Advisories ยป MGASA-2023-0242

Updated kernel packages fix security vulnerability

Publication date: 26 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-20593


This kernel update is based on upstream 5.15.122 and fixes atleast
the following security issue:

Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed)

This update adds a kernel-side mitigation for this issue to protect users
until Amd gets their fixed microcode / AGESA updates out for all affected
CPUs. The fixed microcode for Amd EPYC gen2 is available in the
microcode-0.20230613-2.mga8.nonfree package. For other affected CPUs, see
the referenced url that has info about estimated microcode update
timelines for various CPUs.

For other upstream fixes in this update, see the referenced changelogs.