Updated microcode package fix security vulnerabilities
Publication date: 11 Sep 2024Modification date: 11 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-42667 , CVE-2023-49141 , CVE-2024-24853 , CVE-2024-24980 , CVE-2024-25939
Description
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache
mechanism may allow an authenticated user to potentially enable
escalation of privilege via local access. (CVE-2023-42667)
Improper isolation in some Intel(R) Processors stream cache mechanism
may allow an authenticated user to potentially enable escalation of
privilege via local access. (CVE-2023-49141)
Incorrect behavior order in transition between executive monitor and SMI
transfer monitor (STM) in some Intel(R) Processor may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-24853)
Protection mechanism failure in some 3rd, 4th, and 5th Generation
Intel(R) Xeon(R) Processors may allow a privileged user to potentially
enable escalation of privilege via local access. (CVE-2024-24980)
Mirrored regions with different values in 3rd Generation Intel(R)
Xeon(R) Scalable Processors may allow a privileged user to potentially
enable denial of service via local access. (CVE-2024-25939)
References
- https://bugs.mageia.org/show_bug.cgi?id=33511
- https://openwall.com/lists/oss-security/2024/08/16/3
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42667
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25939
SRPMS
9/nonfree
- microcode-0.20240813-1.mga9.nonfree