English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844263
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-4182-3)
Summary:The remote host is missing an update for the 'intel-microcode' package(s) announced via the USN-4182-3 advisory.
Description:Summary:
The remote host is missing an update for the 'intel-microcode' package(s) announced via the USN-4182-3 advisory.

Vulnerability Insight:
USN-4182-1 provided updated Intel Processor Microcode. A regression
was discovered that caused some Skylake processors to hang after
a warm reboot. This update reverts the microcode for that specific
processor family.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly
restrict access to a voltage modulation interface. A local privileged
attacker could use this to cause a denial of service (system crash).
(CVE-2019-11139)

Affected Software/OS:
'intel-microcode' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-11135
Bugtraq: 20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01) (Google Search)
https://seclists.org/bugtraq/2019/Nov/26
Bugtraq: 20191216 [SECURITY] [DSA 4565-2] intel-microcode security update (Google Search)
https://seclists.org/bugtraq/2019/Dec/28
Bugtraq: 20200114 [SECURITY] [DSA 4602-1] xen security update (Google Search)
https://seclists.org/bugtraq/2020/Jan/21
https://kc.mcafee.com/corporate/index?page=content&id=SB10306
https://support.f5.com/csp/article/K02912734?utm_source=f5support&utm_medium=RSS
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us
Debian Security Information: DSA-4602 (Google Search)
https://www.debian.org/security/2020/dsa-4602
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://security.gentoo.org/glsa/202003-56
http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html
http://www.openwall.com/lists/oss-security/2019/12/10/3
http://www.openwall.com/lists/oss-security/2019/12/10/4
http://www.openwall.com/lists/oss-security/2019/12/11/1
RedHat Security Advisories: RHSA-2019:3936
https://access.redhat.com/errata/RHSA-2019:3936
RedHat Security Advisories: RHSA-2020:0026
https://access.redhat.com/errata/RHSA-2020:0026
RedHat Security Advisories: RHSA-2020:0028
https://access.redhat.com/errata/RHSA-2020:0028
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
RedHat Security Advisories: RHSA-2020:0279
https://access.redhat.com/errata/RHSA-2020:0279
RedHat Security Advisories: RHSA-2020:0366
https://access.redhat.com/errata/RHSA-2020:0366
RedHat Security Advisories: RHSA-2020:0555
https://access.redhat.com/errata/RHSA-2020:0555
RedHat Security Advisories: RHSA-2020:0666
https://access.redhat.com/errata/RHSA-2020:0666
RedHat Security Advisories: RHSA-2020:0730
https://access.redhat.com/errata/RHSA-2020:0730
SuSE Security Announcement: openSUSE-SU-2019:2527 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html
SuSE Security Announcement: openSUSE-SU-2019:2528 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html
SuSE Security Announcement: openSUSE-SU-2019:2710 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html
https://usn.ubuntu.com/4186-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-11139
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.