Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.14758.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:14758-1)
Summary:The remote host is missing an update for the 'microcode_ctl' package(s) announced via the SUSE-SU-2021:14758-1 advisory.
Description:Summary:
The remote host is missing an update for the 'microcode_ctl' package(s) announced via the SUSE-SU-2021:14758-1 advisory.

Vulnerability Insight:
This update for microcode_ctl fixes the following issues:

Updated to Intel CPU Microcode 20210525 release:

CVE-2020-24513: A domain bypass transient execution vulnerability was
discovered on some Intel Atom processors that use a micro-architectural
incident channel. (bsc#1179833)

CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient
execution side channel vulnerabilities may not fully prevent non-root
(guest) branches from controlling the branch predictions of the root
(host) (bsc#1179836)

CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero
value cache-lines may lead to changes in cache-allocation or write-back
behavior for such cache-lines (bsc#1179837)

CVE-2020-24489: Fixed Intel VT-d device pass through potential local
privilege escalation (bsc#1179839)

Affected Software/OS:
'microcode_ctl' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-24489
Common Vulnerability Exposure (CVE) ID: CVE-2020-24511
Common Vulnerability Exposure (CVE) ID: CVE-2020-24512
Common Vulnerability Exposure (CVE) ID: CVE-2020-24513
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.