Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2959-1 Final 1 1 2019-11-12T18:17:15Z current 2019-11-12T18:17:15Z 2019-11-12T18:17:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2019-2959,SUSE-2019-2959,SUSE-OpenStack-Cloud-7-2019-2959,SUSE-OpenStack-Cloud-8-2019-2959,SUSE-OpenStack-Cloud-Crowbar-8-2019-2959,SUSE-SLE-DESKTOP-12-SP4-2019-2959,SUSE-SLE-SAP-12-SP1-2019-2959,SUSE-SLE-SAP-12-SP2-2019-2959,SUSE-SLE-SAP-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP1-2019-2959,SUSE-SLE-SERVER-12-SP2-2019-2959,SUSE-SLE-SERVER-12-SP2-BCL-2019-2959,SUSE-SLE-SERVER-12-SP3-2019-2959,SUSE-SLE-SERVER-12-SP3-BCL-2019-2959,SUSE-SLE-SERVER-12-SP4-2019-2959,SUSE-SLE-SERVER-12-SP5-2019-2959,SUSE-Storage-5-2019-2959 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/ Link for SUSE-SU-2019:2959-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1.html E-Mail link for SUSE-SU-2019:2959-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1141035 SUSE Bug 1141035 https://bugzilla.suse.com/1154043 SUSE Bug 1154043 https://bugzilla.suse.com/1155988 SUSE Bug 1155988 https://www.suse.com/security/cve/CVE-2019-11135/ SUSE CVE CVE-2019-11135 page https://www.suse.com/security/cve/CVE-2019-11139/ SUSE CVE CVE-2019-11139 page HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ucode-intel-20191112-13.53.1 ucode-intel-20191112-13.53.1 as a component of HPE Helion OpenStack 8 ucode-intel-20191112-13.53.1 as a component of SUSE Enterprise Storage 5 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP4 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server 12 SP5 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 ucode-intel-20191112-13.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 ucode-intel-20191112-13.53.1 as a component of SUSE OpenStack Cloud 7 ucode-intel-20191112-13.53.1 as a component of SUSE OpenStack Cloud 8 ucode-intel-20191112-13.53.1 as a component of SUSE OpenStack Cloud Crowbar 8 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1 SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/ https://www.suse.com/security/cve/CVE-2019-11135.html CVE-2019-11135 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152497 SUSE Bug 1152497 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1160120 SUSE Bug 1160120 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11139 HPE Helion OpenStack 8:ucode-intel-20191112-13.53.1 SUSE Enterprise Storage 5:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Desktop 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20191112-13.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud 7:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud 8:ucode-intel-20191112-13.53.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20191112-13.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/ https://www.suse.com/security/cve/CVE-2019-11139.html CVE-2019-11139 https://bugzilla.suse.com/1141035 SUSE Bug 1141035