Extended Support for Ubuntu: Patch Intel Microcode Vulnerabilities
Intel Microcode, a critical component of Intel CPUs, has been found to contain security vulnerabilities. These vulnerabilities could potentially allow attackers to gain unauthorized access to sensitive information or even crash systems.
Intel Microcode Vulnerabilities Fixed
Following two vulnerabilities have been identified in Intel Microcode, affecting some Intel processors.
This vulnerability stems from improper restrictions on access to the Running Average Power Limit (RAPL) interface. This flaw could allow a local privileged attacker to obtain sensitive information.
This vulnerability relates to the improper implementation of finite state machines (FSMs) in the hardware logic of certain Intel processors. This flaw could allow a local privileged attacker to cause a denial of service, leading to service disruption.
Protecting Your Ubuntu Systems
To mitigate these risks, it is essential to update your Intel Microcode package to the latest version. Canonical has issued security updates to address these vulnerabilities across multiple Ubuntu versions, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, as well as the ESM versions of Ubuntu 18.04 and Ubuntu 16.04. Both Ubuntu 18.04 and Ubuntu 16.04 have already reached the end-of-life status and no longer receive official updates from Canonical.
However, Canonical offers Expanded Security Maintenance (ESM) service that provides extended support and security patches for end-of-life Ubuntu releases. To obtain security updates via ESM in your Ubuntu 18.04 or Ubuntu 16.04 systems, you’ll need to have a Ubuntu Pro subscription.
Alternatively, you can consider using TuxCare’s Extended Lifecycle Support (ELS), an affordable solution that allows you to receive automated vulnerability patches for your end-of-life Linux systems.
TuxCare’s ELS offers up to five years of security patches for Ubuntu 16.04 and Ubuntu 18.04 beyond their official end-of-life dates. This includes patches for over 140 packages, including Intel Microcode, Linux kernel, glibc, OpenSSL, and other critical components. The ELS team has already deployed patches for the above Intel Microcode vulnerabilities in Ubuntu 16.04 and Ubuntu 18.04.
Other Linux distributions supported by TuxCare include CentOS 6, CentOS 7, CentOS 8, CentOS Stream 8, Oracle Linux 6, and Oracle Linux 7.
If you need assistance with extended support options, ask questions to our Linux security experts and one of them will get back to you.
Source: USN-7033-1