SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3373-1)

medium Nessus Plugin ID 143728

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for ucode-intel fixes the following issues :

Updated Intel CPU Microcode to 20201110 official release.

- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)

- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)

- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)

Release notes :

- Security updates for

[INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-cent er/ad visory/intel-sa-00381.html).

- Security updates for

[INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-cent er/ad visory/intel-sa-00389.html).

- Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification

Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e 5-v3- spec-update.html?wapkw=processor+spec+update+e5) for details.

- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/co re/10th-gen-core-families-specification-update.html) for details.

- Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/co re/8th-gen-core-spec-update.html) for details.

- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification

Update](https://www.intel.com/content/www/us/en/processors/core/7th-ge n-cor e-family-spec-update.html) for details.

- Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification

Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e 3-120 0v6-spec-update.html) for details.

- Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/xe on/xeon-e-2100-specification-update.html) for details.

### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:----
----- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:----
----- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Basesystem 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3373=1

See Also

https://cdrdv2.intel.com/v1/dl/getContent/332689

https://cdrdv2.intel.com/v1/dl/getContent/338848

https://cdrdv2.intel.com/v1/dl/getContent/613537

https://bugzilla.suse.com/show_bug.cgi?id=1170446

https://bugzilla.suse.com/show_bug.cgi?id=1173594

https://www.suse.com/security/cve/CVE-2020-8695/

https://www.suse.com/security/cve/CVE-2020-8698/

https://bugzilla.suse.com/show_bug.cgi?id=1173592

https://www.intel.com/content/www/us/en/processors/core/7th-gen-cor

https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-120

https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-

https://www.intel.com/content/www/us/en/products/docs/processors/co

https://www.intel.com/content/www/us/en/products/docs/processors/xe

https://www.intel.com/content/www/us/en/security-center/ad

https://www.suse.com/security/cve/CVE-2020-8696/

http://www.nessus.org/u?ebf5d9b4

Plugin Details

Severity: Medium

ID: 143728

File Name: suse_SU-2020-3373-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/9/2020

Updated: 12/11/2020

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:ucode-intel:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2020

Vulnerability Publication Date: 11/12/2020

Reference Information

CVE: CVE-2020-8695, CVE-2020-8696, CVE-2020-8698