Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS Advisory ([SECURITY] [DLA 1446-1] intel-microcode security update)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.9

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

5 years ago

Summary

Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors' processors and operating systems. This update requires an update to the intel-microcode package, which is non-free. Users who have already installed the version from jessie-backports-sloppy do not need to upgrade. CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2018-3640 - Rogue System Register Read (RSRE) - also known as Variant 3a Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis.

Affected Software

Affected Software

intel-microcode on Debian Linux

Detection Method

Detection Method

This check tests the installed software version using the apt package manager.

Solution

Solution

For Debian 8 'Jessie', these problems have been fixed in version 3.20180703.2~deb8u1. We recommend that you upgrade your intel-microcode packages.

Common Vulnerabilities and Exposures (CVE)