Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Red Hat Enterprise Linux 8.0: RHSA-2020-5186-01 Microcode_ctl Security Fix

Calendar Nov 23, 2020 User Avatar LinuxSecurity Advisories
3 - 6 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security update moderate severity Red Hat Enterprise information disclosure microcode_ctl Intel SGX
An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: microcode_ctl security, bug fix and enhancement update
Advisory ID:       RHSA-2020:5186-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5186
Issue date:        2020-11-23
CVE Names:         CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 
====================================================================
1. Summary:

An update for microcode_ctl is now available for Red Hat Enterprise Linux
8.0
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE
link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - x86_64

3. Description:

The microcode_ctl packages provide microcode updates for Intel.

Security Fix(es):

* hw: Information disclosure issue in Intel SGX via RAPL interface
(CVE-2020-8695)

* hw: Vector Register Leakage-Active (CVE-2020-8696)

* hw: Fast forward store predictor (CVE-2020-8698)

Bug Fix(es) and Enhancement(s):

* Update Intel CPU microcode to microcode-20201027 release, addresses:
  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;
  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;
  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;
  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;
  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;
  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision
    0xe0;
  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up
    to 0x2006a08;
  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
    to 0xde;
  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
    to 0xde;
  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up
    to 0xe0;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up
    to 0xde;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xd6 up to 0xde;
  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up
    to 0xde;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up
    to 0xde;
  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up
    to 0xde;
  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up
    to 0xde;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up
    to 0xde;
  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
    from revision 0x43 up to 0x44;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157
    up to 0x1000159;
  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01
    up to 0x4003003;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x5002f01 up to 0x5003003;
  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up
    to 0x40;
  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up
    to 0x1e;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up
    to 0x18;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78
    up to 0xa0;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca
    up to 0xe0.
* Add README file to the documentation directory.
* Add publicly-sourced codenames list to supply to gen_provides.sh; update
  the latter to handle the somewhat different format.
* Add SUMMARY.intel-ucode file containing metadata information from
  the microcode file headers.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
1890356 - CVE-2020-8698 hw: Fast forward store predictor

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0):

Source:
microcode_ctl-20180807a-2.20201112.1.el8_0.src.rpm

x86_64:
microcode_ctl-20180807a-2.20201112.1.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8695
https://access.redhat.com/security/cve/CVE-2020-8696
https://access.redhat.com/security/cve/CVE-2020-8698
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX7v14tzjgjWX9erEAQindA//dJG8kw6DS8GcsqK5+G7PybierJuuMdTp
55DAwCinqxIyo5Vh6YyjL1/DG/3jCV2M/FzH7S3paY3yvDQA64U56NZsvvsO6wyt
Lzi1bdleHcC4DY220DLhY4BnDEQ2pQmrjdMkHsrFS3OOUH0pQIB4pjOx89ynyRm2
3G61PB+PU+5SeJej7/es+umClJ9Of3msUbr9PQrp7gTWjsfc/wHl7CR+xmJCdMUG
GzxZhNboJS2SBXzk54xXuHAZZiZyuSUFy3rQ4JsD6u4MFg2GgWQmPeY7HILZpYPC
5dfEfHxdRjcbzhWcFkNPjGenuRNX1V7sZ6DgV/3uGEQ3p7qwO44YqSn9kylM28Du
NGAfOdP0vpe00IGdpyDdMkxO0R66nvjnIfg0FEwDrf05tPOi3652IVEjHXkEAMy+
uMWJKO7SMzIh/lHzOkNS1M1NsPJBwz8H+XhJop3ikcxcY/cukma64mi1Nay04ic0
u1ktXlc4k0RqgT/CONusZ63g3WtHtKbTVMooEaFqCo0moS7QONT/HVbGGmUDyHOi
A6c80JYvYTClXcVMlWFJAKpanR+vH4bMiuomv50nSbdIV/LO9rlGkNSxd1wS4z16
N9kBnk66AbcvOCJWwZvit/NUFfKKR7b8YMj7WacN9WFIT0bs5aWyTmdDTsLPxyOL
g0D455a41jI=o7gB
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat Enterprise Linux 8.0: RHSA-2020-5186-01 Microcode_ctl Security Fix

red hat
Calendar Grey November 23, 2020
Dist Redhat Esm H88
A recent microcode_ctl patch addresses vulnerabilities in Red Hat Enterprise Linux 8.0, presenting a medium level of risk. Discover additional details here.
An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20201027 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers.

Topics%20covered

Topics Covered

security advisory security update moderate severity Red Hat Enterprise information disclosure microcode_ctl Intel SGX

References

https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source: microcode_ctl-20180807a-2.20201112.1.el8_0.src.rpm
x86_64: microcode_ctl-20180807a-2.20201112.1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2020:5186-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5186
Issue date: 2020-11-23

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux8.0Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVElink(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update moderate severity Red Hat Enterprise information disclosure microcode_ctl Intel SGX

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - x86_64

Bugs Fixed

1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface

1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active

1890356 - CVE-2020-8698 hw: Fast forward store predictor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here