Oracle Linux 6 : microcode_ctl (ELSA-2018-4019) (Spectre)

medium Nessus Plugin ID 106242

Synopsis

The remote Oracle Linux host is missing a security update.

Description

Description of changes:

[1:1.17-25.4.0.2]
- Revert: early microcode load to allow updating Broadwell model 79
- Revert: Make sure 'modprobe microcode' is not executed on Broadwell model 79
- Revert: Run dracut upon microcode update
- Revert updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715} 306c3 (06-3c-03 rev 0x23, Haswell) 306d4 (06-3d-04 rev 0x28, Broadwell) 306f2 (06-3f-02 rev 0x3b, Haswell) 306f4 (06-3f-04 rev 0x10, Haswell) 306e4 (06-3e-04 rev 0x42a, Ivy Bridge) 40651 (06-45-01 rev 0x21, Haswell) 40661 (06-46-01 rev 0x18, Haswell) 40671 (06-47-01 rev 0x1b, Broadwell) 406e3 (06-4e-03 rev 0xc2, Skylake) 406f1 (06-4f-01 rev 0xb000025, Broadwell) 50654 (06-55-04 rev 0x200003c, Skylake) 50662 (06-56-02 rev 0x14, Broadwell) 50663 (06-56-03 rev 0x7000011, Broadwell) 506e3 (06-5e-03 rev 0xc2, Skylake) 706a1 (06-7a-01 rev 0x22) 806e9 (06-8e-09 rev 0x80, Kaby Lake) 806ea (06-8e-0a rev 0x80) 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80) 906eb (06-9e-0b rev 0x80)

Solution

Update the affected microcode_ctl package.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-January/007467.html

Plugin Details

Severity: Medium

ID: 106242

File Name: oraclelinux_ELSA-2018-4019.nasl

Version: 3.9

Type: local

Agent: unix

Published: 1/23/2018

Updated: 4/15/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:microcode_ctl, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/22/2018

Vulnerability Publication Date: 1/4/2018

Reference Information

CVE: CVE-2017-5715

IAVA: 2018-A-0020