Advisories » MGASA-2019-0413

Updated microcode packages fix security vulnerabilities

Publication date: 25 Dec 2019
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-0117 , CVE-2019-11135 , CVE-2019-11139 , CVE-2018-12207

Description

NOTE! This is a refresh of the 20191112 security update we released
as MGASA-2019-0334.
This update provides the Intel 20191115 microcode release that adds
more microcode side fixes and mitigations for the Core Gen 6 to Core
gen 10, some Xeon E series, adressing at least the following security
issues:

A flaw was found in the implementation of SGX around the access control
of protected memory.  A local attacker of a system with SGX enabled and
an affected intel GPU with the ability to execute code is able to infer
the contents of the SGX protected memory (CVE-2019-0117).

TSX Asynchronous Abort condition on some CPUs utilizing speculative
execution may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. (CVE-2019-11135).

Improper conditions check in the voltage modulation interface for some
Intel(R) Xeon(R) Scalable Processors may allow a privileged user to
potentially enable denial of service via local access (CVE-2019-11139).

Improper invalidation for page table updates by a virtual guest operating
system for multiple Intel(R) Processors may allow an authenticated user to
potentially enable denial of service of the host system via local access
(CVE-2018-12207).

TA Indirect Sharing Erratum (Information Leak)

Incomplete fixes for previous MDS mitigations (VERW)

SHUF* instruction implementation flaw (DoS)

EGETKEY Erratum

Conditional Jump Macro-fusion (DoS or Privilege Escalation)

For the software side fixes and mitigations of theese issues, the kernel
must be updated to 5.3.13-1.mga7 (mga¤25686) or later.

References

SRPMS

7/nonfree