Debian Intel-Microcode vulnerabilities

90 known vulnerabilities affecting debian/intel-microcode.

Total CVEs

90

CISA KEV

0

Public exploits

2

Exploited in wild

1

Severity breakdown

HIGH21MEDIUM66LOW3

Vulnerabilities

Page 5 of 5

CVE-2019-14607MEDIUMCVSS 5.3fixed in intel-microcode 3.20191115.1 (bookworm)2019

CVE-2019-14607 [MEDIUM] CVE-2019-14607: intel-microcode - Improper conditions check in multiple Intel® Processors may allow an authenticat... Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. Scope: local bookworm: resolved (fixed in 3.20191115.1) bullseye: resolved (fixed in 3.20191115.1) forky: resolved (fixed in 3.20191115.1) sid: resol

CVE-2018-3620MEDIUMCVSS 5.6fixed in intel-microcode 3.20180703.1 (bookworm)2018

CVE-2018-3620 [MEDIUM] CVE-2018-3620: intel-microcode - Systems with microprocessors utilizing speculative execution and address transla... Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180703.1) bullseye: resolved (fixed in 3.20180703.1) for

CVE-2018-12130MEDIUMCVSS 5.6fixed in intel-microcode 3.20190514.1 (bookworm)2018

CVE-2018-12130 [MEDIUM] CVE-2018-12130: intel-microcode - Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some micro... Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-in

CVE-2018-3639MEDIUMCVSS 5.5ExploitedPoCfixed in intel-microcode 3.20180703.1 (bookworm)2018

CVE-2018-3639 [MEDIUM] CVE-2018-3639: intel-microcode - Systems with microprocessors utilizing speculative execution and speculative exe... Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Scope: local bookworm: resolved (fix

CVE-2018-3646MEDIUMCVSS 5.6fixed in intel-microcode 3.20180703.1 (bookworm)2018

CVE-2018-3646 [MEDIUM] CVE-2018-3646: intel-microcode - Systems with microprocessors utilizing speculative execution and address transla... Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180703.1) bullseye: resolved (fi

CVE-2018-12127MEDIUMCVSS 5.6fixed in intel-microcode 3.20190514.1 (bookworm)2018

CVE-2018-12127 [MEDIUM] CVE-2018-12127: intel-microcode - Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microproc... Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-inform

CVE-2018-3640MEDIUMCVSS 5.6fixed in intel-microcode 3.20180703.1 (bookworm)2018

CVE-2018-3640 [MEDIUM] CVE-2018-3640: intel-microcode - Systems with microprocessors utilizing speculative execution and that perform sp... Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Scope: local bookworm: resolved (fixed in 3.20180703.1) bullseye: resol

CVE-2018-12126MEDIUMCVSS 5.6fixed in intel-microcode 3.20190514.1 (bookworm)2018

CVE-2018-12126 [MEDIUM] CVE-2018-12126: intel-microcode - Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some mic... Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-

CVE-2018-3615MEDIUMCVSS 6.4fixed in intel-microcode 3.20180703.1 (bookworm)2018

CVE-2018-3615 [MEDIUM] CVE-2018-3615: intel-microcode - Systems with microprocessors utilizing speculative execution and Intel software ... Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180703.1) bullseye: resolved (fixed in 3.20

CVE-2017-5715MEDIUMCVSS 5.6PoCfixed in amd64-microcode 3.20180515.1 (bookworm)2017

CVE-2017-5715 [MEDIUM] CVE-2017-5715: amd64-microcode - Systems with microprocessors utilizing speculative execution and indirect branch... Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180515.1) bullseye: resolved (fixed in 3.20180515.1) forky: resolved (fixed in 3.20180515.1) sid: resolved

← Previous5 / 5