SUSE-SU-2021:14758-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14758-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:14758-1
Related
Published
2021-06-28T13:03:33Z
Modified
2021-06-28T13:03:33Z
Summary
Security update for microcode_ctl
Details

This update for microcode_ctl fixes the following issues:

Updated to Intel CPU Microcode 20210525 release:

  • CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833)
  • CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836)
  • CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837)
  • CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839)
References

Affected packages

SUSE:Linux Enterprise Point of Sale 11 SP3 / microcode_ctl

Package

Name
microcode_ctl
Purl
purl:rpm/suse/microcode_ctl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-102.83.71.1

Ecosystem specific

{
    "binaries": [
        {
            "microcode_ctl": "1.17-102.83.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4-LTSS / microcode_ctl

Package

Name
microcode_ctl
Purl
purl:rpm/suse/microcode_ctl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-102.83.71.1

Ecosystem specific

{
    "binaries": [
        {
            "microcode_ctl": "1.17-102.83.71.1"
        }
    ]
}