ID

VAR-202006-0241

CVE

CVE-2020-0543

TITLE

Debian Security Advisory 4701-1

DESCRIPTION

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel 06_3DH and Intel 06_9EH are both a central processing unit (CPU) product of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products. The following products and versions are affected: Intel Celeron 1000M; Celeron 1005M; Celeron 1007U; Celeron 1019Y; Celeron 1020m, etc. It exists that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. (CVE-2020-12654). The microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release. The upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot. For the stable distribution (buster), these problems have been fixed in version 3.20200609.2~deb10u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7iSvVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RH6g/9FYOaN5XyFFC8jVEmfdIl0pa8SqEH2+V1s27pAEOMhGAXuLrUms9wDq0J IoM54q/dz3rH3GiSi5nNqQDxLGx40DNSM5CCdCZIC22YvALS3aYsqpSSlDiyQZSb Im7isH8ntWIc3bedPWzfhui4VA19p8gnbFUetts3fp+uPeimd/QfPnJDN8wHUAL1 V2JzHMYD8v9axenbOxuWSArSnbubEtwpmHfhMzIMkE5150qhyofpzPBsKGoASa7q kPrwbUKBC11dGi+sV49rpXTf/ml7KDUDIrsA75sLC9WhckBcMdAkkVPLJyytAZ6A SqaOVJv+j0wVmhTtIqPxjvYCvX0y8i6NyQi+aliqzq7uEiQtaPQV8sWgDhyhTWga kxxiNuLfcuiEKkKToHdrkLLI1JiisqQTcwyRHg6k3X8+sNmKe6vFu3KzVbLo8+MH c3zEDQHP7XHm/euneb5ZFdg7+Rli03KWFm8/LNJQhrDcsFU/Si5268OwnzpGydwc eaIwuHtc8R64q+m5Aujo7X7kKk67zN7XhmX0nbr9Egni7dhG3iVrMtF27BTPMcML Gzz1pjktlYiySJYON64N/ooZchwAoAEhM9F1yPREXNf6PfRQG3lNjX3UeC4Ci0Ay /NuaKQSSlwd3XOy/dajSEfceu8uI/RZQ3RccTZRtWT58qcnwAnE= =cQzh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:2757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2757 Issue date: 2020-06-29 CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - x86_64 3. Description: Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * Update Intel CPU microcode to microcode-20200609 release: - Addition of 06-4d-08/0x01 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CLX-SP B0) microcode at revision 0x4002f01; - Addition of 06-7a-08/0x01 (GLK R0) microcode at revision 0x16; - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode (in intel-06-2d-07/intel-ucode/06-2d-07) from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd4 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000150 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000064 up to 0x2006906; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002b up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd4 up to 0xdc; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x2e up to 0x32; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xc6 up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xc6 up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xae up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xc6 up to 0xd6. - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. * Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision 0xdc, use 0xd6 by default. * Enable 06-2d-07 (SNB-E/EN/EP) caveat by default. * Add 06-55-04 (SKL-X/W) caveat, enable it by default. * Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. * Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script. * Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. * Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. * Avoid temporary file creation, used for here-documents in check_caveats. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1788786 - CVE-2020-0548 hw: Vector Register Data Sampling 1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling 1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS) 1848438 - [rhel-8.0.0] skylake (06-4e-03) microcode update hangs 1848501 - [rhel-8.0.0] Package microcode-20200609 release 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: microcode_ctl-20180807a-2.20200609.1.el8_0.src.rpm x86_64: microcode_ctl-20180807a-2.20200609.1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvmchtzjgjWX9erEAQhpSg/+ID0RjbWf8T2Y73wrULmADARhxV4taH3B AS27Psqo6eBLEDyCFWFdARN+yWJT551sN4LHHqc4ixa0fCVtAbk7ZeugNOqtHIgx nhwmr/T9/TQi+AjvNhcQWnExOnDLPb+xyqQtQl4+nDHMljnxPuxzeu7yKigXgRX1 szUP0PdzC8uzJvZZ+IplGBPcgiEUdnTFMBbbdttaDzzdCeBy5J+myzQ6wdBJBTgM 03nWspMPWObgFwm1QBoBphTkL21X+vUSTy116TwAgCp1laZ0cd3giG/dEKzzGFKQ ZOvcmnDKRN5WNNJBlb4CnJBkU4MRV6WC4iEU+ur4EIsMnJmTcjTj/oH6bltjVbur eD05wgeejS7gUBdIMNpr158QkMTgORyfOk3EesNlDdG4gpKoUG+Ckfs0KhcjFM+z LHlk8PAM0GjcUKDYlZ+07mOi8e0yHFAG9KQOOwBWDNTXJ7U++UcxvrGFAbNatnnJ OfTm6C3dUbsTzeebyTvM1kHqcYexD9CYLMI2A0nsifDzLjqwqj3xYqMDqKFTcsx/ 3SLUhXC6isrmNJeWvxUU4/VFUPhddAfE3Q1zJBzM4oDCcGdVvq+7KEFzxj1rVydX xU5XRD4M8YWFmhMJxH+dH5mgsErdGT80Rw5fgv21oPbNpsqrsvZUHg83Nd+IqjEu D/8HdxJn3Pw\xd815 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: The microcode_ctl packages provide microcode updates for Intel. ========================================================================== Ubuntu Security Notice USN-5617-1 September 19, 2022 xen vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Xen. Software Description: - xen: Public headers and libs for Xen Details: It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges. (CVE-2020-11739) Ilja Van Sprundel discovered that Xen incorrectly handled profiling of guests. An unprivileged attacker could use this issue to obtain sensitive information from other guests, cause a denial of service or possibly gain privileges. (CVE-2020-11740, CVE-2020-11741) It was discovered that Xen incorrectly handled grant tables. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2020-11742, CVE-2020-11743) Jan Beulich discovered that Xen incorrectly handled certain code paths. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-15563) Julien Grall discovered that Xen incorrectly verified memory addresses provided by the guest on ARM-based systems. A malicious guest administrator could possibly use this issue to cause a denial of service. (CVE-2020-15564) Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel systems. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-15565) It was discovered that Xen incorrectly handled error in event-channel port allocation. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2020-15566) Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended Page Tables). An attacker could possibly use this issue to cause a denial of service, data corruption or privilege escalation. (CVE-2020-15567) Andrew Cooper discovered that Xen incorrectly handled PCI passthrough. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25595) Andrew Cooper discovered that Xen incorrectly sanitized path injections. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25596) Jan Beulich discovered that Xen incorrectly handled validation of event channels. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25597) Julien Grall and Jan Beulich discovered that Xen incorrectly handled resetting event channels. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2020-25599) Julien Grall discovered that Xen incorrectly handled event channels memory allocation on 32-bits domains. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25600) Jan Beulich discovered that Xen incorrectly handled resetting or cleaning up event channels. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25601) Andrew Cooper discovered that Xen incorrectly handled certain Intel specific MSR (Model Specific Registers). An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25602) Julien Grall discovered that Xen incorrectly handled accessing/allocating event channels. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information of privilege escalation. (CVE-2020-25603) Igor Druzhinin discovered that Xen incorrectly handled locks. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-25604) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5617-1 CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741, CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604 Package Information: https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3 . Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. (CVE-2020-12464) It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. (CVE-2020-12769) It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. (CVE-2020-12826) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. The kernel update for this issue provides the ability to disable the mitigation and to report vulnerability status. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Summary: Updated microcode_ctl packages that fix several security bugs and add various enhancements are now available. * Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer

AFFECTED PRODUCTS