SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2021:1933-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.4.2021.1933.1

Kategorie: SuSE Local Security Checks

Titel: SUSE: Security Advisory (SUSE-SU-2021:1933-1)

Zusammenfassung: The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2021:1933-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2021:1933-1 advisory.

Vulnerability Insight:
This update for ucode-intel fixes the following issues:

Updated to Intel CPU Microcode 20210608 release.

CVE-2020-24513: A domain bypass transient execution vulnerability was
discovered on some Intel Atom processors that use a micro-architectural
incident channel. (INTEL-SA-00465 bsc#1179833) See also:
[link moved to references]
0465.html

CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient
execution side channel vulnerabilities may not fully prevent non-root
(guest) branches from controlling the branch predictions of the root
(host) (INTEL-SA-00464 bsc#1179836)

See also [link moved to references] 0464.html)

CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero
value cache-lines may lead to changes in cache-allocation or write-back
behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)

See also [link moved to references] 0464.html)

- CVE-2020-24489: Fixed Intel VT-d device pass through potential local
privilege escalation (INTEL-SA-00442 bsc#1179839)

See also [link moved to references] 0442.html

Other fixes:

Update for functional issues. Refer to [Third Generation Intel Xeon
Processor Scalable Family Specification
Update]([link moved to references])for details.

Update for functional issues. Refer to [Second Generation Intel Xeon
Processor Scalable Family Specification
Update]([link moved to references]) for details.

Update for functional issues. Refer to [Intel Xeon Processor Scalable
Family Specification
Update]([link moved to references]) for details.

Update for functional issues. Refer to [Intel Xeon Processor D-1500,
D-1500 NS and D-1600 NS Spec Update]([link moved to references]
on/xeon-d-1500-specification-update.html) for details.

Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800
v3 Processor Specification Update]([link moved to references]
spec-update.html) for details.

Update for functional issues. Refer to [Intel Xeon Processor E5 v3
Product Family Specification Update]([link moved to references]
spec-update.html?wapkw=processor+spec+update+e5) for details.

Update for functional issues. Refer to [10th Gen Intel Core Processor
Families Specification Update]([link moved to references]
re/10th-gen-core-families-specification-update.html) for details.

Update for functional issues. Refer to [8th and 9th Gen Intel Core
Processor Family Spec Update]([link moved to references]
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ucode-intel' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE MicroOS 5.0.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-24489
Common Vulnerability Exposure (CVE) ID: CVE-2020-24511
Common Vulnerability Exposure (CVE) ID: CVE-2020-24512
Common Vulnerability Exposure (CVE) ID: CVE-2020-24513

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.4.2021.1933.1
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory (SUSE-SU-2021:1933-1)
Zusammenfassung:	The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2021:1933-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2021:1933-1 advisory. Vulnerability Insight: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: [link moved to references] 0465.html CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also [link moved to references] 0464.html) CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also [link moved to references] 0464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also [link moved to references] 0442.html Other fixes: Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update]([link moved to references])for details. Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update]([link moved to references]) for details. Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update]([link moved to references]) for details. Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update]([link moved to references] on/xeon-d-1500-specification-update.html) for details. Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update]([link moved to references] spec-update.html) for details. Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update]([link moved to references] spec-update.html?wapkw=processor+spec+update+e5) for details. Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update]([link moved to references] re/10th-gen-core-families-specification-update.html) for details. Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update]([link moved to references] ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ucode-intel' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE MicroOS 5.0. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-24489 Common Vulnerability Exposure (CVE) ID: CVE-2020-24511 Common Vulnerability Exposure (CVE) ID: CVE-2020-24512 Common Vulnerability Exposure (CVE) ID: CVE-2020-24513
Copyright	Copyright (C) 2021 Greenbone Networks GmbH