Updated microcode packages fix security vulnerability
Publication date: 26 Jul 2023Modification date: 26 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-20593
Description
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed). This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based CPUs will get their microcode update at a later time when Amd has fixed and validated the microcodes, see the referenced Amd url that has info about estimated timelines for various CPUs.
References
SRPMS
8/nonfree
- microcode-0.20230613-2.mga8.nonfree