Debian LTS: DLA-3808-1: intel-microcode Security Advisory Updates
Summary
Intel has released microcode updates, addressing serveral vulnerabilties.
CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R)
Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow
a privileged user to potentially enable escalation of privilege via
local access.
CVE-2023-28746
Information exposure through microarchitectural state after
transient execution from some register files for some Intel(R)
Atom(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access.
CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts
in some Intel(R) Processors may allow an authorized user to
potentially enable information disclosure via local access.
CVE-2023-39368
Protection mechanism failure of bus lock regulator for some Intel(R)
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some
Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a
privileged user to potentially enable information disclosure via
local access.
For Debian 10 buster, these problems have been fixed in version
3.20240312.1~deb10u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS