Vulnerabilities > CVE-2020-0543 - Incomplete Cleanup vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Vulnerable Configurations

Part Description Count
Hardware
Intel
665
Hardware
Siemens
25
OS
Opensuse
2
OS
Canonical
6
OS
Fedoraproject
2
OS
Siemens
47
Application
Mcafee
21

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4391-1.NASL
    descriptionIt was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137301
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137301
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4391-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4701.NASL
    descriptionThis update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for the Special Register Buffer Data Sampling (CVE-2020-0543 ), Vector Register Sampling (CVE-2020-0548 ) and L1D Eviction Sampling (CVE-2020-0549 ) hardware vulnerabilities. The microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release. The upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot. For details refer to https://www.intel.com/content/www/us/en/security-center/advisory/intel -sa-00320.html, https://www.intel.com/content/www/us/en/security-center/advisory/intel -sa-00329.html
    last seen2020-06-13
    modified2020-06-12
    plugin id137374
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137374
    titleDebian DSA-4701-1 : intel-microcode - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5715.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-13
    modified2020-06-10
    plugin id137291
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137291
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2431.NASL
    descriptionFrom Red Hat Security Advisory 2020:2431 : The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-13
    modified2020-06-12
    plugin id137385
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137385
    titleOracle Linux 8 : microcode_ctl (ELSA-2020-2431)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4385-1.NASL
    descriptionIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-13
    modified2020-06-10
    plugin id137295
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137295
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode vulnerabilities (USN-4385-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4388-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137298
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137298
    titleUbuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2432.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-10
    plugin id137313
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137313
    titleRHEL 7 : microcode_ctl (RHSA-2020:2432)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2433.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-11
    plugin id137338
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137338
    titleCentOS 6 : microcode_ctl (CESA-2020:2433)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2433.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-09
    plugin id137273
    published2020-06-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137273
    titleRHEL 6 : microcode_ctl (RHSA-2020:2433)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2431.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-09
    plugin id137276
    published2020-06-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137276
    titleRHEL 8 : microcode_ctl (RHSA-2020:2431)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2241.NASL
    descriptionThis update is now available for all supported architectures. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8839 A race condition was found in the ext4 filesystem implementation. A local user could exploit this to cause a denial of service (filesystem corruption). CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19447 It was discovered that the ext4 filesystem driver did not safely handle unlinking of an inode that, due to filesystem corruption, already has a link count of 0. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-19768 Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. CVE-2019-20636 The syzbot tool found that the input subsystem did not fully validate keycode changes, which could result in a heap out-of-bounds write. A local user permitted to access the device node for an input or VT device could possibly use this to cause a denial of service (crash or memory corruption) or for privilege escalation. CVE-2020-0009 Jann Horn reported that the Android ashmem driver did not prevent read-only files from being memory-mapped and then remapped as read-write. However, Android drivers are not enabled in Debian kernel configurations. CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian
    last seen2020-06-13
    modified2020-06-10
    plugin id137283
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137283
    titleDebian DLA-2241-2 : linux security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2242.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the
    last seen2020-06-12
    modified2020-06-11
    plugin id137339
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137339
    titleDebian DLA-2242-1 : linux-4.9 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5714.NASL
    descriptionDescription of changes: [5.4.17-2011.3.2.1.el8uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add
    last seen2020-06-13
    modified2020-06-10
    plugin id137290
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137290
    titleOracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5714)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4389-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137299
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137299
    titleUbuntu 20.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle (USN-4389-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2432.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-11
    plugin id137337
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137337
    titleCentOS 7 : microcode_ctl (CESA-2020:2432)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4390-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137300
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137300
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, (USN-4390-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4387-1.NASL
    descriptionIt was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem
    last seen2020-06-13
    modified2020-06-10
    plugin id137297
    published2020-06-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137297
    titleUbuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, (USN-4387-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-791.NASL
    descriptionThis update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or
    last seen2020-06-12
    modified2020-06-11
    plugin id137351
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137351
    titleopenSUSE Security Update : ucode-intel (openSUSE-2020-791)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4698.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. - CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. - CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. - CVE-2019-19462 The syzbot tool found a missing error check in the
    last seen2020-06-12
    modified2020-06-11
    plugin id137340
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137340
    titleDebian DSA-4698-1 : linux - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4699.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM. - CVE-2019-19462 The syzkaller tool found a missing error check in the
    last seen2020-06-12
    modified2020-06-11
    plugin id137341
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137341
    titleDebian DSA-4699-1 : linux - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4385-2.NASL
    descriptionUSN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the
    last seen2020-06-12
    modified2020-06-11
    plugin id137352
    published2020-06-11
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137352
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode regression (USN-4385-2)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200610_MICROCODE_CTL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) - hw: Vector Register Data Sampling (CVE-2020-0548)
    last seen2020-06-12
    modified2020-06-11
    plugin id137348
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137348
    titleScientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5722.NASL
    descriptionDescription of changes: [4.1.12-124.39.5.1.el7uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Add
    last seen2020-06-13
    modified2020-06-12
    plugin id137388
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137388
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5722)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-163-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-06-13
    modified2020-06-12
    plugin id137391
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137391
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)

Redhat

rpms
  • microcode_ctl-4:20191115-4.20200602.2.el8_2
  • microcode_ctl-2:2.1-61.6.el7_8
  • microcode_ctl-debuginfo-2:2.1-61.6.el7_8
  • microcode_ctl-2:1.17-33.26.el6_10
  • microcode_ctl-debuginfo-2:1.17-33.26.el6_10

The Hacker News

idTHN:8841D27BD6D8D04E9583E7E0F20898D5
last seen2020-06-10
modified2020-06-10
published2020-06-10
reporterThe Hacker News
sourcehttps://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html
titleIntel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks

References