RHEL 8 : microcode_ctl (RHSA-2020:2757)

medium Nessus Plugin ID 137882

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2757 advisory.

Security Fix(es):

* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)

* hw: L1D Cache Eviction Sampling (CVE-2020-0549)

* hw: Vector Register Data Sampling (CVE-2020-0548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fixes:

* Update Intel CPU microcode to microcode-20200609 release:
- Addition of 06-4d-08/0x01 (AVN B0/C0) microcode at revision 0x12d;
- Addition of 06-55-06/0xbf (CLX-SP B0) microcode at revision 0x4002f01;
- Addition of 06-7a-08/0x01 (GLK R0) microcode at revision 0x16;
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode (in intel-06-2d-07/intel-ucode/06-2d-07) from revision 0x718 up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd4 up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000150 up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000064 up to 0x2006906;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002b up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd4 up to 0xdc;
- Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x2e up to 0x32;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xc6 up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xae up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xc6 up to 0xd6.
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.
* Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision 0xdc, use 0xd6 by default.
* Enable 06-2d-07 (SNB-E/EN/EP) caveat by default.
* Add 06-55-04 (SKL-X/W) caveat, enable it by default.
* Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt.
* Avoid find being SIGPIPE'd on early grep -q exit in the dracut script.
* Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well.
* Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore.
* Avoid temporary file creation, used for here-documents in check_caveats.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected microcode_ctl package.

See Also

http://www.nessus.org/u?0729924b

http://www.nessus.org/u?d3c21751

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/solutions/5142691

https://access.redhat.com/errata/RHSA-2020:2757

https://bugzilla.redhat.com/show_bug.cgi?id=1788786

https://bugzilla.redhat.com/show_bug.cgi?id=1788788

https://bugzilla.redhat.com/show_bug.cgi?id=1827165

https://bugzilla.redhat.com/show_bug.cgi?id=1848438

https://bugzilla.redhat.com/show_bug.cgi?id=1848501

Plugin Details

Severity: Medium

ID: 137882

File Name: redhat-RHSA-2020-2757.nasl

Version: 1.10

Type: local

Agent: unix

Published: 6/29/2020

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-0549

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:microcode_ctl, cpe:/o:redhat:rhel_e4s:8.0

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 6/29/2020

Vulnerability Publication Date: 1/28/2020

Reference Information

CVE: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549

CWE: 200

RHSA: 2020:2757