ID

VAR-202006-0241

CVE

CVE-2020-0543

TITLE

Debian Security Advisory 4701-1

DESCRIPTION

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel 06_3DH and Intel 06_9EH are both a central processing unit (CPU) product of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products. The following products and versions are affected: Intel Celeron 1000M; Celeron 1005M; Celeron 1007U; Celeron 1019Y; Celeron 1020m, etc. (CVE-2020-12654). The microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release. The upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot. For the stable distribution (buster), these problems have been fixed in version 3.20200609.2~deb10u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7iSvVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RH6g/9FYOaN5XyFFC8jVEmfdIl0pa8SqEH2+V1s27pAEOMhGAXuLrUms9wDq0J IoM54q/dz3rH3GiSi5nNqQDxLGx40DNSM5CCdCZIC22YvALS3aYsqpSSlDiyQZSb Im7isH8ntWIc3bedPWzfhui4VA19p8gnbFUetts3fp+uPeimd/QfPnJDN8wHUAL1 V2JzHMYD8v9axenbOxuWSArSnbubEtwpmHfhMzIMkE5150qhyofpzPBsKGoASa7q kPrwbUKBC11dGi+sV49rpXTf/ml7KDUDIrsA75sLC9WhckBcMdAkkVPLJyytAZ6A SqaOVJv+j0wVmhTtIqPxjvYCvX0y8i6NyQi+aliqzq7uEiQtaPQV8sWgDhyhTWga kxxiNuLfcuiEKkKToHdrkLLI1JiisqQTcwyRHg6k3X8+sNmKe6vFu3KzVbLo8+MH c3zEDQHP7XHm/euneb5ZFdg7+Rli03KWFm8/LNJQhrDcsFU/Si5268OwnzpGydwc eaIwuHtc8R64q+m5Aujo7X7kKk67zN7XhmX0nbr9Egni7dhG3iVrMtF27BTPMcML Gzz1pjktlYiySJYON64N/ooZchwAoAEhM9F1yPREXNf6PfRQG3lNjX3UeC4Ci0Ay /NuaKQSSlwd3XOy/dajSEfceu8uI/RZQ3RccTZRtWT58qcnwAnE= =cQzh -----END PGP SIGNATURE----- . * Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. * Avoid temporary file creation, used for here-documents in check_caveats. Description: The microcode_ctl packages provide microcode updates for Intel. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. ========================================================================= Ubuntu Security Notice USN-4391-1 June 10, 2020 linux, linux-aws, linux-kvm vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-12769) It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (arbitrary application crash). (CVE-2020-12826) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1075-kvm 4.4.0-1075.82 linux-image-4.4.0-1109-aws 4.4.0-1109.120 linux-image-4.4.0-184-generic 4.4.0-184.214 linux-image-4.4.0-184-generic-lpae 4.4.0-184.214 linux-image-4.4.0-184-lowlatency 4.4.0-184.214 linux-image-4.4.0-184-powerpc-e500mc 4.4.0-184.214 linux-image-4.4.0-184-powerpc-smp 4.4.0-184.214 linux-image-4.4.0-184-powerpc64-emb 4.4.0-184.214 linux-image-4.4.0-184-powerpc64-smp 4.4.0-184.214 linux-image-aws 4.4.0.1109.113 linux-image-generic 4.4.0.184.190 linux-image-generic-lpae 4.4.0.184.190 linux-image-kvm 4.4.0.1075.73 linux-image-lowlatency 4.4.0.184.190 linux-image-powerpc-e500mc 4.4.0.184.190 linux-image-powerpc-smp 4.4.0.184.190 linux-image-powerpc64-emb 4.4.0.184.190 linux-image-powerpc64-smp 4.4.0.184.190 linux-image-virtual 4.4.0.184.190 Ubuntu 14.04 ESM: linux-image-4.4.0-1073-aws 4.4.0-1073.77 linux-image-4.4.0-184-generic 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-generic-lpae 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-lowlatency 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc-e500mc 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc-smp 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc64-emb 4.4.0-184.214~14.04.1 linux-image-4.4.0-184-powerpc64-smp 4.4.0-184.214~14.04.1 linux-image-aws 4.4.0.1073.70 linux-image-generic-lpae-lts-xenial 4.4.0.184.161 linux-image-generic-lts-xenial 4.4.0.184.161 linux-image-lowlatency-lts-xenial 4.4.0.184.161 linux-image-powerpc-e500mc-lts-xenial 4.4.0.184.161 linux-image-powerpc-smp-lts-xenial 4.4.0.184.161 linux-image-powerpc64-emb-lts-xenial 4.4.0.184.161 linux-image-powerpc64-smp-lts-xenial 4.4.0.184.161 linux-image-virtual-lts-xenial 4.4.0.184.161 Please note that the mitigation for CVE-2020-0543 requires a processor microcode update to be applied, either from your system manufacturer or via the intel-microcode package. The kernel update for this issue provides the ability to disable the mitigation and to report vulnerability status. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:2680-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2680 Issue date: 2020-06-23 CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 ==================================================================== 1. Summary: Updated microcode_ctl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - x86_64 3. Description: Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: Vector Register Data Sampling (CVE-2020-0548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update Intel CPU microcode to microcode-20200609 release: - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. * Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision 0xdc, use 0xd6 by default. * Enable 06-2d-07 (SNB-E/EN/EP) caveat by default. * Enable 06-55-04 (SKL-SP/X/W) caveat by default. * Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script. * Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. * Change the URL in the intel-microcode2ucode.8 to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1788786 - CVE-2020-0548 hw: Vector Register Data Sampling 1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling 1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS) 1849060 - [rhel-7.3.z] Enable SNB-EP caveat by default 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: microcode_ctl-2.1-16.33.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.33.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.33.el7_3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: microcode_ctl-2.1-16.33.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.33.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.33.el7_3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: microcode_ctl-2.1-16.33.el7_3.src.rpm x86_64: microcode_ctl-2.1-16.33.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.33.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0543 https://access.redhat.com/security/cve/CVE-2020-0548 https://access.redhat.com/security/cve/CVE-2020-0549 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/solutions/5142691 https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvIJitzjgjWX9erEAQjIOw//bX0YNiwWNZw4wcSHYxuS9V98LTZ90hgj y8/w5RFJ5ZKnHgGqVYBM2au63Jt8xzENjPHCDg6gAF6MfqzuNyXoKhih8LLvrD7h mOScdIbVwBruix3JcXitmd23BIFCZ0N7tL0gr8vGadIf9H8asRP1jgyuNj8JMo6v HAAjF+q1+JyH31x8efQvJmOnL4zThMkLyP78Z8qHE1VGGCveWrQrT+b1+GeOAeIk MEkrsZfMFB3T8hIjg61Gqnn42aPnDV8iX3kTL0hCZOmXAkivfDoN3PLmzRtKx6bZ veS/1DOes6hNQ80wuj71guEZuAGPPFpQbcD4049KfzMCzQTAQh18bkyqu29BX6bp OwOsNekbhiwM3HEz3t7EqXJUoEgXapG+Hdjx9DXCrxxr0T5gh9X7a6CAoNKvt/p+ okJtuhBzqFl162kYJMIsOYy2E1RwCSM/JD97FBbsWV5MrNBbNWA1+h75jeyssAFC C53/Cb9pJsgf+tkx1PvOtApxzl1IqS6rhGPfCnMSqq17e8eKFTlqgDveaPwHdcyW aK/uWBZN/d1x7Pay4tmgwK0Va5hMfZmEHNnosux0iNTxizleZfU8GIhfr61qBjYZ jFryuFwsQuUC7+BpU23WHKxtl1ZVHnSkq6RliPETVpI81KyV+p6kJDgUXZD5xrU1 uJGWMF17UCI=bOOd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS