VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 18, 2019· Updated Aug 4, 2024

CVE-2019-11090

CVE-2019-11090

Description

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Timing side-channel in Intel PTT, TXE, and SPS firmware allows unauthenticated network-based information disclosure.

Vulnerability

A cryptographic timing side-channel exists in Intel Platform Trust Technology (PTT) before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, and 14.0.10; Intel Trusted Execution Engine (TXE) versions 3.1.70 and 4.0.20; and Intel Server Platform Services (SPS) before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, and SPS_E3_04.08.04.047.0 [1]. The vulnerability arises from timing variations in cryptographic operations that can be observed over the network.

Exploitation

An unauthenticated attacker with network access to an affected device can perform a timing side-channel attack by observing response times of cryptographic operations [1]. No authentication or prior access is required. The attacker must be able to send network requests and measure response times precisely.

Impact

Successful exploitation may allow an unauthenticated attacker to disclose sensitive information, such as cryptographic keys, by correlating timing measurements [1]. This can compromise the confidentiality of data protected by the affected Intel technologies.

Mitigation

Intel has released firmware updates to address this vulnerability. Affected users should update to the fixed versions: PTT 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, or 14.0.10; TXE 3.1.70 or 4.0.20; SPS versions as specified in the advisory [1]. No workarounds are documented; applying the firmware updates is the recommended mitigation.

References
  1. INTEL-SA-00241

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Intel/Intel(R) PTTdescription
  • Intel/PTTllm-create
    Range: <11.8.70, <11.11.70, <11.22.70, <12.0.45, <13.0.0, <14.0.10
  • Intel/TXEllm-fuzzy
    Range: =3.1.70, =4.0.20
  • Intel/SPSllm-fuzzy
    Range: <SPS_E5_04.01.04.305.0, <SPS_SoC-X_04.00.04.108.0, <SPS_SoC-A_04.00.04.191.0, <SPS_E3_04.01.04.086.0, <SPS_E3_04.08.04.047.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.