Skip to main content
  1. Blog
  2. Article

Alex Murray
on 12 November 2019

Ubuntu updates to mitigate latest Intel hardware vulnerabilities

Intel Security

Today, Intel announced a group of new vulnerabilities affecting various Intel CPUs and associated GPUs, known as TSX Asynchronous Abort (CVE-2019-11135), Intel® Processor Machine Check Error (CVE-2018-12207), and two Intel i915 graphics hardware  vulnerabilities (CVE-2019-0155, CVE-2019-0154).

TSX Asynchronous Abort (TAA) is related to the previously announced MDS vulnerabilities but only affects Intel processors that support Intel® Transactional Synchronization Extensions (TSX). Due to the similarity between this issue and MDS, the mitigations for MDS are sufficient to also mitigate TAA. As such, processors which were previously affected by MDS and which have the MDS microarchitectural buffer clearing mitigations employed are not affected by TAA. For newer processors which were not affected by MDS, but which support Intel® TSX, TAA is mitigated in Ubuntu by a combination of an updated Linux kernel and Intel microcode packages which disable Intel® TSX. Where TSX is required, this can be re-enabled via a kernel command-line option (tsx=on) and in this case, the kernel will automatically employ microarchitectural buffer clearing mechanisms as used for MDS to mitigate TAA.

Intel® Processor Machine Check Error (MCEPSC, also called iTLB multihit) is a vulnerability specific to virtualisation, where a virtual machine can cause a denial of service (system hang) to the host processor when hugepages are employed. This is mitigated in Ubuntu with an updated Linux kernel.

The first of the two Intel i915 graphics processor vulnerabilities (CVE-2019-0155) allow an unprivileged user to elevate their privileges on the system and expose sensitive information from the kernel. The second vulnerability (CVE-2019-0154) allows an unprivileged user to cause a denial of service (system hang) by reading from particular memory regions when in certain low power states.  Mitigations for these two issues in Ubuntu are provided through a combination of firmware and kernel driver updates for these GPUs.

For further details, including the specific package versions which mitigate these vulnerabilities for each Ubuntu release, please consult this article within the Ubuntu Security Knowledge Base.

Related posts

ijlal-loutfi
6 March 2026

Sovereign clouds: enhanced data security with confidential computing 

Confidential computing Article

Increasingly, enterprises are interested in improving their level of control over their data, achieving digital sovereignty, and even building their own sovereign cloud. However, this means moving beyond thinking about just where your data is stored to thinking about the entire data lifecycle.  In this blog, we cover the differences betwe ...

Benjamin Ryzman
24 February 2026

Building quantum-safe telecom infrastructure for 5G and beyond

private mobile network Article

coRAN Labs and Canonical at MWC Barcelona 2026 At MWC Barcelona 2026, coRAN Labs and Canonical are presenting a working demonstration of a cloud-native, quantum-safe telecom platform for 5G and beyond 5G networks. This is not a conceptual exercise. It is a full 5G System (5GS) deployment with post-quantum cryptography embedded across the ...

Lidia Luna Puerta
14 January 2026

How to build DORA-ready infrastructure with verifiable provenance and reliable support

Ubuntu Article

DORA requires organizations to know what they run, where it came from, and how it’s maintained. Learn how to build infrastructure with verifiable provenance. ...