ID

VAR-202106-0343

CVE

CVE-2020-24511

TITLE

Debian Security Advisory 4934-1

DESCRIPTION

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An authenticated attacker could exploit this vulnerability to obtain sensitive information. For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1. Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31) If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian)) We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:3255-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3255 Issue date: 2021-08-24 CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 ===================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: Vector Register Data Sampling (CVE-2020-0548) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1788786 - CVE-2020-0548 hw: Vector Register Data Sampling 1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling 1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS) 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 1972334 - [rhel-7.4.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: microcode_ctl-2.1-22.41.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.41.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.41.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: microcode_ctl-2.1-22.41.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.41.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.41.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: microcode_ctl-2.1-22.41.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.41.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.41.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0543 https://access.redhat.com/security/cve/CVE-2020-0548 https://access.redhat.com/security/cve/CVE-2020-0549 https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSe+RdzjgjWX9erEAQiyMw/9F4XVWwalsb/StaUKD+EydiWZ4RutKTz5 6ghQJuMhYvmfJifxyPB1M5Qrh9iVxf1IXaorPasnSSyNaCmqLidmfesFSxEIta23 dkueS8E6rUMa+ADp6R8+AhMyM/6mDcHFVxOKyiEfNlvBCV4CxvV7NPgW0TPFzuSe JBhhGdYhlt3DQ4AQhdJTVifCZdsMCxAHyu3vhLoKHV25CdAucGy7wxg4XPs4gh8A xeAoCcZL9W6orT67HWH9oNL30rWq4YEcrjd6al2lXR0lAABOD6Wj4CPh2dSBRI/k GG6MQSsBhEDccUcItq1eNaGbj74SWOjPT0cqpG/NH/UqkXkwKwb0A7NI4LPbqmNy Sh3/VrZ3UxUV2CEgy1togVgn026pWXI6Wyq0q22o9uK8zPLcvuyzGcZrNz099wyp DEJbb/5wz3pxIZ9blQPXZlTklUhu2HrkxVqm9igvdx+Kci9nIE8Aza/8cJJs+er+ DeVAKHXhboEBJ0lj9VRW+jniPLqgnYV+S6xcxi8Lqo0VWJxXF8eGSGhf8csOsBu8 xoXhSH0wXlrqkqVvLLQ8vyTd5zBte5CJNelhJNjk32FbS1IRLqcmCKB2DqM0N5oC qAgr4gWMUymTH4kBpKaX4lOYfXMY/ebkOyL4nBbnucGJpGBXbxUDOeB61YA4f89e gQQBe10dLhk= =2y+q -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

info disclosure

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-03-26T20:26:32.402000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE