Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Red Hat: RHSA-2020-5183-01 Moderate: Microcode_Ctl Security Fix

red hat
Calendar Grey November 23, 2020
Dist Redhat Esm H88
The advisory from Red Hat outlines essential security patches for the microcode_ctl component, featuring various bug corrections and improvements.
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20201112 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0.
* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.
* Add README file to the documentation directory.
* Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.
* Add SUMMARY.intel-ucode file

References

https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Server AUS (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2020:5183-01
Product: Red Hat Enterprise Linux
Issue date: 2020-11-23

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux7.3 Advanced Update Support.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64

Red Hat Enterprise Linux Server E4S (v. 7.3) - x86_64

Red Hat Enterprise Linux Server TUS (v. 7.3) - x86_64

Bugs Fixed

1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface

1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active

1890356 - CVE-2020-8698 hw: Fast forward store predictor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.