Detections
Analytics

openSUSE Security Update : ucode-intel (openSUSE-2018-24) (Spectre)

medium Nessus Plugin ID 105758

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ucode-intel fixes the following issues :

Update to Intel CPU Microcode version 20180108 (boo#1075262)

 - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball).

New firmware updates since last version (20170707) are available for these Intel processors :

 - IVT C0 (06-3e-04:ed) 428->42a

 - SKL-U/Y D0 (06-4e-03:c0) ba->c2

 - BDW-U/Y E/F (06-3d-04:c0) 25->28

 - HSW-ULT Cx/Dx (06-45-01:72) 20->21

 - Crystalwell Cx (06-46-01:32) 17->18

 - BDW-H E/G (06-47-01:22) 17->1b

 - HSX-EX E0 (06-3f-04:80) 0f->10

 - SKL-H/S R0 (06-5e-03:36) ba->c2

 - HSW Cx/Dx (06-3c-03:32) 22->23

 - HSX C0 (06-3f-02:6f) 3a->3b

 - BDX-DE V0/V1 (06-56-02:10) 0f->14

 - BDX-DE V2 (06-56-03:10) 700000d->7000011

 - KBL-U/Y H0 (06-8e-09:c0) 62->80

 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80

 - KBL-H/S B0 (06-9e-09:2a) 5e->80

 - CFL U0 (06-9e-0a:22) 70->80

 - CFL B0 (06-9e-0b:02) 72->80

 - SKX H0 (06-55-04:b7) 2000035->200003c

 - GLK B0 (06-7a-01:01) 1e->22

Solution

Update the affected ucode-intel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1075262

Plugin Details

Severity: Medium

ID: 105758

File Name: openSUSE-2018-24.nasl

Version: 3.7

Type: local

Agent: unix

Published: 1/12/2018

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ucode-intel-debugsource, p-cpe:/a:novell:opensuse:ucode-intel-blob, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:ucode-intel, p-cpe:/a:novell:opensuse:ucode-intel-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/11/2018

Reference Information

CVE: CVE-2017-5715

IAVA: 2018-A-0020