A vulnerability in the voltage regulation unit for some Intel scalable processors may allow a denial of service may allow a local privileged user to crash the system. The CVSSv3 score provided does by Intel does not match the above description and Red Hat would disagree this would be a DOS only under the provided score. The provided score suggests that data modification is possible but with limited information this can not be proven or disproved. A microcode update that addresses this issue will be released.
Acknowledgements: Red Hat thanks Intel for reporting this issue and collaborating on the mitigations.
Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov
Mitigation: As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.
Created microcode_ctl tracking bugs for this issue: Affects: fedora-all [bug 1771659]
External References: https://access.redhat.com/solutions/2019-microcode-nov https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html