Oracle Linux 7 : microcode_ctl (ELSA-2020-2432)

medium Nessus Plugin ID 137694

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-2432 advisory.

- Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827189):
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected microcode_ctl package.

See Also

https://linux.oracle.com/errata/ELSA-2020-2432.html

Plugin Details

Severity: Medium

ID: 137694

File Name: oraclelinux_ELSA-2020-2432.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/22/2020

Updated: 10/23/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-0549

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:microcode_ctl, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 6/18/2020

Vulnerability Publication Date: 1/28/2020

Reference Information

CVE: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549

RHSA: 2020:2432