Vulnerabilities > CVE-2019-0117 - Unspecified vulnerability in Intel products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-1689D3FE07.NASL description The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130919 published 2019-11-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130919 title Fedora 30 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-1689d3fe07) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-1689d3fe07. # include("compat.inc"); if (description) { script_id(130919); script_version("1.4"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135"); script_xref(name:"FEDORA", value:"2019-1689d3fe07"); script_name(english:"Fedora 30 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-1689d3fe07)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1689d3fe07" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2019-1689d3fe07"); } else { __rpm_report = ksplice_reporting_text(); } } flag = 0; if (rpm_check(release:"FC30", reference:"microcode_ctl-2.1-33.fc30", epoch:"2")) flag++; if (rpm_check(release:"FC30", reference:"kernel-5.3.11-200.fc30")) flag++; if (rpm_check(release:"FC30", reference:"kernel-headers-5.3.11-200.fc30")) flag++; if (rpm_check(release:"FC30", reference:"kernel-tools-5.3.11-200.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:microcode_ctl / kernel / kernel-headers / kernel-tools"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-68D7F68507.NASL description The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130920 published 2019-11-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130920 title Fedora 31 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-68d7f68507) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-68d7f68507. # include("compat.inc"); if (description) { script_id(130920); script_version("1.4"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11139"); script_xref(name:"FEDORA", value:"2019-68d7f68507"); script_name(english:"Fedora 31 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-68d7f68507)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-68d7f68507" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11139"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2019-68d7f68507"); } else { __rpm_report = ksplice_reporting_text(); } } flag = 0; if (rpm_check(release:"FC31", reference:"microcode_ctl-2.1-33.fc31", epoch:"2")) flag++; if (rpm_check(release:"FC31", reference:"kernel-5.3.11-300.fc31")) flag++; if (rpm_check(release:"FC31", reference:"kernel-headers-5.3.11-300.fc31")) flag++; if (rpm_check(release:"FC31", reference:"kernel-tools-5.3.11-300.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:microcode_ctl / kernel / kernel-headers / kernel-tools"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-7A3FC17778.NASL description The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. ---- The 5.3.9 update contains a number of important fixes across the tree ---- Update to upstream 2.1-22. 20190618 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130989 published 2019-11-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130989 title Fedora 29 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-7a3fc17778) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-7a3fc17778. # include("compat.inc"); if (description) { script_id(130989); script_version("1.4"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11139"); script_xref(name:"FEDORA", value:"2019-7a3fc17778"); script_name(english:"Fedora 29 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-7a3fc17778)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. ---- The 5.3.9 update contains a number of important fixes across the tree ---- Update to upstream 2.1-22. 20190618 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7a3fc17778" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11139"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2019-7a3fc17778"); } else { __rpm_report = ksplice_reporting_text(); } } flag = 0; if (rpm_check(release:"FC29", reference:"microcode_ctl-2.1-33.fc29", epoch:"2")) flag++; if (rpm_check(release:"FC29", reference:"kernel-5.3.11-100.fc29")) flag++; if (rpm_check(release:"FC29", reference:"kernel-headers-5.3.11-100.fc29")) flag++; if (rpm_check(release:"FC29", reference:"kernel-tools-5.3.11-100.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:microcode_ctl / kernel / kernel-headers / kernel-tools"); }
References
- https://support.f5.com/csp/article/K73837233?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K73837233?utm_source=f5support&%3Butm_medium=RSS
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html