On December 10, 2019, Intel released a set of new security advisories. Out of these new Intel vulnerabilities, Oracle products are affected by 1 of these newly-disclosed vulnerabilities: CVE-2019-14607 a.k.a. “Unexpected Page Fault in Virtualized Environment,” which has a CVSS Base Score of 5.3.
In its bulletin INTEL-SA-00317, Intel lists the microprocessors impacted by vulnerability CVE-2019-14607 and indicates that a microcode update is required. The Oracle X7 series and Oracle X8 series x86 servers use some of the affected Intel processors.
To obtain the required updates, Oracle recommends that:
Oracle x86 server customers refer to MOS Note 2608268.1 : "2019.2 Intel Platform Update : Firmware & Microcode patch availability"
Customers of Oracle Engineered Systems should refer to the specific patches for their engineered system.
No additional action is required for Oracle Cloud customers.
The other vulnerabilities discussed in today’s bulletin (including CVE-2019-11157 “Voltage Settings Modification Advisory” INTEL-SA-00289) do not affect Oracle systems.