[SECURITY] [DLA 2743-1] amd64-microcode security update

2021-08-1607:02:26

lists.debian.org

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Debian LTS Advisory DLA-2743-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
August 16, 2021 https://wiki.debian.org/LTS

Package : amd64-microcode
Version : 3.20181128.1~deb9u1
CVE ID : CVE-2017-5715
Debian Bug : 886382

It was discovered that systems with microprocessors utilizing
speculative execution and indirect branch prediction may allow
unauthorized disclosure of information to an attacker with local
user access via a side-channel analysis (Spectre v2).
Multiple fixes were done already in Linux kernel, intel-microcode,
et al. This fix adds amd-microcode-based IBPB support.

For Debian 9 stretch, this problem has been fixed in version
3.20181128.1~deb9u1.

We recommend that you upgrade your amd64-microcode packages.

For the detailed security status of amd64-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/amd64-microcode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9mips64eli2c-modules-4.9.0-6-5kc-malta-di< 4.9.88-1i2c-modules-4.9.0-6-5kc-malta-di_4.9.88-1_mips64el.deb
Debian9mips64elhfs-modules-4.9.0-6-loongson-3-di< 4.9.88-1hfs-modules-4.9.0-6-loongson-3-di_4.9.88-1_mips64el.deb
Debian9armhfleds-modules-4.9.0-6-armmp-di< 4.9.88-1leds-modules-4.9.0-6-armmp-di_4.9.88-1_armhf.deb
Debian9amd64qemu< 1:2.8+dfsg-6+deb9u4qemu_1:2.8+dfsg-6+deb9u4_amd64.deb
Debian9armelusb-modules-4.9.0-6-marvell-di< 4.9.88-1usb-modules-4.9.0-6-marvell-di_4.9.88-1_armel.deb
Debian9mipselqemu-block-extra-dbgsym< 1:2.8+dfsg-6+deb9u4qemu-block-extra-dbgsym_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian9mips64elnic-shared-modules-4.9.0-6-octeon-di< 4.9.88-1nic-shared-modules-4.9.0-6-octeon-di_4.9.88-1_mips64el.deb
Debian9mipslinux-image-4.9.0-6-octeon-dbg< 4.9.88-1linux-image-4.9.0-6-octeon-dbg_4.9.88-1_mips.deb
Debian7i386jfs-modules-3.2.0-6-686-pae-di< 3.2.101-1jfs-modules-3.2.0-6-686-pae-di_3.2.101-1_i386.deb
Debian8i386nvidia-smi< 340.106-1nvidia-smi_340.106-1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips64el	i2c-modules-4.9.0-6-5kc-malta-di	< 4.9.88-1	i2c-modules-4.9.0-6-5kc-malta-di_4.9.88-1_mips64el.deb
Debian	9	mips64el	hfs-modules-4.9.0-6-loongson-3-di	< 4.9.88-1	hfs-modules-4.9.0-6-loongson-3-di_4.9.88-1_mips64el.deb
Debian	9	armhf	leds-modules-4.9.0-6-armmp-di	< 4.9.88-1	leds-modules-4.9.0-6-armmp-di_4.9.88-1_armhf.deb
Debian	9	amd64	qemu	< 1:2.8+dfsg-6+deb9u4	qemu_1:2.8+dfsg-6+deb9u4_amd64.deb
Debian	9	armel	usb-modules-4.9.0-6-marvell-di	< 4.9.88-1	usb-modules-4.9.0-6-marvell-di_4.9.88-1_armel.deb
Debian	9	mipsel	qemu-block-extra-dbgsym	< 1:2.8+dfsg-6+deb9u4	qemu-block-extra-dbgsym_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian	9	mips64el	nic-shared-modules-4.9.0-6-octeon-di	< 4.9.88-1	nic-shared-modules-4.9.0-6-octeon-di_4.9.88-1_mips64el.deb
Debian	9	mips	linux-image-4.9.0-6-octeon-dbg	< 4.9.88-1	linux-image-4.9.0-6-octeon-dbg_4.9.88-1_mips.deb
Debian	7	i386	jfs-modules-3.2.0-6-686-pae-di	< 3.2.101-1	jfs-modules-3.2.0-6-686-pae-di_3.2.101-1_i386.deb
Debian	8	i386	nvidia-smi	< 340.106-1	nvidia-smi_340.106-1_i386.deb