CVE-2019-11139

Published: 12 November 2019

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

From the Ubuntu security team

It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash).

Priority

Medium

CVSS 3 base score: 6.0

Status

Package Release Status
intel-microcode
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.20191112-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.20191112-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.20191112-0ubuntu0.14.04.2)

Notes

AuthorNote
tyhicks 
This issue only affects processors manufactured by Intel
Kernel changes are not needed to mitigate this issue

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading