| Summary: | Update request: microcode-0.20210608-1.mga8/7.nonfree (fixes CVE-2020-24489 and CVE-2020-2451[1-3]) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | fri, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO, MGA8-64-OK, MGA7-64-OK | ||
| Source RPM: | microcode | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2021-06-08 21:18:06 CEST
Thomas Backlund
2021-06-08 21:18:15 CEST
Whiteboard:
(none) =>
MGA7TOO Mageia 8 Updated fine on 10-Core Intel Core i9-7900X [MT MCP] $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2006b06, date = 2021-03-08 [ 0.791922] microcode: sig=0x50654, pf=0x4, revision=0x2006b06 [ 0.791995] microcode: Microcode Update Driver: v2.2. [ 4.694916] em28xx 1-3:1.0: microcode start address = 0x0004, boot configuration = 0x01 The system rebooted and running fine. CC:
(none) =>
tarazed25 Mageia 7 5.10.41-desktop-1.mga7 Rebooted fine. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12 [ 0.582231] microcode: sig=0x306c3, pf=0x2, revision=0x28 [ 0.582364] microcode: Microcode Update Driver: v2.2. $ rpm -q microcode microcode-0.20210608-1.mga7.nonfree System running fine. Intel Core i7-4790 mga8 - 64, Intel i7-3770, Kernel 5.12.8-desktop-1.mga8 without problems in operation and nothing i find suspect in journal incl BOINC and VirtualBox, nvidia-current Most packages are updated to testing CC:
(none) =>
fri
Advisory, added to svn:
type: security
subject: Updated microcode packages fix security vulnerabilities
CVE:
- CVE-2020-24489
- CVE-2020-24511
- CVE-2020-24513
src:
8:
nonfree:
- microcode-0.20210608-1.mga8.nonfree
7:
nonfree:
- microcode-0.20210608-1.mga7.nonfree
description: |
Updated microcodes for Intel processors, fixing various functional
issues, and atleast the following security issues:
Incomplete cleanup in some Intel(R) VT-d products may allow an
authenticated user to potentially enable escalation of privilege
via local access (CVE-2020-24489).
Improper isolation of shared resources in some Intel(R) Processors may
allow an authenticated user to potentially enable information disclosure
via local access (CVE-2020-24511).
Domain-bypass transient execution vulnerability in some Intel Atom(R)
Processors may allow an authenticated user to potentially enable information
disclosure via local access (CVE-2020-24513).
For more info about this updatae, see the refenced links.
references:
- https://bugs.mageia.org/show_bug.cgi?id=29095
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.htmlKeywords:
(none) =>
advisory Works here too, and in Cauldron, so flushing out Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0256.html Resolution:
(none) =>
FIXED RedHat has issued advisories for this today (August 9): https://access.redhat.com/errata/RHSA-2021:3027 https://access.redhat.com/errata/RHSA-2021:3028 I'm assuming we also fixed CVE-2020-24512 in this update. Summary:
Update request: microcode-0.20210608-1.mga8/7.nonfree =>
Update request: microcode-0.20210608-1.mga8/7.nonfree (fixes CVE-2020-24489 and CVE-2020-2451[1-3]) |