Lucene search

K
mageiaGentoo FoundationMGASA-2019-0334
HistoryNov 20, 2019 - 12:16 a.m.

Updated microcode packages fix security vulnerabilities

2019-11-2000:16:53
Gentoo Foundation
advisories.mageia.org
20

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

23.7%

This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory (CVE-2019-0117). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135). Improper conditions check in the voltage modulation interface for some Intel® Xeon® Scalable Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2019-11139). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel® Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207). TA Indirect Sharing Erratum (Information Leak) Incomplete fixes for previous MDS mitigations (VERW) SHUF* instruction implementation flaw (DoS) EGETKEY Erratum Conditional Jump Macro-fusion (DoS or Privilege Escalation) For the software side fixes and mitigations of theese issues, the kernel must be updated to 5.3.13-1.mga7 (mga¤25686) or later.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchmicrocode< 0.20191112-1microcode-0.20191112-1.mga7.nonfree

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

23.7%