SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)

medium Nessus Plugin ID 143735

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for ucode-intel fixes the following issues :

Updated Intel CPU Microcode to 20201118 official release.
(bsc#1178971)

- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.

- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)

- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)

- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)

Release notes :

- Security updates for

[INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-cent er/ad visory/intel-sa-00381.html).

- Security updates for

[INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-cent er/ad visory/intel-sa-00389.html).

- Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification

Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e 5-v3- spec-update.html?wapkw=processor+spec+update+e5) for details.

- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/co re/10th-gen-core-families-specification-update.html) for details.

- Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/co re/8th-gen-core-spec-update.html) for details.

- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification

Update](https://www.intel.com/content/www/us/en/processors/core/7th-ge n-cor e-family-spec-update.html) for details.

- Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689 ) for details.

- Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification

Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e 3-120 0v6-spec-update.html) for details.

- Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification

Update](https://www.intel.com/content/www/us/en/products/docs/processo rs/xe on/xeon-e-2100-specification-update.html) for details.

### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:----
----- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:----
----- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 9 :

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3514=1

SUSE OpenStack Cloud Crowbar 8 :

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3514=1

SUSE OpenStack Cloud 9 :

zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3514=1

SUSE OpenStack Cloud 8 :

zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3514=1

SUSE OpenStack Cloud 7 :

zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3514=1

SUSE Linux Enterprise Server for SAP 12-SP4 :

zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3514=1

SUSE Linux Enterprise Server for SAP 12-SP3 :

zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3514=1

SUSE Linux Enterprise Server for SAP 12-SP2 :

zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3514=1

SUSE Linux Enterprise Server 12-SP4-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3514=1

SUSE Linux Enterprise Server 12-SP3-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3514=1

SUSE Linux Enterprise Server 12-SP3-BCL :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3514=1

SUSE Linux Enterprise Server 12-SP2-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3514=1

SUSE Linux Enterprise Server 12-SP2-BCL :

zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3514=1

SUSE Enterprise Storage 5 :

zypper in -t patch SUSE-Storage-5-2020-3514=1

HPE Helion Openstack 8 :

zypper in -t patch HPE-Helion-OpenStack-8-2020-3514=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1170446

https://bugzilla.suse.com/show_bug.cgi?id=1173592

https://bugzilla.suse.com/show_bug.cgi?id=1173594

https://bugzilla.suse.com/show_bug.cgi?id=1178971

https://cdrdv2.intel.com/v1/dl/getContent/332689

https://cdrdv2.intel.com/v1/dl/getContent/338848

https://cdrdv2.intel.com/v1/dl/getContent/613537

https://www.intel.com/content/www/us/en/processors/core/7th-gen-cor

https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-120

https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-

https://www.intel.com/content/www/us/en/products/docs/processors/co

https://www.intel.com/content/www/us/en/products/docs/processors/xe

https://www.intel.com/content/www/us/en/security-center/ad

https://www.suse.com/security/cve/CVE-2020-8695/

https://www.suse.com/security/cve/CVE-2020-8696/

https://www.suse.com/security/cve/CVE-2020-8698/

http://www.nessus.org/u?8118df0d

Plugin Details

Severity: Medium

ID: 143735

File Name: suse_SU-2020-3514-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/9/2020

Updated: 2/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-8698

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:ucode-intel, p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo, p-cpe:/a:novell:suse_linux:ucode-intel-debugsource, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/25/2020

Vulnerability Publication Date: 11/12/2020

Reference Information

CVE: CVE-2020-8695, CVE-2020-8696, CVE-2020-8698