Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)

2020-07-2000:00:00

www.tenable.com

6.4 Medium

AI Score

Confidence

High

JSON

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)

Cleanup errors in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
(CVE-2020-0548)

Cleanup errors in some data cache evictions for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1396.
#

include('compat.inc');

if (description)
{
  script_id(138638);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/29");

  script_cve_id("CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549");
  script_xref(name:"ALAS", value:"2020-1396");

  script_name(english:"Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A new domain bypass transient execution attack known as Special
Register Buffer Data Sampling (SRBDS) has been found. This flaw allows
data values from special internal registers to be leaked by an
attacker able to execute code on any core of the CPU. An unprivileged,
local attacker can use this flaw to infer values returned by affected
instructions known to be commonly used during cryptographic operations
that rely on uniqueness, secrecy, or both. Incomplete cleanup from
specific special register read operations in some Intel(R) Processors
may allow an authenticated user to potentially enable information
disclosure via local access. (CVE-2020-0543)

Cleanup errors in some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access.
(CVE-2020-0548)

Cleanup errors in some data cache evictions for some Intel(R)
Processors may allow an authenticated user to potentially enable
information disclosure via local access. (CVE-2020-0549)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1396.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update microcode_ctl' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0549");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microcode_ctl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"microcode_ctl-2.1-47.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"microcode_ctl-debuginfo-2.1-47.39.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl / microcode_ctl-debuginfo");
}

VendorProductVersionCPE
amazonlinuxmicrocode_ctlp-cpe:/a:amazon:linux:microcode_ctl
amazonlinuxmicrocode_ctl-debuginfop-cpe:/a:amazon:linux:microcode_ctl-debuginfo
amazonlinuxcpe:/o:amazon:linux

Vendor	Product	Version	CPE
amazon	linux	microcode_ctl	p-cpe:/a:amazon:linux:microcode_ctl
amazon	linux	microcode_ctl-debuginfo	p-cpe:/a:amazon:linux:microcode_ctl-debuginfo
amazon	linux		cpe:/o:amazon:linux