| Description: | Summary:
The remote host is missing an update for the 'microcode' package(s) announced via the MGASA-2019-0334 advisory.
Vulnerability Insight:
This update provides the Intel 20191112 microcode release that adds the
microcode side fixes and mitigations for at least the following security
issues:
A flaw was found in the implementation of SGX around the access control
of protected memory. A local attacker of a system with SGX enabled and
an affected intel GPU with the ability to execute code is able to infer
the contents of the SGX protected memory (CVE-2019-0117).
TSX Asynchronous Abort condition on some CPUs utilizing speculative
execution may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. (CVE-2019-11135).
Improper conditions check in the voltage modulation interface for some
Intel(R) Xeon(R) Scalable Processors may allow a privileged user to
potentially enable denial of service via local access (CVE-2019-11139).
Improper invalidation for page table updates by a virtual guest operating
system for multiple Intel(R) Processors may allow an authenticated user to
potentially enable denial of service of the host system via local access
(CVE-2018-12207).
TA Indirect Sharing Erratum (Information Leak)
Incomplete fixes for previous MDS mitigations (VERW)
SHUF* instruction implementation flaw (DoS)
EGETKEY Erratum
Conditional Jump Macro-fusion (DoS or Privilege Escalation)
For the software side fixes and mitigations of these issues, the kernel
must be updated to 5.3.13-1.mga7 (mga$?25686) or later.
Affected Software/OS:
'microcode' package(s) on Mageia 7.
Solution:
Please install the updated package(s).
CVSS Score:
4.9
CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
