- ----------------------------------------------------------------------- Debian LTS Advisory DLA-3537-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 22, 2023 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : intel-microcode Version : 3.20230808.1~deb10u1 CVE ID : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908 Debian Bug : 1043305 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability which allows unprivileged speculative access to data which was previously stored in vector registers. For details please refer to https://downfall.page/ and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html. CVE-2022-41804 Unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon Processors which may allow a local user to potentially escalate privileges. CVE-2023-23908 Improper access control in some 3rd Generation Intel Xeon Scalable processors may result in an information leak. For Debian 10 buster, these problems have been fixed in version 3.20230808.1~deb10u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-3537-1: intel-microcode security update
August 22, 2023
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities
Summary
CVE-2022-40982
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
vulnerability which allows unprivileged speculative access to data
which was previously stored in vector registers.
For details please refer to https://downfall.page/ and
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html.
CVE-2022-41804
Unauthorized error injection in Intel SGX or Intel TDX for some
Intel Xeon Processors which may allow a local user to potentially
escalate privileges.
CVE-2023-23908
Improper access control in some 3rd Generation Intel Xeon Scalable
processors may result in an information leak.
For Debian 10 buster, these problems have been fixed in version
3.20230808.1~deb10u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : intel-microcode
Version : 3.20230808.1~deb10u1
CVE ID : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908
Debian Bug : 1043305
News
HOWTOs
Features
About Us
Powered By
