Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Moderate Security Issues in Microcode_ctl for Red Hat Enterprise Linux 8.0

red hat
Calendar Grey June 29, 2020
Dist Redhat Esm H88
Significant update from Red Hat regarding microcode_ctl addresses various security vulnerabilities and improves functionality. Discover further details here!
An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: Vector Register Data Sampling (CVE-2020-0548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fixes:
* Update Intel CPU microcode to microcode-20200609 release: - Addition of 06-4d-08/0x01 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CLX-SP B0) microcode at revision 0x4002f01; - Addition of 06-7a-08/0x01 (GLK R0) microcode at revision 0x16; - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode (in intel-06-2d-07/intel-ucode/06-2d-07) from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd4 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000150 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000064 up to 0x2006906; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002b up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd4 up to 0xdc; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x2e up to 0x32; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xae up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xc6 up to 0xd6. - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. * Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision 0xdc, use 0xd6 by default. * Enable 06-2d-07 (SNB-E/EN/EP) caveat by default. * Add 06-55-04 (SKL-X/W) caveat, enable it by default. * Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. * Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script. * Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. * Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. * Avoid temporary file creation, used for here-documents in check_caveats.

References

https://access.redhat.com/security/cve/CVE-2020-0543 https://access.redhat.com/security/cve/CVE-2020-0548 https://access.redhat.com/security/cve/CVE-2020-0549 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/solutions/5142691 https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling

Package List

Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source: microcode_ctl-20180807a-2.20200609.1.el8_0.src.rpm
x86_64: microcode_ctl-20180807a-2.20200609.1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2020:2757-01
Product: Red Hat Enterprise Linux
Issue date: 2020-06-29

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux8.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - x86_64

Bugs Fixed

1788786 - CVE-2020-0548 hw: Vector Register Data Sampling

1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling

1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)

1848438 - [rhel-8.0.0] skylake (06-4e-03) microcode update hangs

1848501 - [rhel-8.0.0] Package microcode-20200609 release

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here