Intel Releases Updated Microcode For Linux Users To Mitigate Xeon Security Issue
The updated Intel microcode-20210216 package that was made public on Tuesday is for addressing the security advisory INTEL-SA-00381. INTEL-SA-00381 consists of CVE-2020-8698 as a medium-level vulnerability that due to improper isolation of shared resources could lead to an authenticated user to potentially enable information disclosure. Also part of this security advisory is the lower priority CVE-2020-8696 around improper removal of sensitive information before storage or transfer could lead to information disclosure.
For both of these issues they are contingent on any attacker first having local user access to the system. But given this While disclosed on 10 November, Intel only began distributing updated CPU microcode files for affected Skylake / Cascade Lake server processors at the end of January and now this week updated their Linux CPU microcode repository.
As for the changed microcode behavior with the latest update, Intel notes, "The new microcode update mitigates an issue when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset."
This new Intel CPU microcode package for Linux users can be obtained via GitHub. Besides addressing SA-00381 for Skylake / Cascade Lake Xeon there are no other listed changes with this update.