MGASA-2021-0140

Advisory lineage Upstream: 2 Downstream: 0
Published: 17 Mar 2021, 06:16
Last modified:16 Apr 2026, 04:25

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

17 Mar 2021, 06:16
Published
Vulnerability first disclosed
16 Apr 2026, 04:25
Last Modified
Vulnerability information updated

Description

Updated microcode package fixes security vulnerabilities This update adds new microcode updates to mitigate CVE-2020-8696 for Intel Skylake server (50654) and Cascade Lake Server (50656 & 50657) processors. The new microcode update mitigates an issue when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-8698). Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-8696).

Affected Systems

  • mageiamicrocode

    < 0.20210216-1.mga7.nonfree

  • mageiamicrocode

    < 0.20210216-1.mga8.nonfree

References (3)