CVE-2019-11090

Published: Dec 18, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

Affected (13)

Products: Intel: Platform Trust Technology Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware

Intel

3 products

Platform Trust Technology Firmware

Server Platform Services Firmware

Trusted Execution Engine Firmware

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Intel Platform Trust Technology Firmware	From 11.0 to 11.8.70
Intel Platform Trust Technology Firmware	From 11.10 to 11.11.70
Intel Platform Trust Technology Firmware	From 11.20 to 11.22.70
Intel Platform Trust Technology Firmware	From 12.0 to 12.0.45
Intel Platform Trust Technology Firmware	From 13.0 to 13.0.0
Intel Platform Trust Technology Firmware	From 14.0.0 to 14.0.10
Intel Server Platform Services Firmware	All versions
Intel Server Platform Services Firmware	From sps_e3_04.01.00.000.0 to sps_e3_04.01.04.086.0
Intel Server Platform Services Firmware	From sps_e5_04.00.00.000.0 to sps_e5_04.01.04.305.0
Intel Server Platform Services Firmware	From sps_soc-a_04.00.00.000.0 to sps_soc-a_04.00.04.191.0
Intel Server Platform Services Firmware	From sps_soc-x_04.00.00.000.0 to sps_soc-x_04.00.04.108.0
Intel Trusted Execution Engine Firmware	From 3.0 to 3.1.70
Intel Trusted Execution Engine Firmware	From 4.0 to 4.0.20

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.