CVE-2019-11090

Name of the Vulnerable Software and Affected Versions Intel(R) PTT versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, and 14.0.10 Intel(R) TXE versions prior to 3.1.70 and 4.0.20 Intel(R) SPS versions prior to SPS E5 04.01.04.305.0, SPS SoC-X 04.00.04.108.0, SPS SoC-A 04.00.04.191.0, SPS E3 04.01.04.086.0, and SPS E3 04.08.04.047.0

Description The issue is related to cryptographic timing conditions in the Intel(R) PTT, Intel(R) TXE, and Intel(R) SPS subsystems, which may allow an unauthenticated user to potentially enable information disclosure via network access. This vulnerability is associated with a lack of protection for service data and may allow a remote attacker to access cryptographic keys stored in the Trusted Platform Module (TPM).

Recommendations For Intel(R) PTT versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, and 14.0.10, update to the respective fixed versions or later. For Intel(R) TXE versions prior to 3.1.70 and 4.0.20, update to the respective fixed versions or later. For Intel(R) SPS versions prior to SPS E5 04.01.04.305.0, SPS SoC-X 04.00.04.108.0, SPS SoC-A 04.00.04.191.0, SPS E3 04.01.04.086.0, and SPS E3 04.08.04.047.0, update to the respective fixed versions or later. As a temporary workaround, consider restricting access to the Trusted Platform Module (TPM) to minimize the risk of exploitation.