Allele Security Alert
ASA-2019-00333
Identifier(s)
ASA-2019-00333, CVE-2019-0174, INTEL-SA-00247
Title
Partial Physical Address Leakage
Vendor(s)
Intel
Product(s)
Intel® Core™
Intel® Pentium®
Intel® Celeron®
Intel® Xeon®
Affected version(s)
Intel® Core™ X-series Processors, 4th Generation
Intel® Core™ i5 Processors, 4th Generation
Intel® Core™ i3 Processors
Intel® Pentium® Processor G Series,
Intel® Pentium® Processor 3000 Series
Intel® Celeron® Processor 2000 Series
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E3 v3 Family
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.
Technical details
Unknown
Credits
Andrew Kwong, Daniel Genkin (University of Michigan), Daniel Gruss (Graz University of Technology), Yuval Yarom (University of Adelaide) and Data61
Reference(s)
Partial Physical Address Leakage Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html
RAMBleed: Reading Bits in Memory Without Accessing Them
https://rambleed.com/docs/20190603-rambleed-web.pdf
RAMBleed
https://rambleed.com
Security Best Practices For Side Channel Resistance:
https://software.intel.com/security-software-guidance/insights/security-best-practices-side-channel-resistance
Guidelines For Mitigating Timing Side Channels Against Cryptographic Implementations:
https://software.intel.com/security-software-guidance/insights/guidelines-mitigating-timing-side-channels-against-cryptographic-implementations
CVE-2019-0174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0174
CVE-2019-0174
https://nvd.nist.gov/vuln/detail/CVE-2019-0174
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 11, 2019