Intel November 2020 Microcode Update
Table of Contents
Overview
Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.
Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Background
CVE-2020-8695: Information disclosure issue in Intel SGX via RAPL interface
A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.
This creates a 'power analysis' side channel, where the attacker can use the RAPL values exported to the operating system as a method to analyse the side channel without physical access.
This issue requires a microcode update. There is a related kernel update which restricts permissions on the values exported to the operating system. The microcode fix would prevent access to infer SGX enclave power values, whereas the permissions fix would prevent other non SGX values from being inferred via the side channel.
This issue has been assigned CVE-2020-8695 and is rated Moderate.
See also:
- Intel-SA-00389
- IPAS: November 2020 Intel Platform Update
- Research Whitepaper ("PLATYPUS: Software-based Power Side-Channel Attacks on x86")
CVE-2020-8696: Vector Register Leakage-Active
A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.
This issue requires a microcode update.
This issue has been assigned CVE-2020-8696 and is rated Low.
See also:
CVE-2020-8698: Fast forward store predictor
A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.
This issue requires a microcode update.
This issue has been assigned CVE-2020-8698 and is rated Moderate.
See also:
Diagnostic Tools
At this time there is no method of knowing if an attack has taken place.
Affected Products
| Product | Fixed in package | Advisory link |
|---|---|---|
| Red Hat Enterprise Linux 8.3.0 (Z-stream) | microcode_ctl-20200609-2.20201027.1.el8_3 | RHSA-2020:5085 |
| Red Hat Enterprise Linux 8.2.0 EUS | microcode_ctl-20191115-4.20201112.1.el8_2 | RHSA-2020:5185 |
| Red Hat Enterprise Linux 8.1.0 EUS | microcode_ctl-20190618-1.20201112.1.el8_1 | RHSA-2020:5369 |
| Red Hat Enterprise Linux 8.0.0 SAP extension | microcode_ctl-220180807a-2.20201112.1.el8_0 | RHSA-2020:5186 |
| Red Hat Enterprise Linux 7.9 (Z-stream) | microcode_ctl-2.1-73.2.el7_9 | RHSA-2020:5083 |
| Red Hat Enterprise Linux 7.7 EUS | microcode_ctl-2.1-53.13.el7_7 | RHSA-2020:5190 |
| Red Hat Enterprise Linux 7.6 EUS | microcode_ctl-2.1-47.18.el7_6 | RHSA-2020:5181 |
| Red Hat Enterprise Linux 7.4 AUS/E4S/TUS | microcode_ctl-2.1-22.36.el7_4 | RHSA-2020:5182 |
| Red Hat Enterprise Linux 7.3 AUS/E4S/TUS | microcode_ctl-2.1-16.37.el7_3 | RHSA-2020:5183 |
| Red Hat Enterprise Linux 7.2 AUS | microcode_ctl-2.1-12.34.el7_2 | RHSA-2020:5188 |
| Red Hat Enterprise Linux 6.10 (Z-stream) (*) | microcode_ctl-1.17-33.31.el6_10 | RHSA-2020:5084 |
| Red Hat Enterprise Linux 6.6 AUS (*) | microcode_ctl-1.17-19.32.el6_6 | RHSA-2020:5184 |
| Red Hat Enterprise Linux 6.5 AUS (*) | microcode_ctl-1.17-17.34.el6_5 | RHSA-2020:5189 |
| Red Hat Enterprise Linux 5 (*) | No update is provided | N/A |
(*) Not affected by CVE-2020-8695.
Affected Configurations
Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.
Find your CPU family model
Find the CPU model provided by your system. This is available in the /proc/cpuinfo file.
$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family : 6
microcode : 0x84
model : 94
model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective prefix.)
Intel Microcode Updates that mitigate the issues
| Model No. (dec) | Stepping (dec) | Minimum microcode revision for mitigation (dec) | Applicable vulnerabilities and errata | Codename | Model Name |
|---|---|---|---|---|---|
| 0x4e (78) | 0x03 (3) | 0xe2 (226) (*) | CVE-2020-8695, CVE-2020-8696 | Skylake U/Y Skylake U (2+3e) |
6th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-6500U, i7-6510U, i7-6600U Intel® Core™ Processor i5-6200U, i5-6210U, i5-6300U, i5-6310U Intel® Core™ Processor i3-6100U, i3-6110U Intel® Pentium® Processor 4405U, 4415U Intel® Celeron® Processor 3855U, 3865U, 3955U, 3965U Intel® Core™ Processor I7-6560U, I7-6567U, I7-6650U, I7-6660U Intel® Core™ Processor I5-6260U, I5-6267U, I5-6287U, I5-6360U Intel® Core™ Processor i3-6167U Intel® Core™ Processor m7-6Y75, m5-6Y54, m5-6Y57, m3-6Y30 Intel® Pentium® Processor 4405Y |
| 0x55 (85) | 0x03 (3) | 0x1000159 (16777561) | CVE-2020-8696 | Skylake Server | Intel® Xeon® Processor P-8124, P-8136 |
| 0x55 (85) | 0x04 (4) | 0x2006a08 (33581576) | CVE-2020-8696 | Skylake D Bakerville Skylake Server Skylake W Skylake X Basin Falls |
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175 Intel® Core™ i9 79xxX, 78xxX |
| 0x55 (85) | 0x07 (7) | 0x5003003 (83898371) | CVE-2020-8696 | Cascade Lake | 2nd Generation Intel® Xeon® Scalable Processors Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282 Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6222V, 6226, 6230, 6230N, 6230T, 6234, 6238, 6238L, 6238M, 6238T, 6240, 6240L, 6240M, 6240Y, 6242, 6244, 6246, 6248, 6252, 6252N, 6254, 6262V Intel® Xeon® Silver Processor 4208, 4208R, 4209T, 4210, 4210R, 4214, 4214C, 4214R, 4214Y, 4215, 4216, 4216R Intel® Xeon® Bronze Processor 3204, 3206R Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223 Intel® Core™ X-series Processor i9-10940X, i9-10920X, i9-10900X, i9-9960X, i9-9940X, i9-9920X, i9-9900X, i9-9820X, i9-9800X, i9-7960X, i9-7940X, i9-7920X, i9-7900X, i7-7820X, i7-7800X, i7-7740X, i7-7640X |
| 0x5e (94) | 0x03 (3) | 0xe2 (226) (**) | CVE-2020-8695, CVE-2020-8696 | Skylake H | 6th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-6700HQ, i7-6770HQ, i7-6820HK, i7-6820HQ, i7-6870HQ, i7-6920HQ, i7-6970HQ, i5-6300HQ, i5-6350HQ, i5-6440HQ, i3-6100H, i7-6700, i7-6700K, i7-6700T, i7-6700TE, i7-6820EQ, i7-6822EQ, i5-6400, i5-6400T, i5-6440EQ, i5-6442EQ, i5-6500, i5-6500T, i5-6500TE, i5-6600, i5-6600K, i5-6600T, i3-6100, i3-6100E, i3-6100T, i3-6100TE, i3-6102E, i3-6120, i3-6120T, i3-6300, i3-6300T, i3-6320, i3-6320T Intel® Pentium® Processor G4400, G4400T, G4400TE, G4420, G4420T, G4500, G4500T, G4520, G4520T, G4540 Intel® Celeron® Processor G3900, G3900T, G3900TE, G3902E, G3920, G3920T, G3940 |
| 0x7a (122) | 0x01 (1) | 0x34 (52) (***) | CVE-2020-8695 | Gemini Lake | Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series Intel® Pentium® Silver Processor J5005, N5000 Intel® Celeron® Processor J4005, J4105, N4000, N4100 |
| 0x7a (122) | 0x08 (8) | 0x18 (24) | CVE-2020-8695 | Gemini Lake | Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series Intel® Pentium® Silver J5040, N5030 Processor Intel® Celeron® Processor J4025, J4125, N4020, N4120 |
| 0x7e (126) | 0x05 (5) | 0xa0 (160) | CVE-2020-8695, CVE-2020-8698 | Ice Lake U Ice Lake Y |
10th Generation Intel® Coretm Processor Family Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1 |
| 0x8e (142) | 0x09 (9) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Kaby Lake U Kaby Lake U (2+3e) Kaby Lake Y |
7th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-7500U, i7-7510U, i7-7600U, i7-7560U, i7-7567U, i7-7660U, i7-7Y75, i5-7200U, i5-7210U, i5-7300U, i5-7500U, i5-7260U, i5-7267U, i5-7287U, i5-7360U, i5-7Y54, i5-7Y57, i3-7007U, i3-7100U, i3-7110U, i3-7130U, i3-7167U, M3-7Y30, M3-7Y30 Intel® Pentium® Processor 4415U, 4410Y, 4415Y Intel® Celeron® Processor 3865U, 3965U, 3965Y |
| 0x8e (142) | 0x09 (9) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Amber Lake Y | 8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8500Y, i5-8310Y, i5-8210Y, i5-8200Y, m3-8100Y |
| 0x8e (142) | 0x0a (10) | 0xe0 (224) | CVE-2020-8695, CVE-2020-8696 | Coffee Lake U (4+3e) Kaby Lake Refresh U (4+2) |
8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8559U, i7-8550U, i7-8650U, i5-8259U, 8269U, i5-8250U, i5-8350U, i3-8109U, i3-7020U, i3-8130U |
| 0x8e (142) | 0x0b (11) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Whiskey Lake U | 8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8565U, i7-8665U, i5-8365U, i5-8265U, i3-8145U Intel® Core™ Processor 4205U, 5405U |
| 0x8e (142) | 0x0c (12) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Whiskey Lake U, Amber Lake Y, Comet Lake U (4+2) | 8th Generation Intel® Core™ Processor Family 10th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-10510Y, i5-10310Y, i5-10210Y, i5-10110Y, i7-10510U, i7-8565U, i7-8665U, i5-10210U, i5-8365U, i5-8265U, Intel® Pentium® Gold Processor 6405U, Intel® Celeron® Processor 5305U |
| 0x9e (158) | 0x09 (9) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Kaby Lake G Kaby Lake H Kaby Lake S Kaby Lake X Kaby Lake Xeon E3 |
7th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family Intel® Core™ X-series Processors (i5-7640X, i7-7740X) Intel® Core™ Processor i7-8705G, i7-8706G, i7-8709G, i7-8809G, i5-8305G, Intel® Core™ Processor i7-7700HQ, i7-7820EQ, i7-7820HK, i7-7820HQ, i7-7920HQ, i7-7700, i7-7700K, i7-7700T, i5-7300HQ, i5-7440EQ, i5-7440HQ, i5-7442EQ, i5-7400, i5-7400T, i5-7500, i5-7500T, i5-7600, i5-7600K, i5-7600T, i3-7100H, i3-7100E, i3-7101E, i3-7101TE, i3-7102E, i3-7120, i3-7120T, i3-7320T, i3-7340 Intel® Celeron® Processor G3930E, G3930TE Intel® Xeon® Processor v6 E3-1535M, E3-1505M, E3-1505L, E3-1501L, E3-1501M, E3-1285, E3-1280, E3-1275, E3-1270, E3-1245, E3-1240, E3-1230, E3-1225, E3-1220 |
| 0x9e (158) | 0x0a (10) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Coffee Lake H (6+2) Coffee Lake S (6+2) Coffee Lake S (6+2) Xeon E Coffee Lake S (4+2) Xeon E |
8th Generation Intel® Core™ Processor Family Intel® Xeon® Processor E Family Intel® Core™ Processor i9-8950HK, i7-8700K, i7-8700B, i7-8750H, i7-8850H, i7-8670, i7-8670T, i7-8700, i7-8700T, i5-8600K, i5-8650K, i5-8300H, i5-8400B, i5-8400H, i5-8500B, i5-8400, i5-8400T, i5-8420, i5-8420T, i5-8500 , i5-8500T, i5-8550, i5-8600, i5-8600T, i5-8650 Intel® Xeon® Processor E-2174G, E-2144G, E-2134, E-2124, E-2124G, E-2284G, E-2274G, E-2254ML, E-2254ME, E-2244G, E-2234, E-2224, E-2224G, E-2184G, E-2186G, E-2176G, E-2176M, E-2146G, E-2136, E-2126G, 2286G, E-2276ML, E-2276ME, E-2276M, E-2276G, E-2246G, E-2236, E-2226GE, E-2226G, E-2186M, E-2176M |
| 0x9e (158) | 0x0b (11) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Coffee Lake S (4+2) | 8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series Intel® Core™ Processor i3-8000, i3-8000T, i3-8020, i3-8100, i3-8100, i3-8100H, i3-8100T, i3-8120, i3-8300, i3-8300T, i3-8350K Intel® Pentium® Gold G5400, G5400T, G5400T, G5420, G5420T, G5420T, G5500, G5500T, G5600 Intel® Celeron® Processor G4900, G4900T, G4920 |
| 0x9e (158) | 0x0c (12) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Coffee Lake S (8+2) | 9th Generation Intel® Core™ Processor Family Intel® Core™ Processor i9-9900K, i9-9900KF, i7-9700K, i7-9700KF, i5-9600K, i5-9600KF, i5-9400, i5-9400F |
| 0x9e (158) | 0x0d (13) | 0xde (222) | CVE-2020-8695, CVE-2020-8696 | Coffee Lake H (8+2) Coffee Lake S (8+2) Coffee Lake S (8+2) Xeon E |
9th Generation Intel® Core™ Processor Family Intel® Core™ Processor i9-9980HK, i9-9880H, i7-9850H, 9750HF, i5-9400H, 9300H Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G |
| 0xa5 (165) | 0x02 (2) | 0xe0 (224) | CVE-2020-8695 | Comet Lake H | 10th Generation Intel® Core™ Processor Family |
| 0xa5 (165) | 0x03 (3) | 0xe0 (224) | CVE-2020-8695 | Comet Lake S (6+2) | 10th Generation Intel® Core™ Processor Family |
| 0xa5 (165) | 0x05 (5) | 0xe0 (224) | CVE-2020-8695 | Comet Lake S (10+2) | 10th Generation Intel® Core™ Processor Family |
| 0xa6 (166) | 0x00 (0) | 0xe0 (224) | CVE-2020-8695 | Comet Lake U (6+2) | 10th Generation Intel® Core™ Processor Family |
| 0xa6 (166) | 0x01 (1) | 0xe0 (224) | CVE-2020-8695 | Comet Lake U (6+2) v2 | 10th Generation Intel® Core™ Processor Family |
(*) The update is disabled by default due to possible hangs. See /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme for details.
(**) The update is disabled by default due to possible hangs. See /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme for details.
(***) The update will be available at a later date.
Resolution
Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.
Acknowledgements
Red Hat thanks Intel for fixing these issues and making Red Hat aware.
Frequently Asked Questions
Q: Do I need to reboot for the changes to take effect?
A: There are two sections to this update. The microcode update does not require a system reboot to take effect. The kernel update includes a modification which changes the permissions on the exported RAPL device that would allow an attacker to abuse this flaw. The kernel will need to be updated and system rebooted for the changes in permissions to take effect.
Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
Additional Information
Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.
Related Knowledge Base articles:
- Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3639 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3620 and CVE-2018-3646 via the microcode_ctl package?
- Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
- Intel November 2019 Microcode Update
- Intel June 2020 Microcode Update
Comments