VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201912-1824 CVE-2019-11132 Intel(R) AMT Vulnerable to cross-site scripting CVSS V2: 6.8
CVSS V3: 8.4
Severity: HIGH
Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A subsystem in Intel AMT has a cross-site scripting vulnerability. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
VAR-201912-1825 CVE-2019-11108 Intel(R) CSME Input validation vulnerability CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in the subsystems of Intel CSME prior to 12.0.45 and prior to 13.0.10 due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges
VAR-201911-0272 CVE-2019-6172 plural Lenovo ThinkPad Vulnerability related to input validation in products CVSS V2: 4.4
CVSS V3: 6.4
Severity: MEDIUM
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. plural Lenovo ThinkPad The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201911-1761 CVE-2019-11113 Intel(R) Graphics Driver Buffer error vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. Intel(R) Graphics Driver Contains a buffer error vulnerability.Information may be obtained. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to obtain sensitive information
VAR-201911-1760 CVE-2019-11112 Intel(R) Graphics Driver Vulnerability in Permission Management CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in the Kernel Mode Driver in Intel Graphics Drivers versions prior to 26.20.100.6813 (DCH) or versions prior to 26.20.100.6812. A local attacker could exploit this vulnerability to elevate privileges
VAR-201911-1759 CVE-2019-11111 Intel(R) Graphics Driver In NULL Pointer dereference vulnerability CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A code issue vulnerability exists in the Unified Shader Compiler in versions prior to Intel Graphics Drivers 10.18.14.5074. A local attacker could exploit this vulnerability to elevate privileges
VAR-201911-1672 CVE-2019-11089 Intel(R) Graphics Driver Input validation vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to cause a denial of service
VAR-201911-1627 CVE-2019-0155 Multiple Intel Product security vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. A security vulnerability exists in the Intel graphics hardware (GPU) due to the program's inadequate access controls. ========================================================================== Ubuntu Security Notice USN-4184-1 November 13, 2019 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oem-osp1: Linux kernel for OEM processors Details: Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1007-oracle 5.0.0-1007.12 linux-image-5.0.0-1021-aws 5.0.0-1021.24 linux-image-5.0.0-1022-kvm 5.0.0-1022.24 linux-image-5.0.0-1022-raspi2 5.0.0-1022.23 linux-image-5.0.0-1025-azure 5.0.0-1025.27 linux-image-5.0.0-1025-gcp 5.0.0-1025.26 linux-image-5.0.0-35-generic 5.0.0-35.38 linux-image-5.0.0-35-generic-lpae 5.0.0-35.38 linux-image-5.0.0-35-lowlatency 5.0.0-35.38 linux-image-aws 5.0.0.1021.23 linux-image-azure 5.0.0.1025.25 linux-image-gcp 5.0.0.1025.50 linux-image-generic 5.0.0.35.37 linux-image-generic-lpae 5.0.0.35.37 linux-image-gke 5.0.0.1025.50 linux-image-kvm 5.0.0.1022.23 linux-image-lowlatency 5.0.0.35.37 linux-image-oracle 5.0.0.1007.33 linux-image-raspi2 5.0.0.1022.20 linux-image-virtual 5.0.0.35.37 Ubuntu 18.04 LTS: linux-image-5.0.0-1025-azure 5.0.0-1025.27~18.04.1 linux-image-5.0.0-1025-gcp 5.0.0-1025.26~18.04.1 linux-image-5.0.0-1025-gke 5.0.0-1025.26~18.04.1 linux-image-5.0.0-1027-oem-osp1 5.0.0-1027.31 linux-image-5.0.0-35-generic 5.0.0-35.38~18.04.1 linux-image-5.0.0-35-generic-lpae 5.0.0-35.38~18.04.1 linux-image-5.0.0-35-lowlatency 5.0.0-35.38~18.04.1 linux-image-azure 5.0.0.1025.36 linux-image-gcp 5.0.0.1025.29 linux-image-generic-hwe-18.04 5.0.0.35.93 linux-image-generic-lpae-hwe-18.04 5.0.0.35.93 linux-image-gke-5.0 5.0.0.1025.14 linux-image-lowlatency-hwe-18.04 5.0.0.35.93 linux-image-oem-osp1 5.0.0.1027.31 linux-image-snapdragon-hwe-18.04 5.0.0.35.93 linux-image-virtual-hwe-18.04 5.0.0.35.93 Please note that mitigating the TSX (CVE-2019-11135) and i915 (CVE-2019-0154) issues requires corresponding microcode and graphics firmware updates respectively. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4184-1 CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-15791, CVE-2019-15792, CVE-2019-15793, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-35.38 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1021.24 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1025.27 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1025.26 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1022.24 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1007.12 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1022.23 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1025.27~18.04.1 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1025.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1025.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-35.38~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1027.31 . 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705) 4. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. The details of these CVEs follows: CVE-2018-12207 On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest can cause a host machine check exception (MCE) capable of bringing down the host OS. CVE-2019-11135 On Intel processors with support for Transactional Synchronization Extensions (TSX), it is possible to exploit a transactional asynchronous abort (TAA) to perform a side-channel attack and leak kernel memory. Further details on the vulnerabilities and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Again, due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. | Series | Version | Flavors | |------------------+-----------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1054.55 | aws | | Ubuntu 16.04 LTS | 4.4.0-1098.102 | aws | | Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure | | Ubuntu 16.04 LTS | 4.15.0-1063.66 | azure | | Ubuntu 18.04 LTS | 4.15.0-69.78 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1063.72 | oem | | Ubuntu 16.04 LTS | 4.4.0-168.197 | generic lowlatency | Support Information: Kernels older than the levels listed above will no longer receive livepatch updates. References: CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . 6) - i386, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. 7.4) - noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:3872-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3872 Issue date: 2019-11-13 CVE Names: CVE-2019-0155 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. 5. Bugs fixed (https://bugzilla.redhat.com/): 1724398 - CVE-2019-0155 hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.4.3.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.3.el7.ppc64.rpm kernel-devel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-headers-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.ppc64.rpm perf-3.10.0-1062.4.3.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.4.3.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-devel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-headers-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.ppc64le.rpm perf-3.10.0-1062.4.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.4.3.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.4.3.el7.s390x.rpm kernel-devel-3.10.0-1062.4.3.el7.s390x.rpm kernel-headers-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.4.3.el7.s390x.rpm perf-3.10.0-1062.4.3.el7.s390x.rpm perf-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm python-perf-3.10.0-1062.4.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcxRUNzjgjWX9erEAQi5Yg//WF/xcoOzOw9jzwdqE1SsG5n/lwSjyQS2 PFTfDJL21oGdbx0x1Z3j/RlNz5JHYQ6WVf3OQYkjet71edQrVRMy2/uJGtmHUIng dyBqZA6JBUkYxm/OqgxV+F5oH/px01dnIdKLus2Qb7p6CPJegTVz0++6U0MIUlPs d0Q08EqmBvSqznpsOA0DeQkt+Lxp29CqzkTv3f+aFdrRBoUYJkMRS3JPG0NBBo14 ZWMv1ifhikR5SRPDGYyeXaIhn/KrOJDMAkYeMhikV5YEnSdyYqePgVuE51GJjvmz 3X6zgvOWe6+XAH4jy+llCEDwpwLRbbDB6wY1llZzECEdT+Dpr0lg3cFDjVrv3y+6 w812DuXMwX/MbSSK1Vn+KHkpm2z/OM8zQw0fdpXTSd1sbuYjmlqnjlHibhiB9Xl3 sxUJ5cr91KdYAMFAV4n7n3KeAME0H+3dj8ukxEfAe4culu1hrO4SDYXmBx+QhijJ Yt/Io/sNU6Qybni7rc/lmwgRpKA/0ajLeDznnuhrCXcM5twfnRudbOYfQ6YZh2+Y WxiVuuNUN5BJAInozVWGv+B9AxX3MBorEGBVyQlX9nVrlymFPFzsNxr9UEbWpQo5 rFBST2oBfHpCrdbOL2/DRdIpd4IXCfpk0C35cOoyfZvYg2JDY2fhGvsOvUZDSqED B2RjnqNVpjA= =BPLV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This update addresses the issue. We apologize for the inconvenience
VAR-201911-0922 CVE-2019-14591 Intel(R) Graphics Driver Input validation vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to cause a denial of service
VAR-201911-0921 CVE-2019-14590 Intel(R) Graphics Driver Vulnerable to information disclosure CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) Graphics Driver Contains an information disclosure vulnerability.Information may be obtained. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to obtain sensitive information
VAR-201911-0920 CVE-2019-14574 Intel(R) Graphics Driver Vulnerable to out-of-bounds reading CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A buffer error vulnerability exists in the subsystem in Intel Graphics Drivers prior to 26.20.100.7209. A local attacker could exploit this vulnerability to cause a denial of service
VAR-201911-1945 No CVE Hikvision Backup Management Server Has Unauthorized Access Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Hikvision is a video-centric IoT solution provider, providing integrated security, smart business and big data services. Hikvision backup management server has an unauthorized access vulnerability, which can be used by an attacker to log in to the system without authorization.
VAR-201911-0638 CVE-2019-18852 plural D-Link Vulnerability in using hard-coded credentials on device CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. plural D-Link The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-600 B1 and so on are all wireless routers from D-Link of Taiwan, China. A vulnerability management management vulnerability exists in several D-Link products. The vulnerability stems from a program with a hard-coded account that an attacker can use to obtain a remote /bin/sh shell and execute commands
VAR-201911-0666 CVE-2019-18881 WSO2 IS as Key Manager Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. WSO2 IS as Key Manager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WSO2 Identity Server (IS) is an identity authentication server of the American WSO2 company. A cross-site scripting vulnerability exists in WSO2 IS version 5.7.0. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
VAR-201911-1946 No CVE Weak password vulnerability in streaming media management server CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
The streaming media server is the core system of the streaming media application and the key platform for operators to provide video services to users. The main function of the streaming media server is to collect, cache, schedule, transmit and play streaming media content. A weak password vulnerability exists in the streaming media management server, and an attacker can use this vulnerability to obtain sensitive information.
VAR-202011-1376 CVE-2020-8755 Intel(R) CSME  and  SPS  Race Vulnerability in CVSS V2: 4.4
CVSS V3: 6.4
Severity: MEDIUM
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) CSME and SPS Is vulnerable to a race condition.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
VAR-202011-1477 CVE-2020-8354 Part of  Lenovo  Vulnerabilities in notebooks CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Part of Lenovo There are unspecified vulnerabilities in notebooks.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
VAR-202011-1386 CVE-2020-8744 plural  Intel(R)  Product initialization vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME , Intel(R) TXE , Intel(R) SPS Contains an initialization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
VAR-202011-1475 CVE-2020-8352 plural  Lenovo Desktop  Vulnerability in the model CVSS V2: 2.1
CVSS V3: 2.4
Severity: LOW
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. plural Lenovo Desktop There are unspecified vulnerabilities in the model.Information may be tampered with
VAR-202011-1361 CVE-2020-8698 Intel(R)  Vulnerabilities in processor products CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) There are unspecified vulnerabilities in processor products.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:5183-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5183 Issue date: 2020-11-23 CVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 ===================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20201112 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: microcode_ctl-2.1-16.37.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: microcode_ctl-2.1-16.37.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: microcode_ctl-2.1-16.37.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX7v1LtzjgjWX9erEAQhhzBAAi0jG7U8W+Dm2A/Nq40aoLyRcGknttkV1 0wwy62OR4KUnqiP0gHB8Sjh6UpAPqhLNExc2+B8RyUB23yUe8/PRB1fUqpmf5150 mzwiORZfu572ao7GLskdc4SUydVSqY9QuTK7mTm+HGmOm2XQpics51xWjyfKM/TN 5lrrd3DXxTrXwsjva2tPJcCp9A1s3XAVjK16Fu+FcKvXsgxruUy41YxJMsY8Mxfj pPRzcXdMvPQYhvyv8y1KY2Mz5WMKdpOK83X6Y9iYL6d0g2UT1d3cw8AOHc6GYNFS MhLDUASoII2A4xWkXCOyaocrg58QFctEHGfnxwTU5ZGq/vfOduUSLE881thD+tqD qgQBaz0cp0tNr+nYXvhtyX9XE4ve/lszq5BxqnNF0xi9hP8T5DwZzXnhtZ+aZML2 3WlT3tqgkDE7hZqyqSG8Vd9ZLzVkjmnw7+tqRjIGvzN9eKQxLXg/fPkKeHGh+HOz y0zCBHlZKrKtz0lQHP48W9t6l0Rkh19hW1fIA46rW4C7erDcW78nBMJ2cTAxbBk1 ITTGOIHpUgn3882xKM/yAHUMK25Xkh2va/e8UpafYEazSM4H9T15N87UyCVneKdD s2N1tYHegx85eoOlt24Bw2RBPFHhFGWOtE0McQ09kyDKFyGJXUMqzPhBUvvJz8mE G3KPuKrDU0U= =Vap7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4628-2 November 12, 2020 intel-microcode regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: USN-4628-1 introduced a regression in the Intel Microcode for some processors. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: intel-microcode 3.20201110.0ubuntu0.20.10.2 Ubuntu 20.04 LTS: intel-microcode 3.20201110.0ubuntu0.20.04.2 Ubuntu 18.04 LTS: intel-microcode 3.20201110.0ubuntu0.18.04.2 Ubuntu 16.04 LTS: intel-microcode 3.20201110.0ubuntu0.16.04.2 Ubuntu 14.04 ESM: intel-microcode 3.20201110.0ubuntu0.14.04.2 After a standard system update you need to reboot your computer to make all the necessary changes