CVE-2019-19338

13.07.2020, 17:15

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 < 5.5
redhat	enterprise_linux	6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.5-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	ignored
xenial	not-affected

linux-aws

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	ignored
xenial	not-affected

linux-aws-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-aws-hwe

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	not-affected

linux-azure

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	ignored
xenial	not-affected

linux-azure-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	ignored

linux-gcp

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	not-affected

linux-gcp-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gcp-edge

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-4.15

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-hwe

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	not-affected

linux-hwe-edge

bionic	ignored
disco	dne
eoan	dne
trusty	dne
xenial	not-affected

linux-kvm

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	not-affected

linux-lts-trusty

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
disco	dne
eoan	dne
trusty	ignored
xenial	dne

linux-oem

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	ignored

linux-oem-osp1

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	dne

linux-oracle

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	not-affected

linux-oracle-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	not-affected

linux-snapdragon

bionic	not-affected
disco	not-affected
eoan	dne
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kernel-azure

suse enterprise sap 12 SP4	4.12.14-6.34.1 fixed
suse enterprise sap 12 SP5	4.12.14-16.7.1 fixed
suse enterprise sap 15 SP1	4.12.14-8.27.1 fixed
suse enterprise sap 15 SP2	5.3.18-16.2 fixed
suse enterprise sap 15 SP3	5.3.18-36.1 fixed
suse enterprise sap 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.31.4 fixed
suse enterprise sap 15 SP6	6.4.0-150600.6.3 fixed
suse enterprise server 12 SP4	4.12.14-6.34.1 fixed
suse enterprise server 12 SP5	4.12.14-16.7.1 fixed
suse enterprise server 15 SP1	4.12.14-8.27.1 fixed
suse enterprise server 15 SP2	5.3.18-16.2 fixed
suse enterprise server 15 SP3	5.3.18-36.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.31.4 fixed
suse enterprise server 15 SP6	6.4.0-150600.6.3 fixed

kernel-azure-base

suse enterprise sap 12 SP4	4.12.14-6.34.1 fixed
suse enterprise sap 12 SP5	4.12.14-16.7.1 fixed
suse enterprise sap 15 SP1	4.12.14-8.27.1 fixed
suse enterprise sap 15 SP2	4.12.14-8.27.1 fixed
suse enterprise sap 15 SP3	4.12.14-8.27.1 fixed
suse enterprise server 12 SP4	4.12.14-6.34.1 fixed
suse enterprise server 12 SP5	4.12.14-16.7.1 fixed
suse enterprise server 15 SP1	4.12.14-8.27.1 fixed
suse enterprise server 15 SP2	4.12.14-8.27.1 fixed
suse enterprise server 15 SP3	4.12.14-8.27.1 fixed

kernel-default

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.3 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.3 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.3 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kernel-default-base

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed

kernel-default-extra

suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise workstation 15 SP3	5.3.18-57.3 fixed

kernel-default-kgraft

suse enterprise server 12 SP3

4.4.180-94.113.1

fixed

kernel-default-man

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	4.12.14-197.34.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	4.12.14-197.34.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	4.12.14-197.34.1 fixed

kernel-docs

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.3 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.2 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.3 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.2 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.3 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.2 fixed

kernel-macros

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kernel-obs-build

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.2 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.2 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.2 fixed

kernel-preempt

suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed

kernel-preempt-extra

suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise workstation 15 SP3	5.3.18-57.3 fixed

kernel-source

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kernel-source-azure

suse enterprise sap 12 SP4	4.12.14-6.34.1 fixed
suse enterprise sap 12 SP5	4.12.14-16.7.1 fixed
suse enterprise sap 15 SP1	4.12.14-8.27.1 fixed
suse enterprise sap 15 SP2	5.3.18-16.1 fixed
suse enterprise sap 15 SP3	5.3.18-36.1 fixed
suse enterprise sap 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.31.4 fixed
suse enterprise sap 15 SP6	6.4.0-150600.6.2 fixed
suse enterprise server 12 SP4	4.12.14-6.34.1 fixed
suse enterprise server 12 SP5	4.12.14-16.7.1 fixed
suse enterprise server 15 SP1	4.12.14-8.27.1 fixed
suse enterprise server 15 SP2	5.3.18-16.1 fixed
suse enterprise server 15 SP3	5.3.18-36.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.31.4 fixed
suse enterprise server 15 SP6	6.4.0-150600.6.2 fixed

kernel-syms

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.1 fixed
suse enterprise desktop 15 SP3	5.3.18-57.1 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.1 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 12 SP4	4.12.14-95.48.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.12.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.1 fixed
suse enterprise sap 15 SP3	5.3.18-57.1 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 12 SP3	4.4.180-94.113.1 fixed
suse enterprise server 12 SP4	4.12.14-95.48.1 fixed
suse enterprise server 12 SP5	4.12.14-122.12.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.1 fixed
suse enterprise server 15 SP3	5.3.18-57.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kernel-syms-azure

suse enterprise sap 12 SP4	4.12.14-6.34.1 fixed
suse enterprise sap 12 SP5	4.12.14-16.7.1 fixed
suse enterprise sap 15 SP1	4.12.14-8.27.1 fixed
suse enterprise sap 15 SP2	5.3.18-16.1 fixed
suse enterprise sap 15 SP3	5.3.18-36.1 fixed
suse enterprise sap 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.31.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.6.1 fixed
suse enterprise server 12 SP4	4.12.14-6.34.1 fixed
suse enterprise server 12 SP5	4.12.14-16.7.1 fixed
suse enterprise server 15 SP1	4.12.14-8.27.1 fixed
suse enterprise server 15 SP2	5.3.18-16.1 fixed
suse enterprise server 15 SP3	5.3.18-36.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.12.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.31.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.6.1 fixed

kernel-vanilla-base

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed

kernel-zfcpdump

suse enterprise desktop 15	4.12.14-150.47.1 fixed
suse enterprise desktop 15 SP1	4.12.14-197.34.1 fixed
suse enterprise desktop 15 SP2	5.3.18-22.2 fixed
suse enterprise desktop 15 SP3	5.3.18-57.3 fixed
suse enterprise desktop 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise desktop 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise desktop 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise sap 15	4.12.14-150.47.1 fixed
suse enterprise sap 15 SP1	4.12.14-197.34.1 fixed
suse enterprise sap 15 SP2	5.3.18-22.2 fixed
suse enterprise sap 15 SP3	5.3.18-57.3 fixed
suse enterprise sap 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.51.1 fixed
suse enterprise server 15	4.12.14-150.47.1 fixed
suse enterprise server 15 SP1	4.12.14-197.34.1 fixed
suse enterprise server 15 SP2	5.3.18-22.2 fixed
suse enterprise server 15 SP3	5.3.18-57.3 fixed
suse enterprise server 15 SP4	5.14.21-150400.22.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.53.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.21.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.51.1 fixed

kgraft-patch-4_4_180-94_113-default-1

suse enterprise server 12 SP3

4.5.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-abi-whitelists

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-bootwrapper

RHEL 7

0:3.10.0-1062.18.1.el7

fixed

kernel-core

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-debug

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-debug-core

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-debug-devel

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-debug-modules

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-debug-modules-extra

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-devel

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-doc

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-kdump

RHEL 7

0:3.10.0-1062.18.1.el7

fixed

kernel-kdump-devel

RHEL 7

0:3.10.0-1062.18.1.el7

fixed

kernel-modules

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-modules-extra

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-rt

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-core

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug-core

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug-devel

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug-kvm

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug-modules

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-debug-modules-extra

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-devel

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-doc

RHEL 7

0:3.10.0-1062.18.1.rt56.1044.el7

fixed

kernel-rt-kvm

RHEL 7	0:3.10.0-1062.18.1.rt56.1044.el7 fixed
RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-modules

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-modules-extra

RHEL 8	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.rt24.98.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.rt24.98.el8_1 fixed

kernel-rt-trace

RHEL 7

0:3.10.0-1062.18.1.rt56.1044.el7

fixed

kernel-rt-trace-devel

RHEL 7

0:3.10.0-1062.18.1.rt56.1044.el7

fixed

kernel-rt-trace-kvm

RHEL 7

0:3.10.0-1062.18.1.rt56.1044.el7

fixed

kernel-tools

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-tools-libs

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-tools-libs-devel

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-zfcpdump

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-zfcpdump-core

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-zfcpdump-devel

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-zfcpdump-modules

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

kernel-zfcpdump-modules-extra

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

perf

RHEL 7	0:3.10.0-1062.18.1.el7 fixed
RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

python-perf

RHEL 7

0:3.10.0-1062.18.1.el7

fixed

python3-perf

RHEL 8	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 E4S	0:4.18.0-147.5.1.el8_1 fixed
RHEL 8.1 EUS	0:4.18.0-147.5.1.el8_1 fixed

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort

https://www.openwall.com/lists/oss-security/2019/12/10/3

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort

https://www.openwall.com/lists/oss-security/2019/12/10/3