RHEL 7 : microcode_ctl (RHSA-2020:2432)

medium Nessus Plugin ID 137313

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory.

Security Fix(es):

* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)

* hw: L1D Cache Eviction Sampling (CVE-2020-0549)

* hw: Vector Register Data Sampling (CVE-2020-0548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Update Intel CPU microcode to microcode-20200602 release, addresses:
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
- Change the URL in the intel-microcode2ucode.8 to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore.

* Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models.

* Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well.

* Avoid find being SIGPIPE'd on early grep -q exit in the dracut script.

* Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected microcode_ctl package.

See Also

http://www.nessus.org/u?85f19bb1

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/solutions/5142691

https://access.redhat.com/solutions/5142751

https://access.redhat.com/errata/RHSA-2020:2432

https://bugzilla.redhat.com/show_bug.cgi?id=1788786

https://bugzilla.redhat.com/show_bug.cgi?id=1788788

https://bugzilla.redhat.com/show_bug.cgi?id=1827165

Plugin Details

Severity: Medium

ID: 137313

File Name: redhat-RHSA-2020-2432.nasl

Version: 1.10

Type: local

Agent: unix

Published: 6/10/2020

Updated: 11/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-0549

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:microcode_ctl, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2020

Vulnerability Publication Date: 1/28/2020

Reference Information

CVE: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549

CWE: 200

RHSA: 2020:2432