An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1773
Final
1.0
1.0
2022-07-22
Initial
2022-07-22
2022-07-22
openEuler SA Tool V1.0
2022-07-22
microcode_ctl security update
An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
This is a tool to transform and deploy microcode update for x86 CPUs.
Security Fix(es):
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2020-24489)
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513)
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2021-0146)
An update for microcode_ctl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
microcode_ctl
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-24489
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-24513
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0146
https://nvd.nist.gov/vuln/detail/CVE-2020-24489
https://nvd.nist.gov/vuln/detail/CVE-2020-24513
https://nvd.nist.gov/vuln/detail/CVE-2021-0146
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
microcode_ctl-2.1-36.oe1.src.rpm
microcode_ctl-2.1-36.oe1.src.rpm
microcode_ctl-2.1-36.oe2203.src.rpm
microcode_ctl-2.1-36.oe1.x86_64.rpm
microcode_ctl-2.1-36.oe1.x86_64.rpm
microcode_ctl-2.1-36.oe2203.x86_64.rpm
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
2022-07-22
CVE-2020-24489
openEuler-20.03-LTS-SP1
High
8.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
microcode_ctl security update
2022-07-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
2022-07-22
CVE-2020-24513
openEuler-20.03-LTS-SP1
Medium
6.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
microcode_ctl security update
2022-07-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
2022-07-22
CVE-2021-0146
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
microcode_ctl security update
2022-07-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1773