CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
29.4%
This update for ucode-intel fixes the following issues :
Updated to 20191112 security release (bsc#1155988)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;
Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
Includes security fixes for :
CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2957-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(130955);
script_version("1.5");
script_cvs_date("Date: 2019/12/13");
script_cve_id("CVE-2019-11135", "CVE-2019-11139");
script_name(english:"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2957-1)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for ucode-intel fixes the following issues :
Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms
----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms
------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8
Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10
Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;
Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8
Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
Includes security fixes for :
- CVE-2019-11135: Added feature allowing to disable TSX
RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage
modulation issues (bsc#1141035)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1139073"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1141035"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1155988"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2019-11135/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2019-11139/"
);
# https://www.suse.com/support/update/announcement/2019/suse-su-20192957-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?35302afb"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-2957=1"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ucode-intel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"ucode-intel-20191112-3.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"ucode-intel-20191112-3.28.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ucode-intel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11139
www.nessus.org/u?35302afb
bugzilla.suse.com/show_bug.cgi?id=1139073
bugzilla.suse.com/show_bug.cgi?id=1141035
bugzilla.suse.com/show_bug.cgi?id=1155988
www.suse.com/security/cve/CVE-2019-11135/
www.suse.com/security/cve/CVE-2019-11139/
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
29.4%