Advisories » MGASA-2024-0302

Updated microcode packages fix security vulnerabilities

Publication date: 16 Sep 2024
Modification date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23984 , CVE-2024-24968

Description

Observable discrepancy in RAPL interface for some Intel® Processors may
allow a privileged user to potentially enable information disclosure via
local access. (CVE-2024-23984)
Improper finite state machines (FSMs) in hardware logic in some Intel®
Processors may allow an privileged user to potentially enable a denial
of service via local access. (CVE-2024-24968)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33560
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23984
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24968

SRPMS

9/nonfree

• microcode-0.20240910-1.mga9.nonfree