Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0140
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0140)
Summary:	The remote host is missing an update for the 'microcode' package(s) announced via the MGASA-2021-0140 advisory.
Description:	Summary: The remote host is missing an update for the 'microcode' package(s) announced via the MGASA-2021-0140 advisory. Vulnerability Insight: This update adds new microcode updates to mitigate CVE-2020-8696 for Intel Skylake server (50654) and Cascade Lake Server (50656 & 50657) processors. The new microcode update mitigates an issue when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-8698). Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-8696). Affected Software/OS: 'microcode' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8696 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2020-8698
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.