A new updated microcode_ctl package with the fix for the CVEs within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

CVEs fixed:

• CVE-2021-24489
• CVE-2020-24511
• CVE-2020-24512
• CVE-2020-24513

Rollout slot: 4
Rolled out to: 0.1%
ETA for 100% rollout: September 21

Changelog

microcode_ctl-1.17-33.34.el6.cloudlinux.els

• Fix incomplete cleanup in some Intel(R) VT-d products (CVE-2020-24489)
• Fix improper isolation of shared resources in some Intel(R) Processors (CVE-2020-24511)
• Fix observable timing discrepancy in some Intel(R) Processors (CVE-2020-24512)
• Fix domain-bypass transient execution vulnerability in some Intel Atom(R) Processors (CVE-2020-24513)

Update command

yum update microcode_ctl*

Immediate update (via bypass)

yum update microcode_ctl* --enablerepo=cloudlinux-rollout-4-bypass