important: grub2/microcode_ctl security update
An update for grub2/microcode_ctl is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
grub2: The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. This subpackage provides tools for support of all platforms.
microcode_ctl: The microcode_ctl utility is a companion to the microcode driver written by Tigran Aivazian
grub2: A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-10713)
grub2: A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based overflows in several code paths. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.(CVE-2020-14308)
grub2: A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this vulnerability is to integrity and system availability.(CVE-2020-14311)
grub2: A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14309)
grub2: A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability is to data integrity and system availability.(CVE-2020-14310)
grub2: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15705)
grub2: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15706)
grub2: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15707)
microcode_ctl: A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory.(CVE-2019-0117)
microcode_ctl: A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.(CVE-2020-0543)
microcode_ctl: A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.(CVE-2020-0548)
microcode_ctl: A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.(CVE-2020-0549)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Remember the build tag is 5.05.F10B3.