microcode_ctl-1.17-33.32.0.3.AXS4

エラータID: AXSA:2021-1922:07

Release date: 
Friday, June 11, 2021 - 07:37
Subject: 
microcode_ctl-1.17-33.32.0.3.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The microcode_ctl packages provide microcode updates for Intel.

Security Fix(es):

* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors
(CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
* hw: information disclosure on some Intel Atom processors (CVE-2020-24513)

Bug Fix(es) and Enhancement(s):

* Update Intel CPU microcode to microcode-20210525 release
* Do not use "grep -q" in a pipe in check_caveats.

CVE-2020-24489
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-24511
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-24512
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-24513
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24511
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24512
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Additional Info: 

N/A

Download: 

SRPMS
  1. microcode_ctl-1.17-33.32.0.3.AXS4.src.rpm
    MD5: 7b8f9a94846d0e8159b887606877f86e
    SHA-256: 888962e4ee58686b6bacd2cad2f8923eafe37c3ee2561ad433e7146af7bbc264
    Size: 5.22 MB

Asianux Server 4 for x86
  1. microcode_ctl-1.17-33.32.0.3.AXS4.i686.rpm
    MD5: 6edada2f2d3c0139b2e3bbf0fbb120c8
    SHA-256: a17b17443c40c4bc3fc2299223a01593da666e3e9924b810c107aaa20fd5b106
    Size: 5.87 MB

Asianux Server 4 for x86_64
  1. microcode_ctl-1.17-33.32.0.3.AXS4.x86_64.rpm
    MD5: 930faec16a597c9a218c4c33c78430e7
    SHA-256: ecbb75a175bf291e3f4097f684ebc0f41322aaa057b5d8a20e04cf82096254cd
    Size: 5.87 MB