-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2307-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2307 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: microcode_ctl-20191115-4.20210525.1.el8_2.src.rpm x86_64: microcode_ctl-20191115-4.20210525.1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAcetzjgjWX9erEAQjhVA/9Gf/eyK4VS1itF6pnUCbfTKvh6XGc9zuj FdSOCFxEFzwlvHVYUYFn1KSYy9TGfWJnheaT6ptSjP2LwbRH3LWceaQhK6PEhaFR KyFGiiyX3fbcu+VZKHObAtRy+mxb8c22Sq/K56qpWnfJSoR+AzF0+UzsiVaFeVr9 iiHhoQOn/DZ+D1uajzaxWU4kdH5SdgLIMMmnYfUYPiRXHyvEpZ6j4FXDslCU8E3k lMeaWk8micyUH0Kw+BEDt5/Ytvku/Xzamt1hflZ7eBppgJjAzTD8VKRCny0B9nRh vYRlb+HuL9p3AJ+E5O0REBen9JuZdgL4C8u5TisODShC9FTEts+ljnsr0zvplpMI 8E9x3Xom0b/JwPbbKNU6L0bpXLVJ3i6jLgffQBGPe8qwdy/7O7chNboYnWn/Kf0s 0KqPwqKM/1Jnru+bYzKXXtKhku9shTDWBTI5VVFtC3HSxQgHbIScMdhPFQQI/mZL 2bkaNc0QNm7oXu6j02T4ZVYm8a4lXXi/J8I/7NhSYmSeb+nRu/wU9X+Coe9/8hmk AUr9mLLlnZUhx3byk/5Xhb+Z4XfB1siDw2Yvp3E9zaq/dZc2ptkSkeEMlVqC1bIw Mj2/L61k7by12TxeE1PluPB/trGRrU6fpwYwCRhna5KxyBAEK/nvmpfeO2T97B3a 3UmdFKrqRHo=q9Om -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce