An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1773 Final 1.0 1.0 2022-07-22 Initial 2022-07-22 2022-07-22 openEuler SA Tool V1.0 2022-07-22 microcode_ctl security update An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2020-24489) Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513) Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2021-0146) An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High microcode_ctl https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-24489 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-24513 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0146 https://nvd.nist.gov/vuln/detail/CVE-2020-24489 https://nvd.nist.gov/vuln/detail/CVE-2020-24513 https://nvd.nist.gov/vuln/detail/CVE-2021-0146 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS microcode_ctl-2.1-36.oe1.src.rpm microcode_ctl-2.1-36.oe1.src.rpm microcode_ctl-2.1-36.oe2203.src.rpm microcode_ctl-2.1-36.oe1.x86_64.rpm microcode_ctl-2.1-36.oe1.x86_64.rpm microcode_ctl-2.1-36.oe2203.x86_64.rpm Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-07-22 CVE-2020-24489 openEuler-20.03-LTS-SP1 High 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2022-07-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773 Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2022-07-22 CVE-2020-24513 openEuler-20.03-LTS-SP1 Medium 6.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2022-07-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773 Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2022-07-22 CVE-2021-0146 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H microcode_ctl security update 2022-07-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773