From 507fd36689b5200e5d01ff5e1cda5f038ece3531 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 7 Jun 2020 20:36:01 +0100 Subject: dsa-texts: Fill in more issue descriptions --- dsa-texts/4.19.118-2+deb10u1 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'dsa-texts/4.19.118-2+deb10u1') diff --git a/dsa-texts/4.19.118-2+deb10u1 b/dsa-texts/4.19.118-2+deb10u1 index 50514e0b8..cd5590efb 100644 --- a/dsa-texts/4.19.118-2+deb10u1 +++ b/dsa-texts/4.19.118-2+deb10u1 @@ -29,7 +29,19 @@ CVE-2019-19462 CVE-2020-0543 - Description + Researchers at VU Amsterdam discovered that on some Intel x86 + systems supporting the RDRAND and RDSEED instructions, speculative + execution may use part of a random value that was previously + generated for use on another core. Depending on how these + instructions are used by applications, a local user or VM guest + could use this to obtain sensitive information including + cryptographic keys from other users or VMs. + + This vulnerability can be mitigated by a microcode update, either + as part of system firmware (BIOS) or through the intel-microcode + package in Debian's non-free archive section. This kernel update + only provides reporting of the vulnerability and the option to + disable the mitigation if it is not needed. CVE-2020-10711 -- cgit v1.2.3