related/USN-4185-1
- anchor-related/USN-4183-1
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/description
- agent/softwarecombine
- agent/title
- agent/references
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.10
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04