{"id":"USN-4182-2","summary":"intel-microcode update","details":"USN-4182-2 provided updates for Intel Microcode. This update provides\nthe corresponding update for Ubuntu 14.04 ESM.\n\nStephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo,\nKaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz\nLipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel\nprocessors using Transactional Synchronization Extensions (TSX) could\nexpose memory contents previously stored in microarchitectural buffers to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11135)\n\nIt was discovered that certain Intel Xeon processors did not properly\nrestrict access to a voltage modulation interface. A local privileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11139)\n","modified":"2026-02-10T04:41:40Z","published":"2019-11-12T22:04:17Z","related":["UBUNTU-CVE-2019-11135","UBUNTU-CVE-2019-11139"],"upstream":["CVE-2019-11135","CVE-2019-11139","UBUNTU-CVE-2019-11135","UBUNTU-CVE-2019-11139"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4182-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11135"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11139"}],"affected":[{"package":{"name":"intel-microcode","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/intel-microcode@3.20191112-0ubuntu0.14.04.2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20191112-0ubuntu0.14.04.2"}]}],"versions":["1.20130906.1ubuntu2","1.20130906.1ubuntu3","2.20140122.1","2.20140430.1ubuntu1","2.20140624-t-1ubuntu2","3.20180108.0~ubuntu14.04.2","3.20180108.0+really20170707ubuntu14.04.1","3.20180312.0~ubuntu14.04.1","3.20180425.1~ubuntu0.14.04.1","3.20180425.1~ubuntu0.14.04.2","3.20180807a.0ubuntu0.14.04.1","3.20190514.0ubuntu0.14.04.1","3.20190514.0ubuntu0.14.04.2","3.20190618.0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"intel-microcode","binary_version":"3.20191112-0ubuntu0.14.04.2"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2019-11135","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2019-11139","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4182-2.json"}}],"schema_version":"1.7.3"}