SB2021060961 - Ubuntu update for intel-microcode

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

2) Incomplete cleanup (CVE-ID: CVE-2020-24489)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incomplete cleanup, which leads to security restrictions bypass and privilege escalation.

3) Information disclosure (CVE-ID: CVE-2020-24511)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper isolation of shared resources. A local user can gain unauthorized access to sensitive information on the system.

4) Observable discrepancy (CVE-ID: CVE-2020-24512)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2020-24513)

The vulnerability allows a local user o gain access to potentially sensitive information.

The vulnerability exists due to domain-bypass transient execution issue. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-4985-1