X

Corporate Security Blog

Intel security bulletins released on December 10, 2019

Eric Maurice
Director of Security Assurance

On December 10, 2019, Intel released a set of new security advisories.  Out of these new Intel vulnerabilities, Oracle products are affected by 1 of these newly-disclosed vulnerabilities: CVE-2019-14607 a.k.a. “Unexpected Page Fault in Virtualized Environment,” which has a CVSS Base Score of 5.3.

In its bulletin INTEL-SA-00317, Intel lists the microprocessors impacted by vulnerability CVE-2019-14607 and indicates that a microcode update is required. The Oracle X7 series and Oracle X8 series x86 servers use some of the affected Intel processors.

To obtain the required updates, Oracle recommends that:

  • Oracle x86 server customers refer to MOS Note 2608268.1 : "2019.2 Intel Platform Update : Firmware & Microcode patch availability"

  • Customers of Oracle Engineered Systems should refer to the specific patches for their engineered system.

  • No additional action is required for Oracle Cloud customers.

The other vulnerabilities discussed in today’s bulletin (including CVE-2019-11157 “Voltage Settings Modification Advisory” INTEL-SA-00289) do not affect Oracle systems.