Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 14.04 ESM: USN-4182-2 Critical: Intel Microcode Update

ubuntu
Calendar Grey November 12, 2019
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in Intel Microcode.

Summary

Several security issues were fixed in Intel Microcode.

Software Description:

- intel-microcode: Processor microcode for Intel CPUs

Details:

USN-4182-2 provided updates for Intel Microcode. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,

Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz

Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel

processors using Transactional Synchronization Extensions (TSX) could

expose memory contents previously stored in microarchitectural buffers to a

malicious process that is executing on the same CPU core. A local attacker

could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly

restrict access to a voltage modulation interface. A local privileged

attacker could use this to cause a denial of service (system cras...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  intel-microcode                 3.20191112-0ubuntu0.14.04.2

After a standard system update you need to reboot your computer.
Please note that in order to fully mitigate CVE-2019-11139, a warm
reboot is required *after* applying the microcode update; so in effect
a second reboot.

References

https://ubuntu.com/security/notices/USN-4182-2

https://ubuntu.com/security/notices/USN-4182-1

CVE-2019-11135, CVE-2019-11139,

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915

Severity
critical
Lowest
Low
Medium
High
Critical

November 12, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here