{"containers": {"cna": {"affected": [{"product": "Intel(R) PTT", "vendor": "n/a", "versions": [{"status": "affected", "version": "See provided reference"}]}], "descriptions": [{"lang": "en", "value": "Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T21:08:39", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-11090", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) PTT", "version": {"version_data": [{"version_value": "See provided reference"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-11090", "datePublished": "2019-12-18T21:08:39", "dateReserved": "2019-04-11T00:00:00", "dateUpdated": "2024-08-04T22:40:16.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D4CEA4B-F303-4C74-9B21-633C23BC788F", "versionEndIncluding": "11.8.70", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BA65B9B-A05A-46A1-AB54-0C7956FAE3CE", "versionEndExcluding": "11.11.70", "versionStartIncluding": "11.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "11B431B3-4508-4DEC-A85E-B236B33AF98A", "versionEndExcluding": "11.22.70", "versionStartIncluding": "11.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43C456C2-693A-4CA2-A991-3FE56D33262C", "versionEndExcluding": "12.0.45", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B73401-94D9-4264-A96D-F0AB91F7084A", "versionEndExcluding": "13.0.0", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:platform_trust_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9A13E75-2312-403D-A961-0BEE49AF7FFC", "versionEndExcluding": "14.0.10", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90C558D4-B158-4BD3-B215-C28BF647718F", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19E8B458-4B69-40D3-9B92-76E6ECA214DD", "versionEndExcluding": "sps_e3_04.01.04.086.0", "versionStartIncluding": "sps_e3_04.01.00.000.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA8854B3-4BBC-4FEB-872B-574972F3D95B", "versionEndExcluding": "sps_e5_04.01.04.305.0", "versionStartIncluding": "sps_e5_04.00.00.000.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DFD2B64-3374-4419-B102-42745E051F14", "versionEndExcluding": "sps_soc-a_04.00.04.191.0", "versionStartIncluding": "sps_soc-a_04.00.00.000.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8932FAF-2F02-4D8F-B930-86A2F939F0CA", "versionEndExcluding": "sps_soc-x_04.00.04.108.0", "versionStartIncluding": "sps_soc-x_04.00.00.000.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD17A8EA-F595-4E4E-B694-FE07544E7945", "versionEndExcluding": "3.1.70", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BCB9B3C-C83A-4563-80F6-3AA50C16A118", "versionEndExcluding": "4.0.20", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access."}, {"lang": "es", "value": "Condiciones de sincronizaci\u00f3n criptogr\u00e1fica en el subsistema para Intel\u00ae PTT versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 y 14.0.10; Intel\u00ae TXE 3.1.70 y 4.0.20; Intel\u00ae SPS versiones anteriores a SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0, puede permitir a un usuario no autenticado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso de red."}], "id": "CVE-2019-11090", "lastModified": "2020-01-03T15:59:31.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-18T22:15:12.237", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hw: ECDSA signature timing vulnerabilities in TPM module", "id": "1788755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788755"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-385", "details": ["Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.", "Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module (TPM) firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowing an attacker to recover parts of the private key."], "mitigation": {"lang": "en:us", "value": "To remediate this vulnerability, install relevant firmware updates from your hardware vendor and follow their advice to regenerate keys that may be vulnerable or compromised. STMicroelectronics, Intel and OEMs have published firmware updates and advice at the links provided in the External References section."}, "name": "CVE-2019-11090", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11090\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11090\nhttps://tpm.fail/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\nhttps://www.st.com/content/st_com/en/campaigns/tpm-update.html"], "statement": "This is a vulnerability in TPM firmware distributed by hardware vendors, not by Red Hat. Red Hat Enterprise Linux exposes the TPM device at /dev/tpm* where it is available for software with the correct privileges to use. Customers are advised to always ensure that firmware updates from hardware vendors are kept up to date with security fixes.", "threat_severity": "Moderate"}