Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 7, 8 MGASA-2021-0256 Moderate: Intel Escalation Threats

mageia
Calendar Grey June 13, 2021
Dist Mageia Esm H88
Intel has released new microcode packages to address urgent security vulnerabilities. Review the escalation process and associated risks to your data.
Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues: Incomplete cleanup in some Intel(R) VT-d products may allow a...

Summary

Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues:
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2020-24489).
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-24511).
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-24513).
For more info about this update, see the refenced links.

References

- https://bugs.mageia.org/show_bug.cgi?id=29095

- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

- https://www.cve.org/CVERecord?id=CVE-2020-24489

- https://www.cve.org/CVERecord?id=CVE-2020-24511

- https://www.cve.org/CVERecord?id=CVE-2020-24513

Topics%20covered

Topics Covered

security advisory information disclosure escalation Mageia microcode process-related issue

Resolution

SRPMS

- 8/nonfree/microcode-0.20210608-1.mga8.nonfree

- 7/nonfree/microcode-0.20210608-1.mga7.nonfree

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0256.html
Type: security
CVE: CVE-2020-24489, CVE-2020-24511, CVE-2020-24513

Topics%20covered

Topics Covered

security advisory information disclosure escalation Mageia microcode process-related issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here