Vulnerability Details : CVE-2019-11139
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
Vulnerability category: Denial of service
Products affected by CVE-2019-11139
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5120_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8153_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8156_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8158_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8160_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8160f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8160m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8160t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8164_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8168_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8170_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8170m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8176_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8176f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8176m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8180_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_8180m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5115_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5118_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5119t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5120t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_5122_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6126_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6126f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6126t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6128_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6130_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6130f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6130t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6132_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6134_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6134m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6136_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6138_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6138f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6138t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6140_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6140m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6142_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6142f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6144_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6146_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6148_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6148f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6152_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_6154_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4108_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4109t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4110_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4112_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4114_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4114t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4116_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_4116t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_3104_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:intel:xeon_3106_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11139
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11139
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
6.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
1.5
|
4.0
|
NIST |
CWE ids for CVE-2019-11139
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11139
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us
HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of ServiceThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html
[SECURITY] [DLA 2051-1] intel-microcode security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html
[security-announce] openSUSE-SU-2019:2527-1: important: Security updateMailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Dec/28
Bugtraq: [SECURITY] [DSA 4565-2] intel-microcode security updateMailing List;Third Party Advisory
-
https://support.f5.com/csp/article/K42433061?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
INTEL-SA-00271Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html
[security-announce] openSUSE-SU-2019:2528-1: important: Security updateMailing List;Third Party Advisory
Jump to