Basic search

K
debianDebianDEBIAN:DSA-4447-1:76E6B
HistoryMay 15, 2019 - 9:23 a.m.

[SECURITY] [DSA 4447-1] intel-microcode security update

2019-05-1509:23:15
lists.debian.org
95

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

23.9%


Debian Security Advisory DSA-4447-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2019 https://www.debian.org/security/faq


Package : intel-microcode
CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091

This update ships updated CPU microcode for most types of Intel CPUs. It
provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware
vulnerabilities.

To fully resolve these vulnerabilities it is also necessary to update
the Linux kernel packages as released in DSA 4444.

For the stable distribution (stretch), these problems have been fixed in
version 3.20190514.1~deb9u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

23.9%

Related for DEBIAN:DSA-4447-1:76E6B