Vigil@nce - Intel Processors: information disclosure via TSX Asynchronous Abort
January 2020 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/computer-vulnerability
SYNTHESIS OF THE VULNERABILITY
Impacted products: XenServer, Debian, Fedora, FreeBSD, HP
ProLiant, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2,
Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8,
Windows RT, OpenBSD, openSUSE Leap, RHEL, Slackware, SUSE Linux
Enterprise Desktop, SLES, Ubuntu, ESXi, VMware vSphere Hypervisor,
VMware Workstation, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 13/11/2019.
DESCRIPTION OF THE VULNERABILITY
An attacker can bypass access restrictions to data via TSX
Asynchronous Abort of Intel Processors, in order to obtain
sensitive information.
ACCESS TO THE FULL VIGIL@NCE BULLETIN