Advisories » MGASA-2023-0244

Updated microcode packages fix security vulnerability

Publication date: 26 Jul 2023
Modification date: 26 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-20593

Description

Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed).

This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based
CPUs will get their microcode update at a later time when Amd has fixed
and validated the microcodes, see the referenced Amd url that has info
about estimated timelines for various CPUs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32142
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593

SRPMS

8/nonfree

• microcode-0.20230613-2.mga8.nonfree