Updated microcode packages fix security vulnerabilities
Publication date: 27 Nov 2024Modification date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21853 , CVE-2024-23918 , CVE-2024-21820
Description
Improper Finite State Machines (FSMs) in the Hardware logic in some 4th
and 5th Generation Intel® Xeon® Processors may allow an authorized user
to potentially enable denial of service via local access.
(CVE-2024-21853)
Improper conditions check in some Intel® Xeon® processor memory
controller configurations when using Intel® SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-23918)
Incorrect default permissions in some Intel® Xeon® processor memory
controller configurations when using Intel® SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-21820)
References
- https://bugs.mageia.org/show_bug.cgi?id=33770
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21820
SRPMS
9/nonfree
- microcode-0.20241112-1.mga9.nonfree