Updated microcode packages fix security vulnerabilities
Publication date: 23 Aug 2023Modification date: 23 Aug 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-40982 , CVE-2022-41804 , CVE-2023-20569 , CVE-2023-23908
Description
This update adds initial microcode updates for AMD and Intel CPUs for the
following security issues:
AMD:
A side channel vulnerability in some of the AMD CPUs may allow an attacker
to influence the return address prediction. This may result in speculative
execution at an attacker-controlled instruction pointer register,
potentially leading to information disclosure (CVE-2023-20569).
Intel:
Information exposure through microarchitectural state after transient
execution in certain vector execution units for some Intel(R) Processors
may allow an authenticated user to potentially enable information disclosure
via local access (CVE-2022-40982, INTEL-SA-00828).
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some
Intel(R) Xeon(R) Processors may allow a privileged user to potentially
enable escalation of privilege via local access (CVE-2022-41804,
INTEL-SA-00837).
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable
processors may allow a privileged user to potentially enable information
disclosure via local access (CVE-2023-23908, INTEL-SA-00836).
References
- https://bugs.mageia.org/show_bug.cgi?id=32167
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41804
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23908
SRPMS
8/nonfree
- microcode-0.20230808-2.mga8.nonfree