TSX Asynchronous Abort Advisory, INTEL-SA-00270, Disclosed November 11, 2019
On November 11, 2019, Intel publicly disclosed a potential security vulnerability in Intel® Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA). Some Intel® Processors may allow information disclosure. Intel has released firmware updates to mitigate this potential vulnerability.
TSX Asynchronous Abort (TAA) relies on TSX. Systems that don't use TSX are not impacted by TAA.
Intel’s prior microcode mitigations for Microarchitectural Data Sampling (MDS) already help address TAA. MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities. For processors with hardware mitigations against MDS, a new microcode is available to help address TAA.
This vulnerability has been classified as medium severity (6.5) per the industry standard CVSS, and it’s important to note that there are no reports of any real-world exploits of this vulnerability.
Affected products:
A list of impacted products can be found here along with the updated MCU version needed to address this vulnerability.
Recommendations:
Intel recommends that users of the affected Intel® Processors, contact their system provider to obtain the latest firmware version that addresses these issues.
To identify the microcode version on your system and determine if an update is needed from your system manufacturer, follow the steps provided here.
Intel encourages everyone to keep their systems up to date, as it's one of the best ways to stay protected.
Further technical details of the vulnerabilities can be found in the Intel Security Center, INTEL-SA-00270.
If you need further assistance, please contact Intel Customer Support.
General questions & answers:
Click or the question for details: