Security Vulnerability: TSX Asynchronous Abort (TAA) / CVE-2019-11135
This document (7024251) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 12
The CPU is not affected by this problem.
The CPU is affected by this vulnerability and neither CPU microcode nor kernel mitigations are applied.
Vulnerable: Clear CPU buffers attempted, no microcode
The kernel mitigations are present and active, but the CPU Microcode does not support the buffer clear operation. (This can also happen if the clear CPU buffers ability is not reported for a guest VM.)
Mitigation: Clear CPU buffers
The software mitigation clearing the buffers using "VERW" is in use.
Mitigation: TSX disabled
The mitigation is that TSX has been disabled on the kernel command line during boot.
- Switching off TSX support :
Enable TSX support. (The current SUSE Default)
Disable TSX. Note that this only works on CPUs that support the option "IA32_TSX_CTRL", either when included on the silicon or via CPU Microcode Update.
If the TAA bug is present, TSX will be disabled. If not, TSX will stay enabled.
If TSX is disabled, the secondary mitigation below is not needed.
- Mitigations using VERW and Hyperthreading adjustments
The TAA mitigation is disabled.
The TAA mitigation is enabled. If TSX is enabled, it will use the clear buffer mitigation.(The current SUSE Default)
The TAA mitigation is enabled. If TSX is enabled, it will use the clear buffer mitigation. Additionally Hyperthreading is disabled to avoid potential cross hyperthread leakage.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7024251
- Creation Date: 08-Nov-2019
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com