Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04-18.04 LTS: USN-4385-1 Critical Intel Microcode Flaws

ubuntu
Calendar Grey June 9, 2020
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in Intel Microcode.

Summary

Several security issues were fixed in Intel Microcode.

Software Description:

- intel-microcode: Processor microcode for Intel CPUs

Details:

It was discovered that memory contents previously stored in

microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY

read operations on Intel client and Xeon E3 processors may be briefly

exposed to processes on the same or different processor cores. A local

attacker could use this to expose sensitive information. (CVE-2020-0543)

It was discovered that on some Intel processors, partial data values

previously read from a vector register on a physical core may be propagated

into unused portions of the store buffer. A local attacker could possible

use this to expose sensitive information. (CVE-2020-0548)

It was discovered that on some Intel processors, data from the most

recently evicted modified L1 data cache (L1D) line may be propagated into

an unused (invalid) L1D fill buffer. A local attacker could possibly use

this to ex...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  intel-microcode                 3.20200609.0ubuntu0.20.04.0

Ubuntu 19.10:
  intel-microcode                 3.20200609.0ubuntu0.19.10.0

Ubuntu 18.04 LTS:
  intel-microcode                 3.20200609.0ubuntu0.18.04.0

Ubuntu 16.04 LTS:
  intel-microcode                 3.20200609.0ubuntu0.16.04.0

Ubuntu 14.04 ESM:
  intel-microcode                 3.20200609.0ubuntu0.14.04.0

After a standard system update you need to reboot your computer to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4385-1

CVE-2020-0543, CVE-2020-0548, CVE-2020-0549,

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

Severity
critical
Lowest
Low
Medium
High
Critical

June 09, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here