Updated microcode packages fix security vulnerabilities
Publication date: 17 Feb 2025Modification date: 18 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31068 , CVE-2024-36293 , CVE-2023-43758 , CVE-2024-39355 , CVE-2024-37020
Description
Improper Finite State Machines (FSMs) in Hardware Logic for some Intel®
Processors may allow privileged user to potentially enable denial of
service via local access. (CVE-2024-31068)
Improper access control in the EDECCSSA user leaf function for some
Intel® Processors with Intel® SGX may allow an authenticated user to
potentially enable denial of service via local access. (CVE-2024-36293)
Improper input validation in UEFI firmware for some Intel® processors
may allow a privileged user to potentially enable escalation of
privilege via local access. (CVE-2023-43758)
Improper handling of physical or environmental conditions in some Intel®
Processors may allow an authenticated user to enable denial of service
via local access. (CVE-2024-39355)
Sequence of processor instructions leads to unexpected behavior in the
Intel® DSA V1.0 for some Intel® Xeon® Processors may allow an
authenticated user to potentially enable denial of service via local
access. (CVE-2024-37020)
References
- https://bugs.mageia.org/show_bug.cgi?id=34020
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36293
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39355
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37020
SRPMS
9/nonfree
- microcode-0.20250211-1.mga9.nonfree