microcode_ctl-20210216-1.20210525.1.el8

エラータID: AXSA:2021-2200:09

Release date: 
Monday, July 12, 2021 - 07:41
Subject: 
microcode_ctl-20210216-1.20210525.1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The microcode_ctl packages provide microcode updates for Intel.

Security Fix(es):

* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
* hw: information disclosure on some Intel Atom processors (CVE-2020-24513)

Bug Fix(es) and Enhancement(s):

* Update Intel CPU microcode to microcode-20210525 release

CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24511
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24512
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Solution: 

Update packages.

CVEs: 
CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24511
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24512
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Additional Info: 

N/A

Download: 

SRPMS
  1. microcode_ctl-20210216-1.20210525.1.el8.src.rpm
    MD5: 81a6f8b46075250349eb615f27fe960c
    SHA-256: b863d2b09fd87be2d7dadade637ea8e90c387ea65311ad71528a01201733ed6b
    Size: 10.11 MB

Asianux Server 8 for x86_64
  1. microcode_ctl-20210216-1.20210525.1.el8.x86_64.rpm
    MD5: dcf97cfdc9e1b56a44f746dfe5d4e2e4
    SHA-256: b2acb2b5fddb2528d4d921a544285b7740e86b0b31f8d8b0c37ca1ae406d27b4
    Size: 5.51 MB