ALINUX2-SA-2021:0038: microcode_ctl security, bug fix and enhancement update (Important)

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2020-24489:
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-24511:
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2020-24512:
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2020-24513:
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References

CVE-2020-24489SCORE:8.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2020-24511SCORE:5.6/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-24512SCORE:2.8/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2020-24513SCORE:5.6/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Updated Packages

i686
- microcode_ctl-2.1-73.9.1.al7.i686.rpm → (download)
- microcode_ctl-debuginfo-2.1-73.9.1.al7.i686.rpm → (download)
src
- microcode_ctl-2.1-73.9.1.al7.src.rpm → (download)
x86_64
- microcode_ctl-2.1-73.9.1.al7.x86_64.rpm → (download)
- microcode_ctl-debuginfo-2.1-73.9.1.al7.x86_64.rpm → (download)

Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2021:0038

Summary

Severity

Description

References

Updated Packages