Vulnerability CVE-2019-11184

Vulnerability CVE-2019-11184

Published: 2019-09-16

Description:

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.

Type:

CWE-362

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.9/10	2.9/10	5.5/10

Exploit range	Attack complexity	Authentication
Adjacent network	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Intel -> E5-1630 firmware
Intel -> E5-2618l firmware
Intel -> E5-2680 firmware
Intel -> E5-4640 firmware
Intel -> E7-4870 firmware
Intel -> 3106 firmware
Intel -> E5-1650 firmware
Intel -> E5-2620 firmware
Intel -> E5-2683 firmware
Intel -> E5-4650 firmware
Intel -> E7-4880 firmware
Intel -> 4109t firmware
Intel -> E5-1660 firmware
Intel -> E5-2623 firmware
Intel -> E5-2687w firmware
Intel -> E5-4655 firmware
Intel -> E7-4890 firmware
Intel -> 4110 firmware
Intel -> E5-1680 firmware
Intel -> E5-2628l firmware
Intel -> E5-2690 firmware
Intel -> E5-4657l firmware
Intel -> E7-8850 firmware
Intel -> 4114t firmware
Intel -> E5-2403 firmware
Intel -> E5-2630 firmware
Intel -> E5-2695 firmware
Intel -> E5-4660 firmware
Intel -> E7-8857 firmware
Intel -> 4116 firmware
Intel -> E5-2407 firmware
Intel -> E5-2630l firmware
Intel -> E5-2697 firmware
Intel -> E5-4667 firmware
Intel -> E7-8870 firmware
Intel -> 4116t firmware
Intel -> E5-2420 firmware
Intel -> E5-2637 firmware
Intel -> E5-2697a firmware
Intel -> E5-4669 firmware
Intel -> E7-8880 firmware
Intel -> 5118 firmware
Intel -> E5-2430 firmware
Intel -> E5-2640 firmware
Intel -> E5-2698 firmware
Intel -> E7-2850 firmware
Intel -> E7-8880l firmware
Intel -> 5119t firmware
Intel -> E5-2430l firmware
Intel -> E5-2643 firmware
Intel -> E5-2699 firmware
Intel -> E7-2870 firmware
Intel -> E7-8890 firmware
Intel -> 5120t firmware
Intel -> E5-2440 firmware
Intel -> E5-2648l firmware
Intel -> E5-2699a firmware
Intel -> E7-2880 firmware
Intel -> E7-8891 firmware
Intel -> 6126 firmware
Intel -> E5-2450 firmware
Intel -> E5-2650 firmware
Intel -> E5-4603 firmware
Intel -> E7-2890 firmware
Intel -> E7-8893 firmware
Intel -> 6126t firmware
Intel -> E5-2450l firmware
Intel -> E5-2650l firmware
Intel -> E5-4607 firmware
Intel -> E7-4809 firmware
Intel -> E7-8895 firmware
Intel -> 6130 firmware
Intel -> E5-2470 firmware
Intel -> E5-2658 firmware
Intel -> E5-4610 firmware
Intel -> E7-4820 firmware
Intel -> 6130t firmware
Intel -> E5-2603 firmware
Intel -> E5-2660 firmware
Intel -> E5-4620 firmware
Intel -> E7-4830 firmware
Intel -> 6138 firmware
Intel -> E5-2608l firmware
Intel -> E5-2667 firmware
Intel -> E5-4627 firmware
Intel -> E7-4850 firmware
Intel -> E5-1620 firmware
Intel -> E5-2609 firmware
Intel -> E5-2670 firmware
Intel -> E5-4628l firmware
Intel -> E7-4860 firmware

References:

https://arxiv.org/abs/1909.04841

https://support.f5.com/csp/article/K43220413

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html

Vulnerability CVE-2019-11184

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.

CWE-362

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

2.9/10

2.9/10

5.5/10

Adjacent network

Medium

No required

Partial

None

None

Affected software

References: