Debian Security Advisory
DLA-2546-1 intel-microcode -- LTS security update
- Date Reported:
- 06 Feb 2021
- Affected Packages:
- intel-microcode
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-8695, CVE-2020-8696, CVE-2020-8698.
- More information:
-
- CVE-2020-8695
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2020-8696
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2020-8698
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
For Debian 9 stretch, these problems have been fixed in version 3.20201118.1~deb9u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2020-8695