Advisories » MGASA-2019-0413

Updated microcode packages fix security vulnerabilities

Publication date: 25 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-0117 , CVE-2019-11135 , CVE-2019-11139 , CVE-2018-12207


NOTE! This is a refresh of the 20191112 security update we released
as MGASA-2019-0334.
This update provides the Intel 20191115 microcode release that adds
more microcode side fixes and mitigations for the Core Gen 6 to Core
gen 10, some Xeon E series, adressing at least the following security

A flaw was found in the implementation of SGX around the access control
of protected memory.  A local attacker of a system with SGX enabled and
an affected intel GPU with the ability to execute code is able to infer
the contents of the SGX protected memory (CVE-2019-0117).

TSX Asynchronous Abort condition on some CPUs utilizing speculative
execution may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. (CVE-2019-11135).

Improper conditions check in the voltage modulation interface for some
Intel(R) Xeon(R) Scalable Processors may allow a privileged user to
potentially enable denial of service via local access (CVE-2019-11139).

Improper invalidation for page table updates by a virtual guest operating
system for multiple Intel(R) Processors may allow an authenticated user to
potentially enable denial of service of the host system via local access

TA Indirect Sharing Erratum (Information Leak)

Incomplete fixes for previous MDS mitigations (VERW)

SHUF* instruction implementation flaw (DoS)


Conditional Jump Macro-fusion (DoS or Privilege Escalation)

For the software side fixes and mitigations of theese issues, the kernel
must be updated to 5.3.13-1.mga7 (mga¤25686) or later.