ArchLinux: 202102-34: intel-ucode: information disclosure
Summary
- CVE-2020-8696 (information disclosure)
Improper removal of sensitive information before storage or transfer in
some Intel(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2020-8698 (information disclosure)
Improper isolation of shared resources in some Intel(R) Processors may
allow an authenticated user to potentially enable information
disclosure via local access.
Resolution
Upgrade to 20210216-1.
# pacman -Syu "intel-ucode>=20210216-1"
The problems have been fixed upstream in version 20210216.
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216 https://security.archlinux.org/CVE-2020-8696 https://security.archlinux.org/CVE-2020-8698
Workaround
None.