Cloud security daily 220621: Intel microcode vulnerability found in Ubuntu operating system, which needs to be upgraded as soon as possible

Ubuntu Is a desktop based application Linux operating system . It is an open source free software , Provides a robust 、 A feature rich computing environment , Suitable for both home use and business environment .Ubuntu Business support for hundreds of companies around the world .

6 month 20 Japan ,Ubuntu Security updates have been issued , Repair the Ubuntu Intel microcode vulnerability found in operating system . Here are the details of the vulnerability ：

Vulnerability Details

source :https://ubuntu.com/security/notices/USN-5486-1

1.CVE-2021-0146 CVSS score ：6.8 severity ： secondary

The hardware allows for some intel... At run time (R) Processor activates test or debug logic , This may allow unauthenticated users to potentially enable privilege escalation through physical access .

2.CVE-2021-0127 CVSS score :5.6 severity ： secondary

Some Intel (R) Inadequate control flow management in the processor may allow authenticated users to enable denial of service through local access .

3.CVE-2021-0145CVSS score ：5.5 severity ： secondary

Some Intel (R) Improper initialization of shared resources in the processor may allow authenticated users to potentially enable information disclosure through local access .

4.CVE-2021-33117 CVSS score :5.5 severity ： secondary

about BIOS edition MR7 Some of the previous 3 generation Intel(R) Xeon(R) Scalable Processor Improper access control , Local attackers may enable information disclosure through local access .

5.CVE-2021-33120 CVSS score :5.4 severity ： secondary

In some Intel Lexus (R) Processor memory subsystem under complex microarchitecture conditions , Out of bounds reading may allow authenticated users to potentially enable information disclosure or cause denial of service through network access

Affected products and versions

The above vulnerabilities affect Ubuntu 22.04 LTS, Ubuntu 21.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS

Solution

This problem can be corrected by updating the system to the following package version ：

Ubuntu 22.04:

Intel microcode - 3.20220510.0ubuntu0.22.04.1

Ubuntu 21.10:

Intel microcode - 3.20220510.0ubuntu0.21.10.1

Ubuntu 20.04:

Intel microcode - 3.20220510.0ubuntu0.20.04.1

Ubuntu 18.04:

Intel microcode - 3.20220510.0ubuntu0.18.04.1

View more vulnerability information And upgrade, please visit the official website ：

https://ubuntu.com/security/cve