New Intel Vulnerabilities Now Patched in All Supported Ubuntu Releases

New Intel Vulnerabilities

Following the recent Linux kernel updates for Ubuntu 20.10 and all the supported Ubuntu releases, Canonical published today an updated version of the Intel Microcode package to address the latest vulnerabilities.

In addition to the CVE-2020-8694 vulnerability already patched in the Linux kernels of all supported Ubuntu releases, the new Intel Microcode update also patches the CVE-2020-8695, CVE-2020-8696 and CVE-2020-8698 vulnerabilities, which could allow a local attacker to expose sensitive information.

CVE-2020-8695 was discovered by Andreas Kogler, Catherine Easdon, Claudio Canella, Daniel Gruss, David Oswald, Michael Schwarz, and Moritz Lipp, in the Intel Running Average Power Limit (RAPL) feature of certain Intel processors, which allowed for a side-channel attack based on power consumption measurements.

On the other hand, CVE-2020-8696 and CVE-2020-8698 were discovered by Ezra Caltum, Joseph Nuzman, Nir Shildan, and Ofir Joseff in some Intel processors, causing them to improperly isolate shared resources or remove sensitive information before storage or transfer. These could allow an authenticated user to potentially enable information disclosure via local access.

While CVE-2020-8698 was marked by Intel as having a medium security impact, CVE-2020-8696 is tagged with a low security impact. More details are available in Intel’s latest security advisory.

Canonical was quick to publish new versions of the Intel Microcode package for all supported Ubuntu Linux releases, including Ubuntu 20.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM.

All users are urged to update their installations as soon as possible to intel-microcode 3.20201110.0, which is now available in the main archives. To update, run the command below in a terminal emulator, which will also install the latest Linux kernel updates.

sudo apt update && sudo apt full-upgrade

Most probably, these vulnerabilities will also be patched in Debian GNU/Linux, SUSE Linux, Red Hat Enterprise Linux, and many other well-known operating systems, as well as all the other Ubuntu derivatives, so make sure you update your installations regularly.

Update: Canonical reverted this update on all supported Ubuntu releases due to a regression causing boot failures on certain Tiger Lake system. More details here.

Last updated 3 years ago

Buy Me a Coffee at