Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2721
microcode_ctl security, bug fix and enhancement update
11 August 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: microcode_ctl
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Access Confidential Data -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-24512 CVE-2020-24511 CVE-2020-24489
CVE-2020-8698 CVE-2020-8696 CVE-2020-8695
CVE-2020-0549 CVE-2020-0548 CVE-2020-0543
Reference: ESB-2021.2258
ESB-2021.2055
ESB-2021.1565
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:3029
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update
Advisory ID: RHSA-2021:3029-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3029
Issue date: 2021-08-10
CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
CVE-2020-24489 CVE-2020-24511 CVE-2020-24512
=====================================================================
1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux
7.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64
3. Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: Vector Register Data Sampling (CVE-2020-0548)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors
(CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors
(CVE-2020-24512)
* hw: Information disclosure issue in Intel SGX via RAPL interface
(CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
1890356 - CVE-2020-8698 hw: Fast forward store predictor
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
1972332 - [rhel-7.7.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):
Source:
microcode_ctl-2.1-53.18.el7_7.src.rpm
x86_64:
microcode_ctl-2.1-53.18.el7_7.x86_64.rpm
microcode_ctl-debuginfo-2.1-53.18.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
microcode_ctl-2.1-53.18.el7_7.src.rpm
x86_64:
microcode_ctl-2.1-53.18.el7_7.x86_64.rpm
microcode_ctl-debuginfo-2.1-53.18.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0543
https://access.redhat.com/security/cve/CVE-2020-0548
https://access.redhat.com/security/cve/CVE-2020-0549
https://access.redhat.com/security/cve/CVE-2020-8695
https://access.redhat.com/security/cve/CVE-2020-8696
https://access.redhat.com/security/cve/CVE-2020-8698
https://access.redhat.com/security/cve/CVE-2020-24489
https://access.redhat.com/security/cve/CVE-2020-24511
https://access.redhat.com/security/cve/CVE-2020-24512
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYRKB7tzjgjWX9erEAQg+LA/6AnLRmup+rj74Kr8xow3lQUvfHWbg9qYc
0TVccauTw8FsveTGAe9fXxAxB/He/aHbeg5qyLnsyia6QP7URrxZ89a4UTmFoCjp
uw8H0OWI/Czowa60kvhv8cbnkzY7/lnJJ7bZWOmb3Jz9j93Jt1k/hMkltq6RF62J
KmhvLtWbGtyK5UVCIP1MPEceOUWzs+T5iUaIFUgnCLJW9+BPd8BI5t0rH6Uem0Iw
zEZcWmV4ZvWDgv0I7d8+Ld3dk+gYiI/lTQEaiH5IK308P4j5/NCSh6dps8RqO9ct
svkgdb8+hgpkVdefPGNrxTJs5PXN3Rmdrm53FKYqbTFgAyrKbkuKQbmoNFAJ4E85
m6TK6wix7crTOuHl9zMpqbiks8YTZ94IbADWIT7vZq/Cb6D5I7Aa0eQQi4KX90YC
nvXNEJrtAKAqsWhcoOrAESYfv9kGcj00AToJb7EJdb1Z2fCEkEX2sOPxMO0XH6xU
cIOagOnEtHohJXO18O4xf0kyrBjKjh6XEsfo7i1jy2Nwp0TJLIU1NMgmEdVAgq8U
6Mxop5qJ9KvCm2aO1TCKgmv5fcXDy3xoIG294ryt8ATarOWYfwLl0FZ3teQim6/2
5dKYf+kaCkTyYP3sT+yyZV0A1/e5XHskY4bfqqjRw1gUySJgFeAgnQCJp4HkeoGJ
1Mvy3LqdZDk=
=1a7r
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYRNnkuNLKJtyKPYoAQgD+A//Rhxcqbu0vdWlg/ihvOYexCcgT2L8P3TF
2EH2FOL5GELbwqEOJIyMDTHzvSl2x6zRi3U9SY7oABVvfJy+PQQe1l1N11O9ItE8
mjWZxBjokqOuhGCGkHHun+G846i+nyNhctfI795s6y43HivkI1qAvxK/yQnv2xhW
MEl3sDxcjs+MP7OmBO28uPqKb44v79co8LN+ytsYFwMtBAyAUVB9YXhN+JWluge5
XEjTjZCywthXTGzPoA+Q5QzXPoXQVev255ixo6/v8SOzMQ4rkKboBvWNJhozme6F
ad93WGaLIWs01SlvLlneCsKkXierHVyOex+tNPBDUMwZb39qX8Y57kUYP8i1pVL6
Emiz+pXrCFS8wbR566nJOBqHMLBgBH6hj/jnMZxQWrxg1MAfk9F38S73YmQBRtEj
QkxZRV+zVHE290d7kWRRv7IkVaLDrPNHYBF3HG020Tylh4NhHevyOK/woyUzBsjJ
BE7OBIbUkGib8IGjI9MI5mdQuV9TN+KNm5JxqhjjhwSZCFZjiLOLOjePukHrppLs
85a1bseLKu2tyqF/3gdz8wqyywhEKDGgaKj8Zta5uzrfgfTwGIchIgBRpMcsPTfY
tfeCieUWgpJMA+DzRYly87xyh5i5aQ4cpuC9TZOyPSGivm3NekqiWaGYcwbYJeUY
asWZ4R11R0c=
=4zVJ
-----END PGP SIGNATURE-----