Oval Definition:oval:org.opensuse.security:def:64524
Revision Date:2021-06-10Version:1
Title:Security update for ucode-intel (Important)
Description:

This update for ucode-intel fixes the following issues:

Updated to Intel CPU Microcode 20210608 release.

- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)

See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)

- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)

See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)

- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)

See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html

Other fixes:

- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.

- New platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11

- Updated platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Family:unixClass:patch
Status:Reference(s):1100369
1109160
1118367
1118368
1122560
1128220
1137614
1137615
1139406
1141430
1141431
1141432
1156205
1156431
1157001
1157051
1159342
1160663
1161168
1168029
1168030
1168031
1168032
1170667
1170713
1171313
1171572
1171579
1171740
1172175
1172176
1172958
1173274
1173307
1173311
1173983
1175443
1176092
1176674
1178512
1179833
1179836
1179837
1179839
906079
CVE-2015-0552
CVE-2016-10243
CVE-2017-3136
CVE-2018-5345
CVE-2018-5741
CVE-2019-10067
CVE-2019-12248
CVE-2019-12497
CVE-2019-12746
CVE-2019-13457
CVE-2019-13458
CVE-2019-16375
CVE-2019-16779
CVE-2019-18179
CVE-2019-18180
CVE-2019-6477
CVE-2019-9752
CVE-2019-9892
CVE-2020-11076
CVE-2020-11077
CVE-2020-14422
CVE-2020-1765
CVE-2020-1766
CVE-2020-1769
CVE-2020-1770
CVE-2020-1771
CVE-2020-1772
CVE-2020-1773
CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
CVE-2020-28196
CVE-2020-8154
CVE-2020-8155
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
openSUSE-SU-2020:0036-1
openSUSE-SU-2020:0670-1
openSUSE-SU-2020:0989-1
openSUSE-SU-2020:0990-1
openSUSE-SU-2020:1475-1
openSUSE-SU-2020:1699-1
SUSE-SU-2021:1933-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • otrs-6.0.29-lp152.2.3 is installed
  • OR otrs-doc-6.0.29-lp152.2.3 is installed
  • OR otrs-itsm-6.0.29-lp152.2.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • bind-9.16.6-lp152.14.3 is installed
  • OR bind-chrootenv-9.16.6-lp152.14.3 is installed
  • OR bind-devel-9.16.6-lp152.14.3 is installed
  • OR bind-devel-32bit-9.16.6-lp152.14.3 is installed
  • OR bind-doc-9.16.6-lp152.14.3 is installed
  • OR bind-utils-9.16.6-lp152.14.3 is installed
  • OR libbind9-1600-9.16.6-lp152.14.3 is installed
  • OR libbind9-1600-32bit-9.16.6-lp152.14.3 is installed
  • OR libdns1605-9.16.6-lp152.14.3 is installed
  • OR libdns1605-32bit-9.16.6-lp152.14.3 is installed
  • OR libirs-devel-9.16.6-lp152.14.3 is installed
  • OR libirs1601-9.16.6-lp152.14.3 is installed
  • OR libirs1601-32bit-9.16.6-lp152.14.3 is installed
  • OR libisc1606-9.16.6-lp152.14.3 is installed
  • OR libisc1606-32bit-9.16.6-lp152.14.3 is installed
  • OR libisccc1600-9.16.6-lp152.14.3 is installed
  • OR libisccc1600-32bit-9.16.6-lp152.14.3 is installed
  • OR libisccfg1600-9.16.6-lp152.14.3 is installed
  • OR libisccfg1600-32bit-9.16.6-lp152.14.3 is installed
  • OR libns1604-9.16.6-lp152.14.3 is installed
  • OR libns1604-32bit-9.16.6-lp152.14.3 is installed
  • OR libuv-1.18.0-lp152.4.3 is installed
  • OR libuv-devel-1.18.0-lp152.4.3 is installed
  • OR libuv1-1.18.0-lp152.4.3 is installed
  • OR libuv1-32bit-1.18.0-lp152.4.3 is installed
  • OR python3-bind-9.16.6-lp152.14.3 is installed
  • OR sysuser-shadow-2.0-lp152.5.3 is installed
  • OR sysuser-tools-2.0-lp152.5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND ucode-intel-20210525-7.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • gcab-1.1-1 is installed
  • OR gcab-devel-1.1-1 is installed
  • OR gcab-lang-1.1-1 is installed
  • OR libgcab-1_0-0-1.1-1 is installed
  • OR typelib-1_0-GCab-1_0-1.1-1 is installed
    • BACK