Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2504-1 Final 1 1 2019-11-14T05:54:05Z current 2019-11-14T05:54:05Z 2019-11-14T05:54:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2504 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE/#M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE E-Mail link for openSUSE-SU-2019:2504-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1141035 SUSE Bug 1141035 https://bugzilla.suse.com/1155988 SUSE Bug 1155988 https://www.suse.com/security/cve/CVE-2019-11135/ SUSE CVE CVE-2019-11135 page https://www.suse.com/security/cve/CVE-2019-11139/ SUSE CVE CVE-2019-11139 page openSUSE Leap 15.0 ucode-intel-20191112-lp150.2.30.1 ucode-intel-20191112-lp150.2.30.1 as a component of openSUSE Leap 15.0 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE/#M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE https://www.suse.com/security/cve/CVE-2019-11135.html CVE-2019-11135 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152497 SUSE Bug 1152497 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1160120 SUSE Bug 1160120 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11139 openSUSE Leap 15.0:ucode-intel-20191112-lp150.2.30.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE/#M3QLZVRJX73SZ6RSPQ7ODD7UC3C6F6FE https://www.suse.com/security/cve/CVE-2019-11139.html CVE-2019-11139 https://bugzilla.suse.com/1141035 SUSE Bug 1141035