New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.9
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).
Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation Vulnerability CVE-2019-11139 MD_CLEAR Operations CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102 Erratum
Updated microcode includes mitigations for CPU issues, but may also cause a performance regression due to the JCC erratum mitigation.
Please visit http://www.intel.com/benchmarks for further information.
Please visit http://www.intel.com/security for detailed information on these advisories as well as a list of CPUs that are affected.
Operating a CPU without the latest microcode may result in erratic or unpredictable behavior, including system crashes and lock ups. Certain issues listed in this advisory may result in the leakage of privileged system information to unprivileged users. Please refer to the security advisories listed above for detailed information.
Solution
Update the affected packages.