Linux Security
    Linux Security
    Linux Security

    Ubuntu 4385-2: Intel Microcode regression

    Date
    132
    Posted By
    USN-4385-1 introduced a regression in the Intel Microcode for some processors.
    ==========================================================================
    Ubuntu Security Notice USN-4385-2
    June 10, 2020
    
    intel-microcode regression
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 20.04 LTS
    - Ubuntu 19.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 ESM
    
    Summary:
    
    USN-4385-1 introduced a regression in the Intel Microcode for some processors.
    
    Software Description:
    - intel-microcode: Processor microcode for Intel CPUs
    
    Details:
    
    USN-4385-1 provided updated Intel Processor Microcode. Unfortunately,
    that update prevented certain processors in the Intel Skylake family
    (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04
    LTS, late loading of microcode was enabled, which could lead to
    system instability. This update reverts the microcode update for
    the Skylake processor family and disables the late loading option on
    Ubuntu 20.04 LTS.
    
    Please note that the 'dis_ucode_ldr' kernel command line option can be
    added in the boot menu to disable microcode loading for system recovery.
    
    We apologize for the inconvenience.
    
    Original advisory details:
    
     It was discovered that memory contents previously stored in
     microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY
     read operations on Intel client and Xeon E3 processors may be briefly
     exposed to processes on the same or different processor cores. A local
     attacker could use this to expose sensitive information. (CVE-2020-0543)
    
     It was discovered that on some Intel processors, partial data values
     previously read from a vector register on a physical core may be propagated
     into unused portions of the store buffer. A local attacker could possible
     use this to expose sensitive information. (CVE-2020-0548)
    
     It was discovered that on some Intel processors, data from the most
     recently evicted modified L1 data cache (L1D) line may be propagated into
     an unused (invalid) L1D fill buffer. A local attacker could possibly use
     this to expose sensitive information. (CVE-2020-0549)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 20.04 LTS:
      intel-microcode                 3.20200609.0ubuntu0.20.04.2
    
    Ubuntu 19.10:
      intel-microcode                 3.20200609.0ubuntu0.19.10.2
    
    Ubuntu 18.04 LTS:
      intel-microcode                 3.20200609.0ubuntu0.18.04.1
    
    Ubuntu 16.04 LTS:
      intel-microcode                 3.20200609.0ubuntu0.16.04.1
    
    Ubuntu 14.04 ESM:
      intel-microcode                 3.20200609.0ubuntu0.14.04.1
    
    After a standard system update you need to reboot your computer to
    make all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4385-2
      https://usn.ubuntu.com/4385-1
      https://launchpad.net/bugs/1882890, https://launchpad.net/bugs/1883002
    
    Package Information:
      https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.20.04.2
      https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.19.10.2
      https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.18.04.1
      https://launchpad.net/ubuntu/+source/intel-microcode/3.20200609.0ubuntu0.16.04.1
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.