Lucene search
Redhat.comRH:CVE-2019-11090HistoryJan 08, 2020 - 11:38 p.m.
CVE-2019-11090
2020-01-0823:38:58
redhat.com
access.redhat.com
8
0.002 Low
EPSS
Percentile
53.8%
Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module (TPM) firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowing an attacker to recover parts of the private key.
Mitigation
To remediate this vulnerability, install relevant firmware updates from your hardware vendor and follow their advice to regenerate keys that may be vulnerable or compromised. STMicroelectronics, Intel and OEMs have published firmware updates and advice at the links provided in the External References section.
Related
cve
cve
CVE-2019-11090
2019-12-18 22:15:12
nvd
nvd
CVE-2019-11090
2019-12-18 22:15:12
cvelist
cvelist
CVE-2019-11090
2019-12-18 21:08:39
prion
prion
Information disclosure
2019-12-18 22:15:00
f5
f5
thn
thn
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices
2019-11-13 09:29:00
nessus
nessus
Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026)
2020-07-28 00:00:00
hp
hp
HPSBHF03637 rev. 3 - Intel 2019.2 IPU CSME SPS TXE AMT Security Updates
2019-11-09 00:00:00
lenovo
lenovo
intel
intel