USN-4985-1: Intel Microcode vulnerabilities

09 June 2021

Several security issues were fixed in Intel Microcode.

Releases

Packages

Details

It was discovered that some Intel processors may not properly invalidate
cache entries used by Intel Virtualization Technology for Directed I/O
(VT-d). This may allow a local user to perform a privilege escalation
attack. (CVE-2020-24489)

Joseph Nuzman discovered that some Intel processors may not properly apply
EIBRS mitigations (originally developed for CVE-2017-5715) and hence may
allow unauthorized memory reads via sidechannel attacks. A local attacker
could use this to expose sensitive information, including kernel
memory. (CVE-2020-24511)

Travis Downs discovered that some Intel processors did not properly flush
cache-lines for trivial-data values. This may allow an unauthorized user to
infer the presence of these trivial-data-cache-lines via timing sidechannel
attacks. A local attacker could use this to expose sensitive
information. (CVE-2020-24512)

It was discovered that certain Intel Atom processors could expose memory
contents stored in microarchitectural buffers. A local attacker could use
this to expose sensitive information. (CVE-2020-24513)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04

After a standard system update you need to reboot your computer to make
all the necessary changes.