RHSA-2021:2299 - Security Advisory

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The microcode_ctl packages provide microcode updates for Intel.

Security Fix(es):

• hw: vt-d related privilege escalation (CVE-2020-24489)
• hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
• hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
• hw: information disclosure on some Intel Atom processors (CVE-2020-24513)

Bug Fix(es) and Enhancement(s):

• Update Intel CPU microcode to microcode-20210525 release
• Do not use "grep -q" in a pipe in check_caveats.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386

Fixes

• BZ - 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
• BZ - 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors
• BZ - 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
• BZ - 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors

CVEs

• CVE-2020-24489
• CVE-2020-24511
• CVE-2020-24512
• CVE-2020-24513

References

• https://access.redhat.com/security/updates/classification/#important