Vulnerability from csaf_suse
Published
2020-11-10 19:09
Modified
2020-11-10 19:09
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode updated to 20201027 prerelease
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
# New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
# Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
Patchnames
SUSE-2020-3275,SUSE-SLE-Product-HPC-15-2020-3275,SUSE-SLE-Product-SLES_SAP-15-2020-3275
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ucode-intel", title: "Title of the patch", }, { category: "description", text: "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 prerelease \n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n # New Platforms:\n | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n |:---------------|:---------|:------------|:---------|:---------|:---------\n | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile\n | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3\n | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile\n | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10\n | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 \n | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile\n # Updated Platforms:\n | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n |:---------------|:---------|:------------|:---------|:---------|:---------\n | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-3275,SUSE-SLE-Product-HPC-15-2020-3275,SUSE-SLE-Product-SLES_SAP-15-2020-3275", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3275-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3275-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203275-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3275-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007746.html", }, { category: "self", summary: "SUSE Bug 1170446", url: "https://bugzilla.suse.com/1170446", }, { category: "self", summary: "SUSE Bug 1173594", url: "https://bugzilla.suse.com/1173594", }, { category: "self", summary: "SUSE CVE CVE-2020-8695 page", url: "https://www.suse.com/security/cve/CVE-2020-8695/", }, { category: "self", summary: "SUSE CVE CVE-2020-8698 page", url: "https://www.suse.com/security/cve/CVE-2020-8698/", }, ], title: "Security update for ucode-intel", tracking: { current_release_date: "2020-11-10T19:09:59Z", generator: { date: "2020-11-10T19:09:59Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3275-1", initial_release_date: "2020-11-10T19:09:59Z", revision_history: [ { date: "2020-11-10T19:09:59Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ucode-intel-20201027-3.51.1.i586", product: { name: "ucode-intel-20201027-3.51.1.i586", product_id: "ucode-intel-20201027-3.51.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ucode-intel-20201027-3.51.1.x86_64", product: { name: "ucode-intel-20201027-3.51.1.x86_64", product_id: "ucode-intel-20201027-3.51.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", }, product_reference: "ucode-intel-20201027-3.51.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", }, product_reference: "ucode-intel-20201027-3.51.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", }, product_reference: "ucode-intel-20201027-3.51.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, ], }, vulnerabilities: [ { cve: "CVE-2020-8695", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8695", }, ], notes: [ { category: "general", text: "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8695", url: "https://www.suse.com/security/cve/CVE-2020-8695", }, { category: "external", summary: "SUSE Bug 1170415 for CVE-2020-8695", url: "https://bugzilla.suse.com/1170415", }, { category: "external", summary: "SUSE Bug 1170446 for CVE-2020-8695", url: "https://bugzilla.suse.com/1170446", }, { category: "external", summary: "SUSE Bug 1178591 for CVE-2020-8695", url: "https://bugzilla.suse.com/1178591", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-10T19:09:59Z", details: "moderate", }, ], title: "CVE-2020-8695", }, { cve: "CVE-2020-8698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8698", }, ], notes: [ { category: "general", text: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8698", url: "https://www.suse.com/security/cve/CVE-2020-8698", }, { category: "external", summary: "SUSE Bug 1173594 for CVE-2020-8698", url: "https://bugzilla.suse.com/1173594", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-10T19:09:59Z", details: "low", }, ], title: "CVE-2020-8698", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.