Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
November 13, 2019
The vulnerabilities are as follows.
1. CVE-2019–11135: TSX Asynchronous Abort (TAA)
This affects Intel chips with the Transactional Synchronization Extensions (TSX) feature.
It is similar to earlier MDS vulnerabilities, so if you’ve applied remediations for MDS, you will also be safe from this vulnerability.
However, if you’ve a newer Intel CPU with TSX enabled that’s not affected by MDS, you’ll need to update your CPU’s microcode and patch the kernel.
UPDATE FROM MONDAY, NOVEMBER 18TH
TSA (CVE-2019–11135) is taken care of by MDS mitigation on all kernels supported by KernelCare. KernelCare enforces MDS on all CPUs which are not in white-list. Currently there are no TSA-affected CPUs in this white-list, so no additional patches from KernelCare are required to mitigate TSA. We are recommending to those with TSA-affected CPUs to update to latest CPU microcode from their vendor.
2. CVE-2018–12207: Processor Machine Check Error (MCEPSC or iTLB multihit)
The Processor Machine Check Error vulnerability affects virtualized environments.
Exploitation of this vulnerability can result in the host system hanging when Extended Page Tables (EPT) are enabled.
UPDATE FROM MONDAY, DECEMBER 2
KernelCare Team has released Centos7, Centos7-Plus, RHEL7, OEL 7 patches for CVE-2018-12207 to the test feed. The KernelCare test feed makes it possible to start using new patches earlier.
To install patches from the test feed, run the command:
kcarectl –test –update
When production updates are available, KernelCare will use the regular feed automatically.
Subscribe to our blog to get the update about the patches in production.
3. CVE-2019–0155, CVE-2019–0154: i915 graphics hardware
CVE-2019–0155 can give an unprivileged user elevated system privileges.
CVE-2019–0154 can let an unprivileged user hang the system (effectively creating a DoS situation) by reading from specific memory locations (MMIO registers) when the graphic card’s power management goes to a particular minimal power usage state.
As with all major vulnerabilities, as soon as the KernelCare monitoring team hear about it, developers and analysts begin the detailed process of investigating, assessing, developing and coding patches for our KernelCare Linux kernel live patching software.
We will start delivering first patches next Friday, November 29th. We’ll report here we progress and will provide migration instructions and patch locations when ready. Subscribe to our blog to get instant update.
Get a FREE 7-Day Supported Trial of KernelCare
Stay updated with the latest news and announcements from TuxCare.com