Skip to main content

Leap CVE-2019-11135

MEDIUM
2019-11-14 secure@intel.com
Information Disclosure Leap Fedora Slackware Apollo 4200 Firmware Apollo 2000 Firmware Proliant Bl460C Firmware Proliant Dl580 Firmware Proliant Dl560 Firmware Proliant Dl380 Firmware Proliant Dl360 Firmware Proliant Dl180 Firmware Proliant Dl160 Firmware Proliant Dl120 Firmware Proliant Dl20 Firmware Proliant Ml350 Firmware Proliant Ml110 Firmware Proliant Ml30 Firmware Proliant Xl450 Firmware Proliant Xl270D Firmware Proliant Xl230K Firmware Proliant Xl190R Firmware Proliant Xl170R Firmware Synergy 480 Firmware Synergy 660 Firmware Proliant E910 Firmware Core I7 10510Y Firmware Core I5 10310Y Firmware Core I5 10210Y Firmware Core I5 10110Y Firmware Core I7 8500Y Firmware Core I5 8310Y Firmware Core I5 8210Y Firmware Core I5 8200Y Firmware Core M3 8100Y Firmware Xeon 8253 Firmware Xeon 8256 Firmware Xeon 8260 Firmware Xeon 8260L Firmware Xeon 8260M Firmware Xeon 8260Y Firmware Xeon 8268 Firmware Xeon 8270 Firmware Xeon 8276 Firmware Xeon 8276L Firmware Xeon 8276M Firmware Xeon 8280 Firmware Xeon 8280L Firmware Xeon 8280M Firmware Xeon 9220 Firmware Xeon 9221 Firmware Xeon 9222 Firmware Xeon 9242 Firmware Xeon 9282 Firmware Xeon 5215 Firmware Xeon 5215L Firmware Xeon 5215M Firmware Xeon 5215R Firmware Xeon 5217 Firmware Xeon 5218 Firmware Xeon 5218B Firmware Xeon 5218N Firmware Xeon 5218T Firmware Xeon 5220 Firmware Xeon 5220R Firmware Xeon 5220S Firmware Xeon 5220T Firmware Xeon 5222 Firmware Xeon 6222V Firmware Xeon 6226 Firmware Xeon 6230 Firmware Xeon 6230N Firmware Xeon 6230T Firmware Xeon 6234 Firmware Xeon 6238 Firmware Xeon 6238L Firmware Xeon 6238M Firmware Xeon 6238T Firmware Xeon 6240 Firmware Xeon 6240L Firmware Xeon 6240M Firmware Xeon 6240Y Firmware Xeon 6242 Firmware Xeon 6244 Firmware Xeon 6246 Firmware Xeon 6248 Firmware Xeon 6252 Firmware Xeon 6252N Firmware Xeon 6254 Firmware Xeon 6262V Firmware Xeon 4208 Firmware Xeon 4208R Firmware Xeon 4209T Firmware Xeon 4210 Firmware Xeon 4210R Firmware Xeon 4214 Firmware Xeon 4214C Firmware Xeon 4214R Firmware Xeon 4214Y Firmware Xeon 4215 Firmware Xeon 4216 Firmware Xeon 4216R Firmware Xeon 3204 Firmware Xeon 3206R Firmware Xeon W 3275M Firmware Xeon W 3275 Firmware Xeon W 3265M Firmware Xeon W 3265 Firmware Xeon W 3245M Firmware Xeon W 3245 Firmware Xeon W 3235 Firmware Xeon W 3225 Firmware Xeon W 3223 Firmware Xeon W 2295 Firmware Xeon W 2275 Firmware Xeon W 2265 Firmware Xeon W 2255 Firmware Xeon W 2245 Firmware Xeon W 2235 Firmware Xeon W 2225 Firmware Xeon W 2223 Firmware Core I9 9980Hk Firmware Core I9 9880H Firmware Core I7 9850H Firmware Core I7 9750Hf Firmware Core I5 9400H Firmware Core I5 9300H Firmware Core I9 9900K Firmware Core I9 9900Kf Firmware Core I7 9700K Firmware Core I7 9700Kf Firmware Core I5 9600K Firmware Core I5 9600Kf Firmware Core I5 9400 Firmware Core I5 9400F Firmware Xeon E 2288G Firmware Xeon E 2286M Firmware Xeon E 2278Gel Firmware Xeon E 2278Ge Firmware Xeon E 2278G Firmware Core I7 10510U Firmware Core I5 10210U Firmware Pentium 6405U Firmware Celeron 5305U Firmware Core I7 8565U Firmware Core I7 8665U Firmware Core I5 8365U Firmware Core I5 8265U Firmware Ubuntu Linux Debian Linux Codeready Linux Builder Codeready Linux Builder Eus Virtualization Manager Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Zfs Storage Appliance Kit
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 19:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

AnalysisAI

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Technical ContextAI

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Affected products include: Opensuse Leap, Fedoraproject Fedora, Slackware, Hp Apollo 4200 Firmware, Hp Apollo 2000 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Leap

View all
CVE-2025-32463 CRITICAL POC
9.3 Jun 30

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti

CVE-2016-1960 HIGH POC
8.8 Mar 13

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2017-5753 MEDIUM POC
5.6 Jan 04

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2017-8386 HIGH POC
8.8 Jun 01

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x be

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2016-2819 HIGH POC
8.8 Jun 13

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to ex

CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2014-2525 MEDIUM POC
6.8 Mar 28

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent

CVE-2017-13704 HIGH
7.5 Oct 03

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call get

CVE-2016-0742 HIGH
7.5 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid

Share

CVE-2019-11135 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy