Red Hat Security Advisory 2020-2677-01

Red Hat Security Advisory 2020-2677-01: Posted Jun 23, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2677-01 - An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-0543, CVE-2020-0548, CVE-2020-0549; SHA-256 | ea9a908f1ca6fa9566334c18f71f8a818a07cc015488c3db63c5aaed5a3af2bf; Download | Favorite | View

Red Hat Security Advisory 2020-2677-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: microcode_ctl security, bug fix and enhancement update
Advisory ID:       RHSA-2020:2677-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2677
Issue date:        2020-06-23
CVE Names:         CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 
=====================================================================

1. Summary:

An update for microcode_ctl is now available for Red Hat enterprise Linux
8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - x86_64

3. Description:

Security Fix(es):

* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)

* hw: L1D Cache Eviction Sampling (CVE-2020-0549)

* hw: Vector Register Data Sampling (CVE-2020-0548)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

Bug Fix(es):

* Update Intel CPU microcode to microcode-20200609 release:
  - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision
0x61f
    up to 0x621;
  - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision
0x718
    up to 0x71a;
  - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to
0x28;
  - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
    up to 0x2f;
  - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
    up to 0x26;
  - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to
0x1c;
  - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision
0x21
    up to 0x22;
  - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
    up to 0xdc;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
    up to 0x1000157;
  - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
    (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
    up to 0x2006906;
  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
    up to 0x4002f01;
  - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
    up to 0x5002f01;
  - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
    up to 0xdc;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
    up to 0x78;
  - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
    up to 0xd6;
  - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
    up to 0xd6;
  - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
    up to 0xd6;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
    up to 0xd6;
  - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
    from revision 0xca up to 0xd6;
  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision
    0xca up to 0xd6;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision
0xca
    up to 0xd6;
  - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to
0xd6;
  - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
    up to 0xd6;
  - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to
0xd6.
* Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to
revision
  0xdc, use 0xd6 by default.
* Enable 06-2d-07 (SNB-E/EN/EP) caveat by default.
* Enable 06-55-04 (SKL-SP/X/W) caveat by default.
* Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script.
* Re-generate initramfs not only for the currently running kernel,
  but for several recently installed kernels as well.
* Change the URL to point to the GitHub repository since the microcode
download.
  section at Intel Download Center does not exist anymore.
* Avoid temporary file creation, used for here-documents in check_caveats.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
1848439 - [rhel-8.1.0] skylake (06-4e-03) microcode update hangs
1848502 - [rhel-8.1.0] Package microcode-20200609 release

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1):

Source:
microcode_ctl-20190618-1.20200609.1.el8_1.src.rpm

x86_64:
microcode_ctl-20190618-1.20200609.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-0543
https://access.redhat.com/security/cve/CVE-2020-0548
https://access.redhat.com/security/cve/CVE-2020-0549
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/solutions/5142691
https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXvH/7tzjgjWX9erEAQgL9g//anwIq/uMxJEiNQDX851j9dzE7f1pyOAL
dDCQG9WHU7RJmO0aZkR+KTJ5fa5pHx8oqQLp+tyXOcvpJhn/2aukr4Hv3NT59cxi
kVS97KHhLL79dBjpodNOryiqjbZ6FVXYzUPesExj/cwzYqwk3ctSENor3UnlnZVI
H+5vsyo8hgufYJ35BCxFAJQPXR3vQFGcOLGQUpA/aOOWJVnkDSHFQF+xJGyIJOPX
Yr6g/P2qKaZg6nvzDDbl0gwIuKzEf1oydqxD2pjOR/DDzxbkDIuDpshY1oJnZjE5
HS0SyNCc66QZq7kMvCDZM+Qc20eC5ZiXCpuBbpjVk20XuG9cpFR0zbDgT24ROpic
TUQ/Hh84Cbjc9P3MzzyJrcyHlc6q/QTqJBBBHgVoe38DewRAeR6tAPJ2rrysu7zL
KohPzgzmnH4xl9AM1zWQPNCwNumZe6HS7bzuF4by2Ul8GJqKX0+Hw+vqegw8QAoQ
nQZHjF3OsfNpmHnwTVBCeTWFOrsu+eTa3QtYauIFdhgadfpuO7wkhbf6sicITXn7
0Z4e3ici8BbOVuzsYJyqI4FlSqwh4q5AZ469Co68JMtPkeZnqmExEHYS/xitKDb6
t6BbxR2k2KhbtonmWsIkqh9zx6zLLsADwJT8OTG3EnRdZIFez098m8D7vtDLdzff
vxuyj6vUO9w=
=U2Xs
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 256 files
Jay Turla 150 files
indoushka 149 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Debian 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,066)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,731)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,807)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

Red Hat Security Advisory 2020-2677-01

Red Hat Security Advisory 2020-2677-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2020-2677-01

Share This

Red Hat Security Advisory 2020-2677-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems