NS-SA-2022-0034

简介

important: samba/microcode_ctl security update

严重级别

important

主题

An update for samba/microcode_ctl is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

samba: The samba-client package provides some SMB/CIFS clients to complement the built-in SMB/CIFS filesystem in Linux. These clients allow access of SMB/CIFS shares and printing to SMB/CIFS printers.
microcode_ctl: The microcode_ctl utility is a companion to the microcode driver written by Tigran Aivazian . The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode.


Security Fix(es):
samba: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2021-20254)
samba: bugfix
microcode_ctl: A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24513)
microcode_ctl: Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24511)
microcode_ctl: Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-24512)
microcode_ctl: A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.(CVE-2020-8696)
microcode_ctl: A flaw was found in Intel® VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-24489)
microcode_ctl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F13B5.

影响组件

• samba
• microcode_ctl

影响产品

• CGSL MAIN 5.05
• CGSL CORE 5.05

更新包

CVE

• CVE-2021-20254
• CVE-2020-24513
• CVE-2020-24511
• CVE-2020-24512
• CVE-2020-8696
• CVE-2020-24489

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20254
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24513
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24511
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24512
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8696
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24489