Arch Linux 811 Published by

An intel-ucode security update has been released for Arch Linux.



ASA-202102-34: intel-ucode: information disclosure


Arch Linux Security Advisory ASA-202102-34
=========================================
Severity: Medium
Date : 2021-02-27
CVE-ID : CVE-2020-8696 CVE-2020-8698
Package : intel-ucode
Type : information disclosure
Remote : No
Link :   https://security.archlinux.org/AVG-1588

Summary
======
The package intel-ucode before version 20210216-1 is vulnerable to
information disclosure.

Resolution
=========
Upgrade to 20210216-1.

# pacman -Syu "intel-ucode> 210216-1"

The problems have been fixed upstream in version 20210216.

Workaround
=========
None.

Description
==========
- CVE-2020-8696 (information disclosure)

Improper removal of sensitive information before storage or transfer in
some Intel(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access.

- CVE-2020-8698 (information disclosure)

Improper isolation of shared resources in some Intel(R) Processors may
allow an authenticated user to potentially enable information
disclosure via local access.

Impact
=====
An authenticated attacker could disclose information.

References
=========
  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
  https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216
  https://security.archlinux.org/CVE-2020-8696
  https://security.archlinux.org/CVE-2020-8698