openSUSE Security Update : ucode-intel (openSUSE-2018-24) (Spectre)

Medium Nessus Plugin ID 105758

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ucode-intel fixes the following issues :

Update to Intel CPU Microcode version 20180108 (boo#1075262)

- The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball).

New firmware updates since last version (20170707) are available for these Intel processors :

- IVT C0 (06-3e-04:ed) 428->42a

- SKL-U/Y D0 (06-4e-03:c0) ba->c2

- BDW-U/Y E/F (06-3d-04:c0) 25->28

- HSW-ULT Cx/Dx (06-45-01:72) 20->21

- Crystalwell Cx (06-46-01:32) 17->18

- BDW-H E/G (06-47-01:22) 17->1b

- HSX-EX E0 (06-3f-04:80) 0f->10

- SKL-H/S R0 (06-5e-03:36) ba->c2

- HSW Cx/Dx (06-3c-03:32) 22->23

- HSX C0 (06-3f-02:6f) 3a->3b

- BDX-DE V0/V1 (06-56-02:10) 0f->14

- BDX-DE V2 (06-56-03:10) 700000d->7000011

- KBL-U/Y H0 (06-8e-09:c0) 62->80

- KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80

- KBL-H/S B0 (06-9e-09:2a) 5e->80

- CFL U0 (06-9e-0a:22) 70->80

- CFL B0 (06-9e-0b:02) 72->80

- SKX H0 (06-55-04:b7) 2000035->200003c

- GLK B0 (06-7a-01:01) 1e->22

Solution

Update the affected ucode-intel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1075262

Plugin Details

Severity: Medium

ID: 105758

File Name: openSUSE-2018-24.nasl

Version: 3.5

Type: local

Agent: unix

Published: 2018/01/12

Updated: 2019/07/09

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ucode-intel, p-cpe:/a:novell:opensuse:ucode-intel-blob, p-cpe:/a:novell:opensuse:ucode-intel-debuginfo, p-cpe:/a:novell:opensuse:ucode-intel-debugsource, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/01/11

Reference Information

CVE: CVE-2017-5715

IAVA: 2018-A-0020